24h | 7d | 30d

CVE-2026-41197

Overview

  • noir-lang
  • noir
23 Apr 2026
Published
23 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%
KEV

Description

Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in `BrilligBlock::compile_block()`. When the compiler encounters an `Instruction::Call` with a `Value::ForeignFunction` target, it invokes `codegen_call()` in `brillig_call/code_gen_call.rs`, which dispatches to `convert_ssa_foreign_call()`. Before emitting the foreign call opcode, the compiler must pre-allocate memory for any array results the call will return. This happens through `allocate_external_call_results()`, which iterates over the result types. For `Type::Array` results, it delegates to `allocate_foreign_call_result_array()` to recursively allocate memory on the heap for nested arrays. The `BrilligArray` struct is the internal representation of a Noir array in Brillig IR. Its `size` field represents the semi-flattened size, the total number of memory slots the array occupies, accounting for the fact that composite types like tuples consume multiple slots per element. This size is computed by `compute_array_length()` in `brillig_block_variables.rs`. For the outer array, `allocate_external_call_results()` correctly uses `define_variable()`, which internally calls `allocate_value_with_type()`. This function applies the formula above, producing the correct semi-flattened size. However, for nested arrays, `allocate_foreign_call_result_array()` contains a bug. The pattern `Type::Array(_, nested_size)` discards the inner types with `_` and uses only `nested_size`, the semantic length of the nested array (the number of logical elements), not the semi-flattened size. For simple element types this works correctly, but for composite element types it under-allocates. Foreign calls returning nested arrays of tuples or other composite types corrupt the Brillig VM heap. Version 1.0.0-beta.19 fixes this issue.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚩 CRITICAL: CVE-2026-41197 in noir-lang noir (<1.0.0-beta.19). Incorrect buffer allocation for nested arrays can corrupt Brillig VM heap. Memory safety risk! Upgrade to 1.0.0-beta.19+ ASAP. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-25775

Overview

  • SenseLive
  • X3050
24 Apr 2026
Published
24 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
Pending
KEV

Description

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🔍 CVE-2026-25775: SenseLive X3050 (V1.523) critical vuln — remote firmware updates possible without auth! Patch unavailable. Restrict access & monitor for unauthorized firmware actions. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-34415

Overview

  • thexerteproject
  • xerteonlinetoolkits
22 Apr 2026
Published
22 Apr 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.19%
KEV

Description

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authentication bypass and path traversal vulnerabilities to upload malicious PHP code, rename it with a .php4 extension, and execute arbitrary operating system commands on the server.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CRITICAL: xerteonlinetoolkits ≤3.15 has incomplete input validation in elFinder — .php4 files can be uploaded & executed, enabling unauth RCE. Restrict endpoint, monitor uploads, apply custom filters. Patch status unknown. CVE-2026-34415 radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-24061

Overview

  • GNU
  • Inetutils
21 Jan 2026
Published
25 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
87.01%
KEV

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture fallback
GreyNoise @greynoise

GreyNoise At The Edge — April 13–20, 2026. Four themes dominated activity on the GreyNoise sensor network this week — spanning reconnaissance, exploitation attempts, credential brute-forcing, and botnet recruitment.

1. A broad credential and configuration discovery campaign ran at ~6.2M sessions across hundreds of IPs — ENV files, .git/config, AWS metadata, path traversal, sensitive file access. The biggest real story, distributed rather than concentrated.

2. VNC scanning surged to the third-most-targeted port on the internet — port 5900 at 17.4M sessions. Not in prior briefs.

3. A new multi-cloud Masscan framework activated this week. Shared JA3 across a new Poland IP and an existing DigitalOcean Singapore cluster.

4. VPSVAULT IoT worm weaponized CVE-2025-54322 (Xspeeder SXZOS, CVSS 10.0). CVE-2026-24061 (GNU telnetd, CVSS 9.8, CISA KEV) also in payload.

Full Report: greynoise.io/resources/at-the-

  • 2
  • 1
  • 0
  • 8h ago

CVE-2025-54322

Overview

  • Xspeeder
  • SXZOS
27 Dec 2025
Published
29 Dec 2025
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.26%
KEV

Description

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used.

Statistics

  • 1 Post
  • 3 Interactions
Last activity: 8 hours ago

Fediverse

Profile picture fallback
GreyNoise @greynoise

GreyNoise At The Edge — April 13–20, 2026. Four themes dominated activity on the GreyNoise sensor network this week — spanning reconnaissance, exploitation attempts, credential brute-forcing, and botnet recruitment.

1. A broad credential and configuration discovery campaign ran at ~6.2M sessions across hundreds of IPs — ENV files, .git/config, AWS metadata, path traversal, sensitive file access. The biggest real story, distributed rather than concentrated.

2. VNC scanning surged to the third-most-targeted port on the internet — port 5900 at 17.4M sessions. Not in prior briefs.

3. A new multi-cloud Masscan framework activated this week. Shared JA3 across a new Poland IP and an existing DigitalOcean Singapore cluster.

4. VPSVAULT IoT worm weaponized CVE-2025-54322 (Xspeeder SXZOS, CVSS 10.0). CVE-2026-24061 (GNU telnetd, CVSS 9.8, CISA KEV) also in payload.

Full Report: greynoise.io/resources/at-the-

  • 2
  • 1
  • 0
  • 8h ago

CVE-2024-21887

Overview

  • Ivanti
  • ICS
12 Jan 2024
Published
21 Oct 2025
Updated
CVSS v3.0
CRITICAL (9.1)
EPSS
94.41%
KEV

Description

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Michael I Ransier @thecybermind

CVE-2023-46805 is actively exploited in Ivanti Connect Secure and Policy Secure gateways. When chained with CVE-2024-21887, attackers gain unauthenticated RCE and full VPN appliance compromise, posing critical enterprise perimeter risk.

Read the full threat brief:
thecybermind.co/i1n8

thecybermind.co/2026/04/23/iva

  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-29145

Overview

  • Apache Software Foundation
  • Apache Tomcat
09 Apr 2026
Published
10 Apr 2026
Updated
CVSS
Pending
EPSS
0.12%
KEV

Description

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13. Users are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #CyCognito includes "Emerging Threat: (CVE-2026-40372) ASP.NET Core Privilege Escalation via Signature Bypass" and "Emerging Threat: (CVE-2026-29145) Apache Tomcat Authentication Bypass". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • Last hour

CVE-2023-46805

Overview

  • Ivanti
  • ICS
12 Jan 2024
Published
21 Oct 2025
Updated
CVSS v3.0
HIGH (8.2)
EPSS
94.41%
KEV

Description

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Michael I Ransier @thecybermind

CVE-2023-46805 is actively exploited in Ivanti Connect Secure and Policy Secure gateways. When chained with CVE-2024-21887, attackers gain unauthenticated RCE and full VPN appliance compromise, posing critical enterprise perimeter risk.

Read the full threat brief:
thecybermind.co/i1n8

thecybermind.co/2026/04/23/iva

  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-41167

Overview

  • CyferShepard
  • Jellystat
22 Apr 2026
Published
23 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.08%
KEV

Description

Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user can inject arbitrary SQL via `POST /api/getUserDetails` and `POST /api/getLibrary`, enabling full read of any table in the database - including `app_config`, which stores the Jellystat admin credentials, the Jellyfin API key, and the Jellyfin host URL. Because the vulnerable call site dispatches via `node-postgres`'s simple query protocol (no parameter array is passed), stacked queries are allowed, which escalates the injection from data disclosure to arbitrary command execution on the PostgreSQL host via `COPY ... TO PROGRAM`. Under the role shipped by the project's `docker-compose.yml` (a PostgreSQL superuser), no additional privileges are required to reach the RCE primitive. Version 1.1.10 contains a fix.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Can Artuc @canartuc

Five critical self-hosted flaws landed April 20-22. Marimo pre-auth remote takeover (CVE-2026-39987, CVSS 9.3), exploited in 10 hours. Apache Airflow XCom. Spinnaker Echo. Jellystat SQL injection to takeover (CVE-2026-41167, 9.1). OpenVPN 2.7.2 fixed two. Three trace to injection. Across 14 compliant platforms I have architected, the audit finding is patch cadence, not availability. A 10-hour window makes quarterly cadence a breach timeline.

#CyberSecurity #SelfHosted #OpenSource #InfoSec

  • 0
  • 0
  • 0
  • 12h ago
Showing 31 to 39 of 39 CVEs