24h | 7d | 30d

CVE-2025-20362

Overview

  • Cisco
  • Cisco Secure Firewall Adaptive Security Appliance (ASA) Software
25 Sep 2025
Published
26 Feb 2026
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
46.92%
KEV

Description

Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions. Cisco strongly recommends that all customers upgrade to the fixed software releases that are listed in the Fixed Software ["#fs"] section of this advisory. A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
Cisco ASAおよびFTDにおける複数の脆弱性(CVE-2025-20333、CVE-2025-20362)に関する注意喚起 #JPCERTCC (Apr 27) www.jpcert.or.jp/at/2025/at25...
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-40372

Overview

  • Microsoft
  • ASP.NET Core 10.0
21 Apr 2026
Published
28 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.02%
KEV

Description

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #CyCognito includes "Emerging Threat: (CVE-2026-3854) #GitHub Enterprise Server RCE via Git Push Injection" and "Emerging Threat: (CVE-2026-40372) ASP.NET Core Privilege Escalation via Signature Bypass". #cybersecurity #AttackSurfaceManagement https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 9h ago

CVE-2024-1708

Overview

  • ConnectWise
  • ScreenConnect
21 Feb 2024
Published
29 Apr 2026
Updated
CVSS v3.1
HIGH (8.4)
EPSS
81.62%
KEV

Description

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
CISAが既知の悪用された脆弱性2件をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Apr 28) CVE-2024-1708 ConnectWise ScreenConnect パストラバーサル脆弱性 CVE-2026-32202 Microsoft Windows保護メカニズムの不具合の脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-42511

Overview

  • FreeBSD
  • FreeBSD
30 Apr 2026
Published
30 Apr 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to dhclient-script(8), which evaluates it. A rogue DHCP server may be able to execute arbirary code as root on a system running dhclient.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Graham Perrin @grahamperrin

4/

Three CVEs credited to Joshua Rogers of AISLE Research Team:

― CVE-2026-39457 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:16.libnv <security.freebsd.org/advisorie>

― CVE-2026-42511 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:12.dhclient <security.freebsd.org/advisorie>

― CVE-2026-42512 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:15.dhclient <security.freebsd.org/advisorie>

<aisle.com/about-us>

  • 0
  • 1
  • 0
  • 9h ago

CVE-2026-42512

Overview

  • FreeBSD
  • FreeBSD
30 Apr 2026
Published
30 Apr 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer overrun. A specially crafted packet can cause dhclient to overrun its buffer of environment entries. This can result in a crash, but it may be possible to leverage this bug to achieve remote code execution.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Graham Perrin @grahamperrin

4/

Three CVEs credited to Joshua Rogers of AISLE Research Team:

― CVE-2026-39457 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:16.libnv <security.freebsd.org/advisorie>

― CVE-2026-42511 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:12.dhclient <security.freebsd.org/advisorie>

― CVE-2026-42512 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:15.dhclient <security.freebsd.org/advisorie>

<aisle.com/about-us>

  • 0
  • 1
  • 0
  • 9h ago

CVE-2026-39457

Overview

  • FreeBSD
  • FreeBSD
30 Apr 2026
Published
30 Apr 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

When exchanging data over a socket, libnv uses select(2) to wait for data to arrive. However, it does not verify whether the provided socket descriptor fits in select(2)'s file descriptor set size limit of FD_SETSIZE (1024). An attacker who is able to force a libnv application to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, can trigger stack corruption. If the target application is setuid-root, then this could be used to elevate local privileges.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Graham Perrin @grahamperrin

4/

Three CVEs credited to Joshua Rogers of AISLE Research Team:

― CVE-2026-39457 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:16.libnv <security.freebsd.org/advisorie>

― CVE-2026-42511 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:12.dhclient <security.freebsd.org/advisorie>

― CVE-2026-42512 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:15.dhclient <security.freebsd.org/advisorie>

<aisle.com/about-us>

  • 0
  • 1
  • 0
  • 9h ago

CVE-2026-40200

Overview

  • musl-libc
  • musl
10 Apr 2026
Published
14 Apr 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.02%
KEV

Description

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
Fiona @airtower

@adulau@infosec.exchange @gcve@social.circl.lu For context: #Buildroot has tools to list known vulnerabilities for packages, currently based on NVD data (via https://github.com/fkie-cad/nvd-json-data-feeds).

I noticed it's missing a bunch of vulnerabilities (e.g. CVE-2026-40200, CVE-2026-6042 in musl libc) because the NVD data is missing CPE match information. At the time the CVEs were listed as "Awaiting Analysis", now "Deferred", so I assume it's not going to be added any time soon, if ever (generally the CPE match is present for vulnerabilities in "Analyzed" status). Looking at the GCVE listings was an attempt to find another, hopefully better, source, because an automated check that misses so many vulnerabilities is not going to be very useful.

Today @Bubu@chaos.social pointed me at a similar example: CVE-2025-6020 (note the year), a "high" level vulnerability in linux-pam, which is also marked as "Deferred" in NVD. So we really could use a better source.

We'd need one we can download (rather than query individual packages one by one) without excessive load, but solving that is another matter, first we need a suitable source at all.

  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-24487

Overview

  • openemr
  • openemr
25 Feb 2026
Published
26 Feb 2026
Updated
CVSS v4.0
MEDIUM (5.7)
EPSS
0.09%
KEV

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access care team data for all patients instead of being restricted to only the authenticated patient's data. This could potentially lead to unauthorized disclosure of Protected Health Information (PHI), including patient-provider relationships and care team structures across the entire system. The issue occurs because the `FhirCareTeamService` does not implement the `IPatientCompartmentResourceService` interface and does not pass the patient binding parameter to the underlying service, bypassing the patient compartment filtering mechanism. Version 8.0.0 contains a patch for this issue.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Capstone Technologies Group @CapTechGroup

OpenEMR vulnerability analysis: AI uncovered 38 flaws including CVE-2026-23627 (immunization module SQL injection), CVE-2026-24487 (FHIR CareTeam broken authorization), and CVE-2026-24908 (Patient REST API database takeover)....

captechgroup.com/about-us/thre

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-24908

Overview

  • openemr
  • openemr
25 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.00%
KEV

Description

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arbitrary SQL queries through the `_sort` parameter. This could potentially lead to database access, PHI (Protected Health Information) exposure, and credential compromise. The issue occurs when user-supplied sort field names are used in ORDER BY clauses without proper validation or identifier escaping. Version 8.0.0 fixes the issue.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Capstone Technologies Group @CapTechGroup

OpenEMR vulnerability analysis: AI uncovered 38 flaws including CVE-2026-23627 (immunization module SQL injection), CVE-2026-24487 (FHIR CareTeam broken authorization), and CVE-2026-24908 (Patient REST API database takeover)....

captechgroup.com/about-us/thre

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-6042

Overview

  • musl
  • libc
10 Apr 2026
Published
10 Apr 2026
Updated
CVSS v4.0
MEDIUM (4.8)
EPSS
0.01%
KEV

Description

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
Fiona @airtower

@adulau@infosec.exchange @gcve@social.circl.lu For context: #Buildroot has tools to list known vulnerabilities for packages, currently based on NVD data (via https://github.com/fkie-cad/nvd-json-data-feeds).

I noticed it's missing a bunch of vulnerabilities (e.g. CVE-2026-40200, CVE-2026-6042 in musl libc) because the NVD data is missing CPE match information. At the time the CVEs were listed as "Awaiting Analysis", now "Deferred", so I assume it's not going to be added any time soon, if ever (generally the CPE match is present for vulnerabilities in "Analyzed" status). Looking at the GCVE listings was an attempt to find another, hopefully better, source, because an automated check that misses so many vulnerabilities is not going to be very useful.

Today @Bubu@chaos.social pointed me at a similar example: CVE-2025-6020 (note the year), a "high" level vulnerability in linux-pam, which is also marked as "Deferred" in NVD. So we really could use a better source.

We'd need one we can download (rather than query individual packages one by one) without excessive load, but solving that is another matter, first we need a suitable source at all.

  • 0
  • 0
  • 0
  • 20h ago
Showing 31 to 40 of 45 CVEs