24h | 7d | 30d

Overview

  • protobufjs
  • protobuf.js

18 Apr 2026
Published
18 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
0.05%

KEV

Description

protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-41242 in protobuf.js (<7.5.5, 8.0.0-experimental <8.0.1) allows code injection via "type" fields — remote code execution possible. Upgrade to 7.5.5 or 8.0.1+ now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Cisco
  • Cisco Secure Firewall Management Center (FMC)

04 Mar 2026
Published
25 Mar 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.92%

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root&nbsp;on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
📢 Cisco corrige 4 failles critiques dans Webex Services et Identity Services Engine 📝 ## 🔐 Contexte Publié le 16 avril 2026 sur netcost-security.f… https://cyberveille.ch/posts/2026-04-19-cisco-corrige-4-failles-critiques-dans-webex-services-et-identity-services-engine/ #CVE_2026_20131 #Cyberveille
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • PHPEMS

19 Apr 2026
Published
19 Apr 2026
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
Pending

KEV

Description

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely. The exploit is now public and may be used.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture fallback

🚩 SSRF alert: CVE-2026-6573 in PHPEMS 11.0 (MEDIUM, CVSS 5.3) affects /app/exam/controller/exams.master.php via uploadfile argument. Exploit is public — review exposure! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • NetScaler
  • ADC

23 Mar 2026
Published
31 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
55.71%

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

Statistics

  • 1 Post
  • 7 Interactions

Last activity: 13 hours ago

Fediverse

Profile picture fallback

Useful explainer on the latest Citrix shenanigans, including verifying exposure and hunting/forensics recommendations

picussecurity.com/resource/blo

  • 3
  • 4
  • 0
  • 13h ago

Overview

  • NetScaler
  • ADC

23 Mar 2026
Published
24 Mar 2026
Updated

CVSS v4.0
HIGH (7.7)
EPSS
0.02%

KEV

Description

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

Statistics

  • 1 Post
  • 7 Interactions

Last activity: 13 hours ago

Fediverse

Profile picture fallback

Useful explainer on the latest Citrix shenanigans, including verifying exposure and hunting/forensics recommendations

picussecurity.com/resource/blo

  • 3
  • 4
  • 0
  • 13h ago

Overview

  • musl
  • libc

10 Apr 2026
Published
10 Apr 2026
Updated

CVSS v4.0
MEDIUM (4.8)
EPSS
0.01%

KEV

Description

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture fallback

Does anyone know how to report errors to https://db.gcve.eu/? Just their info@ mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).

Result:
CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). ​:neocat_glare:​ #CVE #GCVE

  • 0
  • 0
  • 0
  • 15h ago

Overview

  • musl-libc
  • musl

10 Apr 2026
Published
14 Apr 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.02%

KEV

Description

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).

Statistics

  • 1 Post

Last activity: 15 hours ago

Fediverse

Profile picture fallback

Does anyone know how to report errors to https://db.gcve.eu/? Just their info@ mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).

Result:
CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). ​:neocat_glare:​ #CVE #GCVE

  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Microsoft
  • Windows 10 Version 1607

14 Apr 2026
Published
17 Apr 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.06%

KEV

Description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture fallback
Microsoft、2026年4月の定例パッチを公開-CVE-2026-33824とCVE-2026-33827などの脆弱性を修正 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 4h ago
Showing 31 to 38 of 38 CVEs