Overview
Description
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.
Statistics
- 1 Post
Last activity: 10 hours ago
Overview
Description
Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Statistics
- 1 Post
Last activity: 1 hour ago
Fediverse
â ïž CVE-2026-2650: HIGH severity heap buffer overflow in Google Chrome before 145.0.7632.109. Remote attackers can exploit via malicious HTML for code execution. Patch ASAP! https://radar.offseq.com/threat/cve-2026-2650-heap-buffer-overflow-in-google-chrom-0bc72c99 #OffSeq #Chrome #Vuln #CVE20262650
Overview
Description
A vulnerability was identified in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The name of the patch is fd7271bae238ccb3ae8a71304ea64f0886324925. It is best practice to apply a patch to resolve this issue.
Statistics
- 1 Post
Last activity: 7 hours ago
Overview
Description
Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.
Statistics
- 1 Post
Last activity: 13 hours ago
Fediverse
RE: https://infosec.exchange/@beyondmachines1/116091996381907798
Mozilla publie des mises à jour de sécurité pour Firefox et Thunderbird
Mozilla a publié des mises à jour de sécurité pour Firefox et Thunderbird afin de corriger un débordement de mémoire tampon de grande gravité (CVE-2026-2447) dans la bibliothÚque libvpx qui permet l'exécution de code à distance par le biais d'un contenu vidéo malformé.
#cybersécurité #infosec #conseil #vulnérabilité
#cybersecurity #infosec #advisory #vulnerability
___
Overview
- qdonow
- WPNakama â Team and multi-Client Collaboration, Editorial and Project Management
18 Feb 2026
Published
18 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.08%
KEV
Description
The WPNakama â Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and including, 0.6.5. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Statistics
- 1 Post
Last activity: 18 hours ago
Fediverse
â ïž CVE-2026-2495: HIGH severity SQL Injection in WPNakama WordPress plugin (â€0.6.5) via REST API 'order' param. Unauthenticated attackers may access sensitive DB data. Patch or mitigate immediately! https://radar.offseq.com/threat/cve-2026-2495-cwe-89-improper-neutralization-of-sp-08e20fbb #OffSeq #WordPress #SQLInjection #CVE20262495
Overview
- Apache Software Foundation
- Apache Tomcat Native
17 Feb 2026
Published
17 Feb 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV
Description
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.
When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.
This issue affects Apache Tomcat Native:Â from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114.
The following versions were EOL at the time the CVE was created but are
known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39. Older EOL versions are not affected.
Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.
Apache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue.
Statistics
- 3 Posts
Last activity: 6 hours ago
Bluesky
Apache TomcatăźèćŒ±æ§(Moderate: CVE-2026-24734, Low: CVE-2026-24733)
#sios_tech #security #vulnerability #ă»ăă„ăȘă㣠#èćŒ±æ§ #linux #tomcat #mod_jk #apache
security.sios.jp/vulnerabilit...
Overview
- Apache Software Foundation
- Apache Tomcat
17 Feb 2026
Published
17 Feb 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV
Description
Improper Input Validation vulnerability in Apache Tomcat.
Tomcat did not limit HTTP/0.9 requests to the GET method. If a security
constraint was configured to allow HEAD requests to a URI but deny GET
requests, the user could bypass that constraint on GET requests by
sending a (specification invalid) HEAD request using HTTP/0.9.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112.
Older, EOL versions are also affected.
Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.
Statistics
- 3 Posts
Last activity: 6 hours ago
Bluesky
Apache TomcatăźèćŒ±æ§(Moderate: CVE-2026-24734, Low: CVE-2026-24733)
#sios_tech #security #vulnerability #ă»ăă„ăȘă㣠#èćŒ±æ§ #linux #tomcat #mod_jk #apache
security.sios.jp/vulnerabilit...
Overview
- Ivanti
- Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
29.29%
KEV
Description
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Statistics
- 1 Post
- 2 Interactions
Last activity: 21 hours ago
Fediverse
Was mussten meine mĂŒden Ohren heute bei der neuen #Podcastfolge von #heise #Security #passwort da hören?
Un-f*cking-believable!
Overview
- Microsoft
- Microsoft Edge (Chromium-based)
17 Feb 2026
Published
18 Feb 2026
Updated
CVSS v3.1
LOW (3.1)
EPSS
0.07%
KEV
Description
Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.
Statistics
- 2 Posts
- 1 Interaction
Last activity: 20 hours ago
Overview
- Red Hat
- Red Hat Enterprise Linux 10
- libxml2
15 Jan 2026
Published
15 Jan 2026
Updated
CVSS
Pending
EPSS
0.06%
KEV
Description
A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.
Statistics
- 1 Post
Last activity: 16 hours ago