CVE-2026-6379

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post

Last activity: 20 hours ago

Bluesky

Undercode Testing @undercode.bsky.social

Critical CVE-2026-6379: Unauthenticated SQL Injection in WP Photo Album Plus WordPress Plugin – Update Immediately！ + Video Introduction: A newly disclosed high-severity security vulnerability, tracked as CVE-2026-6379, exposes over 100,000 WordPress websites to risk. The flaw resides in the WP…

0
0
0
20h ago

CVE-2026-2026

Overview

Tenable
Agent

13 Feb 2026

Published

13 Feb 2026

Updated

CVSS v4.0

MEDIUM (5.4)

EPSS

0.01%

MITRE

KEV

Description

A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.

Statistics

1 Post
5 Interactions

Last activity: 10 hours ago

Fediverse

B̷̻̠͊͛̀̽e̷͈̪̮̙͋͌̈́n̵̢̲̥̳̔ :rebel: :donor: :verified_paw: :verified_paw: @aircooledcafe

@Edent In theory yes, if they load one of the vulnerable kernel modules then you could achieve root on them with a compatible exploit.
The vulnerable module in the initial CopyFail exploit was AF_ALG.

There is a good summary of the vulnerable modules for the second two disclosed this week here, there are more, in this post on @ifin
https://discourse.ifin.network/t/cve-2026-43284-cve-2026-2026-43500-new-copyfail-variants-dirtyfrag/395

4
1
0
10h ago

CVE-2022-38369

Overview

Apache Software Foundation
Apache IoTDB

05 Sep 2022

Published

03 Aug 2024

Updated

CVSS

Pending

EPSS

1.87%

MITRE

KEV

Description

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.

Statistics

1 Post
1 Interaction

Last activity: 5 hours ago

Fediverse

nyanbinary @nyanbinary

ahaha, I wasn't too dumb to use tz-aware datetime objects, CVE-2022-38370 & CVE-2022-38369 just don't define a TZ in the dateReserved & datePublished field :blobcatupsidedown:

0
1
0
5h ago

CVE-2022-38370

Overview

Apache Software Foundation
Apache IoTDB

05 Sep 2022

Published

03 Aug 2024

Updated

CVSS

Pending

EPSS

0.92%

MITRE

KEV

Description

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue.

Statistics

1 Post
1 Interaction

Last activity: 5 hours ago

Fediverse

nyanbinary @nyanbinary

ahaha, I wasn't too dumb to use tz-aware datetime objects, CVE-2022-38370 & CVE-2022-38369 just don't define a TZ in the dateReserved & datePublished field :blobcatupsidedown:

0
1
0
5h ago

CVE-2026-43505

Overview

Prosody
Prosody

01 May 2026

Published

01 May 2026

Updated

CVSS v3.1

MEDIUM (6.5)

EPSS

0.06%

MITRE

KEV

Description

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur.

Statistics

1 Post
6 Interactions

Last activity: 10 hours ago

Fediverse

Debacle @debacle

Upgrade time!

Package: #prosody
#CVE ID: CVE-2026-43504 CVE-2026-43505 CVE-2026-43506 CVE-2026-43507

Multiple security issues were found in Prosody, a lightweight #Jabber/#XMPP server, which could result in denial of service or insufficient access control when using the SOCKS5 proxy module.

https://lists.debian.org/debian-security-announce/2026/msg00163.html

#Debian #security #DSA #DoS

3
3
0
10h ago

CVE-2026-43504

Overview

Prosody
Prosody

01 May 2026

Published

01 May 2026

Updated

CVSS v3.1

MEDIUM (6.5)

EPSS

0.02%

MITRE

KEV

Description

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in a paused scenario, relaying of unauthenticated traffic can occur.

Statistics

1 Post
6 Interactions

Last activity: 10 hours ago

Fediverse

Debacle @debacle

Upgrade time!

Package: #prosody
#CVE ID: CVE-2026-43504 CVE-2026-43505 CVE-2026-43506 CVE-2026-43507

Multiple security issues were found in Prosody, a lightweight #Jabber/#XMPP server, which could result in denial of service or insufficient access control when using the SOCKS5 proxy module.

https://lists.debian.org/debian-security-announce/2026/msg00163.html

#Debian #security #DSA #DoS

3
3
0
10h ago

CVE-2026-43506

Overview

Prosody
Prosody

01 May 2026

Published

01 May 2026

Updated

CVSS v3.1

MEDIUM (5.3)

EPSS

0.06%

MITRE

KEV

Description

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from unauthenticated connections.

Statistics

1 Post
6 Interactions

Last activity: 10 hours ago

Fediverse

Debacle @debacle

Upgrade time!

Package: #prosody
#CVE ID: CVE-2026-43504 CVE-2026-43505 CVE-2026-43506 CVE-2026-43507

Multiple security issues were found in Prosody, a lightweight #Jabber/#XMPP server, which could result in denial of service or insufficient access control when using the SOCKS5 proxy module.

https://lists.debian.org/debian-security-announce/2026/msg00163.html

#Debian #security #DSA #DoS

3
3
0
10h ago

CVE-2026-43507

Overview

Prosody
Prosody

01 May 2026

Published

01 May 2026

Updated

CVSS v3.1

MEDIUM (5.3)

EPSS

0.07%

MITRE

KEV

Description

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections.

Statistics

1 Post
6 Interactions

Last activity: 10 hours ago

Fediverse

Debacle @debacle

Upgrade time!

Package: #prosody
#CVE ID: CVE-2026-43504 CVE-2026-43505 CVE-2026-43506 CVE-2026-43507

Multiple security issues were found in Prosody, a lightweight #Jabber/#XMPP server, which could result in denial of service or insufficient access control when using the SOCKS5 proxy module.

https://lists.debian.org/debian-security-announce/2026/msg00163.html

#Debian #security #DSA #DoS

3
3
0
10h ago

CVE-2026-29202

Overview

WebPros
cPanel

08 May 2026

Published

09 May 2026

Updated

CVSS

Pending

EPSS

0.10%

MITRE

KEV

Description

Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user.

Statistics

1 Post

Last activity: 8 hours ago

Fediverse

:mastodon: decio @decio

Spoiler de l'épisode de hier : cPanel a bien livré les détails techniques en même temps que les patchs.
Au menu de l'after :

• CVE-2026-29201 : path traversal :8bitrainbow: via feature::LOADFEATUREFILE → fichier arbitraire en world-readable
• CVE-2026-29202 : injection Perl dans create_user (paramètre plugin)
• CVE-2026-29203 : symlink mal géré → chmod arbitraire → DoS + escalade de privilèges

/scripts/upcp et go apero!
Bon courage aux admins de garde 🫡

https://docs.cpanel.net/changelogs/134-change-log/#134025

https://vulnerability.circl.lu/vuln/CVE-2026-29203

#CyberVeille #cpanel #CVE_2026_29203
#CVE_2026_29202
#CVE_2026_29201

0
0
0
8h ago

CVE-2026-29201

Overview

WebPros
cPanel

08 May 2026

Published

08 May 2026

Updated

CVSS

Pending

EPSS

0.04%

MITRE

KEV

Description

Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.

Statistics

1 Post

Last activity: 8 hours ago

Fediverse

:mastodon: decio @decio

Spoiler de l'épisode de hier : cPanel a bien livré les détails techniques en même temps que les patchs.
Au menu de l'after :

• CVE-2026-29201 : path traversal :8bitrainbow: via feature::LOADFEATUREFILE → fichier arbitraire en world-readable
• CVE-2026-29202 : injection Perl dans create_user (paramètre plugin)
• CVE-2026-29203 : symlink mal géré → chmod arbitraire → DoS + escalade de privilèges

/scripts/upcp et go apero!
Bon courage aux admins de garde 🫡

https://docs.cpanel.net/changelogs/134-change-log/#134025

https://vulnerability.circl.lu/vuln/CVE-2026-29203

#CyberVeille #cpanel #CVE_2026_29203
#CVE_2026_29202
#CVE_2026_29201

0
0
0
8h ago