24h | 7d | 30d

CVE-2026-2191

Overview

  • Tenda
  • AC9
08 Feb 2026
Published
08 Feb 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
0.04%
KEV

Description

A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🔥 HIGH-severity: CVE-2026-2191 in Tenda AC9 (v15.03.06.42_multi) enables remote, unauthenticated code execution via stack overflow. Public exploit out — segment networks & disable remote admin. No patch yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-47273

Overview

  • pypa
  • setuptools
17 May 2025
Published
28 May 2025
Updated
CVSS v4.0
HIGH (7.7)
EPSS
0.18%
KEV

Description

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Security Advisory: Multiple critical vulnerabilities identified in #Python pip package manager (CVE-2025-47273+, USN-8010-1). Affects #Ubuntu LTS releases 16.04-20.04. Read more: 👉 tinyurl.com/2tv2pe3n #Security
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-24737

Overview

  • parallax
  • jsPDF
02 Feb 2026
Published
03 Feb 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.01%
KEV

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. The vulnerability has been fixed in jsPDF@4.1.0.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
jsPDFにPDF注入とDoSの高リスクの脆弱性、緊急アップデート呼びかけ(CVE-2026-24737,CVE-2026-24133) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-20119

Overview

  • Cisco
  • Cisco RoomOS Software
04 Feb 2026
Published
04 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.08%
KEV

Description

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of input received by an affected device. An attacker could exploit this vulnerability by getting the affected device to render crafted text, for example, a crafted meeting invitation. As indicated in the CVSS score, no user interaction is required, such as accepting the meeting invitation. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
シスコとF5が深刻度の高い脆弱性を複数件修正(CVE-2026-20119、CVE-2026-22548他) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43806/
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-24133

Overview

  • parallax
  • jsPDF
02 Feb 2026
Published
03 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.02%
KEV

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in jsPDF@4.1.0.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
jsPDFにPDF注入とDoSの高リスクの脆弱性、緊急アップデート呼びかけ(CVE-2026-24737,CVE-2026-24133) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-1862

Overview

  • Google
  • Chrome
03 Feb 2026
Published
04 Feb 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
URGENT: #Fedora 43 Chromium update patches critical RCE flaws: heap overflow in libvpx (CVE-2026-1861) and type confusion in V8 (CVE-2026-1862). Exploitable via crafted HTML. Read more: 👉 tinyurl.com/5j2hba73 #Security
  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-22548

Overview

  • F5
  • BIG-IP
04 Feb 2026
Published
04 Feb 2026
Updated
CVSS v3.1
MEDIUM (5.9)
EPSS
0.06%
KEV

Description

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
シスコとF5が深刻度の高い脆弱性を複数件修正(CVE-2026-20119、CVE-2026-22548他) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43806/
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-22903

Overview

  • WAGO
  • 0852-1322
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.43%
KEV

Description

An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-22905

Overview

  • WAGO
  • 0852-1322
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.10%
KEV

Description

An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 6h ago
Showing 31 to 39 of 39 CVEs