24h | 7d | 30d

CVE-2026-25710

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
Last activity: 14 hours ago

Bluesky

Profile picture fallback
Christine Hall @brideoflinux.bsky.social
The SUSE team finds security issues in Plasma's Login Manager and explain them here: plasma-login-manager: Weaknesses in plasmaloginauthhelper (CVE-2026-25710) buff.ly/r1Ys9k6
  • 0
  • 0
  • 1
  • 14h ago

CVE-2026-21515

Overview

  • Microsoft
  • Azure IOT Central
24 Apr 2026
Published
28 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.09%
KEV

Description

Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post
Last activity: 18 hours ago

Bluesky

Profile picture fallback
ケイ | 副業Webライター📖 @keiwork35.bsky.social
【脆弱性情報】 CVE-2026-21515 microsoftのazure iot centralの脆弱性について Azure IOT Central において、未承認の攻撃者に機密情報が露出する脆弱性があり、認可された攻撃者がネットワーク経由で権限を昇格できる可能性があります。
  • 0
  • 0
  • 0
  • 18h ago

CVE-2024-1708

Overview

  • ConnectWise
  • ScreenConnect
21 Feb 2024
Published
29 Apr 2026
Updated
CVSS v3.1
HIGH (8.4)
EPSS
81.62%
KEV

Description

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.

Statistics

  • 2 Posts
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Capstone Technologies Group @CapTechGroup

CISA's KEV catalog now includes CVE-2024-1708 and CVE-2024-1709 (ConnectWise ScreenConnect auth bypass + RCE chain) plus CVE-2026-32202 (Windows Shell). APT28 has been weaponizing these since December 2025. The...

captechgroup.com/about-us/thre

  • 0
  • 0
  • 0
  • 18h ago

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
CISAが既知の悪用された脆弱性2件をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Apr 28) CVE-2024-1708 ConnectWise ScreenConnect パストラバーサル脆弱性 CVE-2026-32202 Microsoft Windows保護メカニズムの不具合の脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 6h ago

CVE-2025-20362

Overview

  • Cisco
  • Cisco Secure Firewall Adaptive Security Appliance (ASA) Software
25 Sep 2025
Published
26 Feb 2026
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
46.92%
KEV

Description

Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions. Cisco strongly recommends that all customers upgrade to the fixed software releases that are listed in the Fixed Software ["#fs"] section of this advisory. A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
Cisco ASAおよびFTDにおける複数の脆弱性(CVE-2025-20333、CVE-2025-20362)に関する注意喚起 #JPCERTCC (Apr 27) www.jpcert.or.jp/at/2025/at25...
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-40372

Overview

  • Microsoft
  • ASP.NET Core 10.0
21 Apr 2026
Published
28 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.02%
KEV

Description

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #CyCognito includes "Emerging Threat: (CVE-2026-3854) #GitHub Enterprise Server RCE via Git Push Injection" and "Emerging Threat: (CVE-2026-40372) ASP.NET Core Privilege Escalation via Signature Bypass". #cybersecurity #AttackSurfaceManagement https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-42511

Overview

  • FreeBSD
  • FreeBSD
30 Apr 2026
Published
30 Apr 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to dhclient-script(8), which evaluates it. A rogue DHCP server may be able to execute arbirary code as root on a system running dhclient.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Graham Perrin @grahamperrin

4/

Three CVEs credited to Joshua Rogers of AISLE Research Team:

― CVE-2026-39457 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:16.libnv <security.freebsd.org/advisorie>

― CVE-2026-42511 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:12.dhclient <security.freebsd.org/advisorie>

― CVE-2026-42512 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:15.dhclient <security.freebsd.org/advisorie>

<aisle.com/about-us>

  • 0
  • 1
  • 0
  • 2h ago

CVE-2026-42512

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Graham Perrin @grahamperrin

4/

Three CVEs credited to Joshua Rogers of AISLE Research Team:

― CVE-2026-39457 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:16.libnv <security.freebsd.org/advisorie>

― CVE-2026-42511 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:12.dhclient <security.freebsd.org/advisorie>

― CVE-2026-42512 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:15.dhclient <security.freebsd.org/advisorie>

<aisle.com/about-us>

  • 0
  • 1
  • 0
  • 2h ago

CVE-2026-39457

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Graham Perrin @grahamperrin

4/

Three CVEs credited to Joshua Rogers of AISLE Research Team:

― CVE-2026-39457 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:16.libnv <security.freebsd.org/advisorie>

― CVE-2026-42511 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:12.dhclient <security.freebsd.org/advisorie>

― CVE-2026-42512 <cve.org/CVERecord?id=CVE-2026-> FreeBSD-SA-26:15.dhclient <security.freebsd.org/advisorie>

<aisle.com/about-us>

  • 0
  • 1
  • 0
  • 2h ago

CVE-2026-40200

Overview

  • musl-libc
  • musl
10 Apr 2026
Published
14 Apr 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.02%
KEV

Description

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Fiona @airtower

@adulau@infosec.exchange @gcve@social.circl.lu For context: #Buildroot has tools to list known vulnerabilities for packages, currently based on NVD data (via https://github.com/fkie-cad/nvd-json-data-feeds).

I noticed it's missing a bunch of vulnerabilities (e.g. CVE-2026-40200, CVE-2026-6042 in musl libc) because the NVD data is missing CPE match information. At the time the CVEs were listed as "Awaiting Analysis", now "Deferred", so I assume it's not going to be added any time soon, if ever (generally the CPE match is present for vulnerabilities in "Analyzed" status). Looking at the GCVE listings was an attempt to find another, hopefully better, source, because an automated check that misses so many vulnerabilities is not going to be very useful.

Today @Bubu@chaos.social pointed me at a similar example: CVE-2025-6020 (note the year), a "high" level vulnerability in linux-pam, which is also marked as "Deferred" in NVD. So we really could use a better source.

We'd need one we can download (rather than query individual packages one by one) without excessive load, but solving that is another matter, first we need a suitable source at all.

  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-6042

Overview

  • musl
  • libc
10 Apr 2026
Published
10 Apr 2026
Updated
CVSS v4.0
MEDIUM (4.8)
EPSS
0.01%
KEV

Description

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Fiona @airtower

@adulau@infosec.exchange @gcve@social.circl.lu For context: #Buildroot has tools to list known vulnerabilities for packages, currently based on NVD data (via https://github.com/fkie-cad/nvd-json-data-feeds).

I noticed it's missing a bunch of vulnerabilities (e.g. CVE-2026-40200, CVE-2026-6042 in musl libc) because the NVD data is missing CPE match information. At the time the CVEs were listed as "Awaiting Analysis", now "Deferred", so I assume it's not going to be added any time soon, if ever (generally the CPE match is present for vulnerabilities in "Analyzed" status). Looking at the GCVE listings was an attempt to find another, hopefully better, source, because an automated check that misses so many vulnerabilities is not going to be very useful.

Today @Bubu@chaos.social pointed me at a similar example: CVE-2025-6020 (note the year), a "high" level vulnerability in linux-pam, which is also marked as "Deferred" in NVD. So we really could use a better source.

We'd need one we can download (rather than query individual packages one by one) without excessive load, but solving that is another matter, first we need a suitable source at all.

  • 0
  • 0
  • 0
  • 13h ago
Showing 31 to 40 of 42 CVEs