24h | 7d | 30d

CVE-2026-4224

Overview

  • Python Software Foundation
  • CPython
16 Mar 2026
Published
16 Mar 2026
Updated
CVSS v4.0
MEDIUM (6.0)
EPSS
0.02%
KEV

Description

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
šŸšØ New MEDIUM CVE detected in AWS Lambda šŸšØ CVE-2026-4224 impacts python in 7 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/456 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-32729

Overview

  • runtipi
  • runtipi
13 Mar 2026
Published
16 Mar 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.06%
KEV

Description

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials (via phishing, credential stuffing, or data breach) can brute-force the 6-digit TOTP code to completely bypass two-factor authentication. The TOTP verification session persists for 24 hours (default cache TTL), providing an excessive window during which the full 1,000,000-code keyspace (000000ā€“999999) can be exhausted. At practical request rates (~500 req/s), the attack completes in approximately 33 minutes in the worst case. This vulnerability is fixed in 4.8.1.

Statistics

  • 1 Post
Last activity: 20 hours ago

Bluesky

Profile picture fallback
SecQube | Harvey | AI Platform for MS Graph @secqube.com
CVE-2026-32729 - Runtipi has a TOTP two-factor authentication bypass via unrestricted brute-force on `/api/auth/verify-totp` scq.ms/47jXI7B
  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-4415

Overview

  • GIGABYTE
  • Gigabyte Control Center
30 Mar 2026
Published
31 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.37%
KEV

Description

Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Michael I Ransier @thecybermind

INTEL ALERT] CVE-2026-4425 is live. Is your GIGABYTE Control Center (GCC) acting as a backdoor for digital decay? Iā€™m breaking down the forensic evidence and showing you how to harden your precinct. Don't let unpatched utilities breach your perimeter.

Read the full brief at The Cyber Mind Co.

thecybermind.co/2026/04/02/gig

  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-4425

Overview

  • Pending
Pending
Published
30 Mar 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Reserved for EastLink case, but no need for CVE anymore

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Michael I Ransier @thecybermind

INTEL ALERT] CVE-2026-4425 is live. Is your GIGABYTE Control Center (GCC) acting as a backdoor for digital decay? Iā€™m breaking down the forensic evidence and showing you how to harden your precinct. Don't let unpatched utilities breach your perimeter.

Read the full brief at The Cyber Mind Co.

thecybermind.co/2026/04/02/gig

  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-35388

Overview

  • OpenBSD
  • OpenSSH
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
LOW (2.5)
EPSS
Pending
KEV

Description

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
cR0w šŸ“ā€ā˜ ļøšŸ«ˆšŸ« @cR0w

Anyone have time to look through the vuln fixes for OpenSSH today? I haven't yet because I'm trying not to care about it but there are at least four CVEs apparently.

openssh.org/txt/release-10.3

CVE-2026-35385
CVE-2026-35386
CVE-2026-35387
CVE-2026-35388

  • 4
  • 4
  • 0
  • 7h ago

CVE-2026-35385

Overview

  • OpenBSD
  • OpenSSH
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
cR0w šŸ“ā€ā˜ ļøšŸ«ˆšŸ« @cR0w

Anyone have time to look through the vuln fixes for OpenSSH today? I haven't yet because I'm trying not to care about it but there are at least four CVEs apparently.

openssh.org/txt/release-10.3

CVE-2026-35385
CVE-2026-35386
CVE-2026-35387
CVE-2026-35388

  • 4
  • 4
  • 0
  • 7h ago

CVE-2026-35387

Overview

  • OpenBSD
  • OpenSSH
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
LOW (3.1)
EPSS
Pending
KEV

Description

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
cR0w šŸ“ā€ā˜ ļøšŸ«ˆšŸ« @cR0w

Anyone have time to look through the vuln fixes for OpenSSH today? I haven't yet because I'm trying not to care about it but there are at least four CVEs apparently.

openssh.org/txt/release-10.3

CVE-2026-35385
CVE-2026-35386
CVE-2026-35387
CVE-2026-35388

  • 4
  • 4
  • 0
  • 7h ago

CVE-2026-35386

Overview

  • OpenBSD
  • OpenSSH
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
LOW (3.6)
EPSS
Pending
KEV

Description

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 7 hours ago

Fediverse

Profile picture fallback
cR0w šŸ“ā€ā˜ ļøšŸ«ˆšŸ« @cR0w

Anyone have time to look through the vuln fixes for OpenSSH today? I haven't yet because I'm trying not to care about it but there are at least four CVEs apparently.

openssh.org/txt/release-10.3

CVE-2026-35385
CVE-2026-35386
CVE-2026-35387
CVE-2026-35388

  • 4
  • 4
  • 0
  • 7h ago

CVE-2026-33613

Overview

  • MB connect line
  • mbCONNECT24
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
HIGH (7.2)
EPSS
0.12%
KEV

Description

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-030
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.
CVE-2026-33615, CVE-2026-33616, CVE-2026-33614, CVE-2026-33613, CVE-2026-33617

certvde.com/en/advisories/vde-

mbconnectline.csaf-tp.certvde.

  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-33614

Overview

  • MB connect line
  • mbCONNECT24
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.05%
KEV

Description

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-030
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.
CVE-2026-33615, CVE-2026-33616, CVE-2026-33614, CVE-2026-33613, CVE-2026-33617

certvde.com/en/advisories/vde-

mbconnectline.csaf-tp.certvde.

  • 0
  • 0
  • 0
  • 16h ago
Showing 31 to 40 of 43 CVEs