24h | 7d | 30d

Overview

  • Pip maintainers
  • pip
  • pip

27 Apr 2026
Published
27 Apr 2026
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.02%

KEV

Description

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2026-6357 impacts pip in 6 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/489 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
CVE-2026-39511: How Kills – Unauthenticated SQL Injection in 10K WordPress Sites + Video Introduction: A seemingly harmless call to `stripslashes()` after `prepare()` can completely neutralize SQL injection defenses. In CVE-2026-39511, a WordPress plugin with 10,000 active installations fell…
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Microsoft
  • Windows 10 Version 1507

08 Jul 2025
Published
13 Feb 2026
Updated

CVSS v3.1
MEDIUM (6.8)
EPSS
0.46%

KEV

Description

Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
Bypassing Bitlocker under 5 min using downgrade attack on CVE-2025-48804
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • isaacs
  • node-tar

16 Jan 2026
Published
20 Jan 2026
Updated

CVSS v4.0
HIGH (8.2)
EPSS
0.01%

KEV

Description

node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2026-23745 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/379 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • ci4-cms-erp
  • ci4ms

07 May 2026
Published
07 May 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
0.42%

KEV

Description

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the theme create permission to write files to arbitrary filesystem locations (Zip Slip) and achieve remote code execution by dropping a PHP file under the public web root. This issue has been patched in version 0.31.5.0.

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-41203 in ci4ms (<0.31.5.0) allows authenticated users to exploit a path traversal bug and write files anywhere — including web root — for potential RCE. Patch to 0.31.5.0 ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • cross-spawn

08 Nov 2024
Published
20 May 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.07%

KEV

Description

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2024-21538 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/214 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • axios
  • axios

24 Apr 2026
Published
24 Apr 2026
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
0.05%

KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, for stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 (native http/https transport path). Oversized streamed uploads are sent fully even when the caller sets strict body limits. This vulnerability is fixed in 1.15.1 and 0.31.1.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2026-42034 impacts axios in 3 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/493 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • axios
  • axios

24 Apr 2026
Published
24 Apr 2026
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
0.05%

KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength. This bypasses configured response-size limits and allows unbounded downstream consumption. This vulnerability is fixed in 1.15.1 and 0.31.1.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2026-42036 impacts axios in 3 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/494 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Spring
  • Spring Cloud Config

07 May 2026
Published
07 May 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.01%

KEV

Description

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to 5.0.3 or greater.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 4 hours ago

Bluesky

Profile picture fallback
~Cybergcca~ CCCS issued 5 advisories, highlighting critical updates for Spring, VM2, VMware, and an actively exploited Ivanti EPMM flaw. - IOCs: CVE-2026-6973, CVE-2026-40981 - #Ivanti #ThreatIntel #Vulnerability
  • 1
  • 0
  • 0
  • 4h ago

Overview

  • Cisco
  • Cisco Secure Firewall Adaptive Security Appliance (ASA) Software

25 Sep 2025
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
25.14%

Description

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
Vulnerabilità Cisco ASA: la minaccia di exploit pre-auth RCE è vicina 📌 Link all'articolo : www.redhotcyber.com/post/vulnera... A cura di Manuel Pomarè #redhotcyber #news #cybersecurity #hacking #ciscoasa #exploit #rce #sicurezzainformatica #cve202520362 #cve202520333 #infosecurity
  • 0
  • 0
  • 0
  • 15h ago
Showing 31 to 40 of 106 CVEs