Overview
- Wireshark Foundation
- Wireshark
14 Jan 2026
Published
14 Jan 2026
Updated
CVSS v3.1
MEDIUM (5.3)
EPSS
0.02%
KEV
Description
SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
Statistics
- 1 Post
Last activity: 22 hours ago
Bluesky
Security Advisory: Wireshark 4.6.3 Update
The #Wireshark Foundation and Red Hat have coordinated the release of version 4.6.3, addressing four medium-severity denial of service vulnerabilities (CVE-2026-0959 through CVE-2026-0962). Read more: π tinyurl.com/mr26aymp #Fedora
Overview
- VMware vCenter Server
18 Jun 2024
Published
24 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
49.77%
KEV
Description
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Statistics
- 1 Post
Last activity: 3 hours ago
Fediverse
As it is public now* I'm able to talk about it.
Check your VMware infrastructure. CVE-2024-37079 is known to have been exploited in the wild.
> UPDATE: Broadcom has information to suggest that exploitation of CVE-2024-37079 has occurred in the wild.
https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37079
https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37080
https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37081
* technically since Friday.
Overview
- Academy Software Foundation
- OpenEXR
23 Dec 2025
Published
24 Dec 2025
Updated
CVSS v3.0
HIGH (7.8)
EPSS
0.05%
KEV
Description
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27946.
Statistics
- 1 Post
Last activity: Last hour
Bluesky
Critical security advisory: #Fedora 42 mingw-openexr update addresses 7 vulnerabilities including multiple RCE flaws in EXR file parsing (CVE-2025-12839, CVE-2025-12840, CVE-2025-12495). Read more: π tinyurl.com/3sya8sbb #Security
Overview
- VMware vCenter Server
18 Jun 2024
Published
02 Aug 2024
Updated
CVSS v3.1
HIGH (7.8)
EPSS
49.73%
KEV
Description
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo.Β An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
Statistics
- 1 Post
Last activity: 3 hours ago
Fediverse
As it is public now* I'm able to talk about it.
Check your VMware infrastructure. CVE-2024-37079 is known to have been exploited in the wild.
> UPDATE: Broadcom has information to suggest that exploitation of CVE-2024-37079 has occurred in the wild.
https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37079
https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37080
https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37081
* technically since Friday.
Overview
- Academy Software Foundation
- OpenEXR
23 Dec 2025
Published
24 Dec 2025
Updated
CVSS v3.0
HIGH (7.8)
EPSS
0.05%
KEV
Description
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27948.
Statistics
- 1 Post
Last activity: Last hour
Bluesky
Critical security advisory: #Fedora 42 mingw-openexr update addresses 7 vulnerabilities including multiple RCE flaws in EXR file parsing (CVE-2025-12839, CVE-2025-12840, CVE-2025-12495). Read more: π tinyurl.com/3sya8sbb #Security
Overview
- Academy Software Foundation
- OpenEXR
23 Dec 2025
Published
24 Dec 2025
Updated
CVSS v3.0
HIGH (7.8)
EPSS
0.05%
KEV
Description
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27947.
Statistics
- 1 Post
Last activity: Last hour
Bluesky
Critical security advisory: #Fedora 42 mingw-openexr update addresses 7 vulnerabilities including multiple RCE flaws in EXR file parsing (CVE-2025-12839, CVE-2025-12840, CVE-2025-12495). Read more: π tinyurl.com/3sya8sbb #Security