24h | 7d | 30d

Overview

  • Amazon
  • Workspaces

04 May 2026
Published
06 May 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.01%

KEV

Description

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leading to local privilege escalation to SYSTEM.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture fallback
CVE-2026-7791 - Local Privilege Escalation via TOCTOU Race Condition in Amazon WorkSpaces Skylight Agent #patchmanagement
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • kpdecker
  • jsdiff

22 Jan 2026
Published
03 Feb 2026
Updated

CVSS v4.0
LOW (2.7)
EPSS
0.02%

KEV

Description

jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters `\r`, `\u2028`, or `\u2029` can cause the `parsePatch` method to enter an infinite loop. It then consumes memory without limit until the process crashes due to running out of memory. Applications are therefore likely to be vulnerable to a denial-of-service attack if they call `parsePatch` with a user-provided patch as input. A large payload is not needed to trigger the vulnerability, so size limits on user input do not provide any protection. Furthermore, some applications may be vulnerable even when calling `parsePatch` on a patch generated by the application itself if the user is nonetheless able to control the filename headers (e.g. by directly providing the filenames of the files to be diffed). The `applyPatch` method is similarly affected if (and only if) called with a string representation of a patch as an argument, since under the hood it parses that string using `parsePatch`. Other methods of the library are unaffected. Finally, a second and lesser interdependent bug - a ReDOS - also exhibits when those same line break characters are present in a patch's *patch* header (also known as its "leading garbage"). A maliciously-crafted patch header of length *n* can take `parsePatch` O(*n*³) time to parse. Versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1 contain a fix. As a workaround, do not attempt to parse patches that contain any of these characters: `\r`, `\u2028`, or `\u2029`.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2026-24001 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/386 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • axios
  • axios

24 Apr 2026
Published
25 Apr 2026
Updated

CVSS v3.1
HIGH (7.4)
EPSS
0.10%

KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnProperty guard, an attacker can (a) silently intercept and modify every JSON response before the application sees it, or (b) fully hijack the underlying HTTP transport, gaining access to request credentials, headers, and body. The precondition is prototype pollution from a separate source in the same process. This vulnerability is fixed in 1.15.1 and 0.31.1.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2026-42033 impacts axios in 3 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/490 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Pip maintainers
  • pip
  • pip

27 Apr 2026
Published
27 Apr 2026
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.02%

KEV

Description

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2026-6357 impacts pip in 6 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/489 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
CVE-2026-39511: How Kills – Unauthenticated SQL Injection in 10K WordPress Sites + Video Introduction: A seemingly harmless call to `stripslashes()` after `prepare()` can completely neutralize SQL injection defenses. In CVE-2026-39511, a WordPress plugin with 10,000 active installations fell…
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • SGLang
  • SGLang

20 Apr 2026
Published
29 Apr 2026
Updated

CVSS
Pending
EPSS
0.32%

KEV

Description

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
⚠️ Manual Técnico: Reparación del CVE-2026-5760 en el Framework de IA SGLang www.newstecnicas.com/2026/04/manu...
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • DIVD
  • VerySecureApp

07 May 2026
Published
07 May 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights are explicitly configured on that role. Anonymous users are required to make a Mendix Entity available publicly. All versions of Mendix Studio Pro up to 11.8.0 Beta silently make an Anonymous user role follow user inheritance rules, without mentioning this explicitly in the documentation.

Statistics

  • 1 Post

Last activity: 2 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-7891 (CRITICAL): Insecure inherited permissions in DIVD VerySecureApp let anonymous users read all records. Built with Mendix Studio Pro 11.8.0 Beta — patch pending. Review anonymous access configs ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 2h ago

Overview

  • WebPros
  • cPanel

29 Apr 2026
Published
06 May 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
64.28%

Description

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture fallback
🟢 Cómo solucionar la #vulnerabilidad CVE-2026-41940 en cPanel/WHM: Parche de seguridad urgente para acceso root www.newstecnicas.com/2026/05/solu...
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Microsoft
  • Windows 10 Version 1507

08 Jul 2025
Published
13 Feb 2026
Updated

CVSS v3.1
MEDIUM (6.8)
EPSS
0.46%

KEV

Description

Acceptance of extraneous untrusted data with trusted data in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
Bypassing Bitlocker under 5 min using downgrade attack on CVE-2025-48804
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • isaacs
  • node-tar

16 Jan 2026
Published
20 Jan 2026
Updated

CVSS v4.0
HIGH (8.2)
EPSS
0.01%

KEV

Description

node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning via absolute symlink targets. This vulnerability is fixed in 7.5.3.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2026-23745 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/379 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 15h ago
Showing 31 to 40 of 115 CVEs