24h | 7d | 30d

Overview

  • karutoil
  • catalyst

10 Feb 2026
Published
10 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.26%

KEV

Description

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or template.update permission can define arbitrary shell commands that achieve full root-level remote code execution on every node machine in the cluster. This vulnerability is fixed in commit 11980aaf3f46315b02777f325ba02c56b110165d.

Statistics

  • 1 Post

Last activity: 16 hours ago

Fediverse

Profile picture fallback

🚨 karutoil catalyst (<11980aaf3f46315b02777f325ba02c56b110165d) faces CRITICAL OS command injection (CVE-2026-26009, CVSS 10.0). Users with template perms can execute root shell commands cluster-wide. Patch immediately! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

Overview

  • win.rar GmbH
  • WinRAR

08 Aug 2025
Published
21 Oct 2025
Updated

CVSS v4.0
HIGH (8.4)
EPSS
3.90%

Description

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.

Statistics

  • 1 Post

Last activity: 1 hour ago

Fediverse

Profile picture fallback

Research observed -Dragon, a Chinese-aligned group linked to , conducting espionage against government and law enforcement across Southeast Asia. The threat actor weaponized flaw CVE-2025-8088 within 10 days after its disclosure, geo-fenced servers to targets, and introduced , a Telegram-based remote access tool.

research.checkpoint.com/2026/a

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • nko
  • Custom Block Builder – Lazy Blocks

11 Feb 2026
Published
11 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.24%

KEV

Description

The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture fallback

⚠️ HIGH severity: CVE-2026-1560 in Lazy Blocks (WordPress, ≤4.2.0) lets Contributor+ users run arbitrary code via improper code generation (CWE-94). No public exploits yet — restrict roles and monitor activity! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • OpenPrinting
  • cups

11 Sep 2025
Published
04 Nov 2025
Updated

CVSS v3.1
HIGH (8.0)
EPSS
0.05%

KEV

Description

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
The #SUSE CUPS vulnerability (CVE-2025-58060) is a textbook case of legacy complexity haunting modern infrastructure. Heap overflow, local to root pivot, and it affects the IPP stack. Read more: 👉 tinyurl.com/3fewkb33 #Security
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Microsoft
  • GitHub Copilot Plugin for JetBrains IDEs

10 Feb 2026
Published
11 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.04%

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
🚨 CVE-2026-21516 (CVSS 8.8 HIGH) Command Injection in GitHub Copilot allows an unauthorized attacker to execute code over a network due to improper neutralization of special elements in commands. Full analysis: basefortify.eu/cve_reports/... #CVE #GitHubCopilot #Microsoft #CyberSecurity #AppSec
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Keats
  • jsonwebtoken

04 Feb 2026
Published
05 Feb 2026
Updated

CVSS v4.0
MEDIUM (5.5)
EPSS
0.08%

KEV

Description

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim (such as nbf or exp) is provided with an incorrect JSON type (Like a String instead of a Number), the library’s internal parsing mechanism marks the claim as “FailedToParse”. Crucially, the validation logic treats this “FailedToParse” state identically to “NotPresent”. This means that if a check is enabled (like: validate_nbf = true), but the claim is not explicitly marked as required in required_spec_claims, the library will skip the validation check entirely for the malformed claim, treating it as if it were not there. This allows attackers to bypass critical time-based security restrictions (like “Not Before” checks) and commit potential authentication and authorization bypasses. This issue has been patched in version 10.3.0.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
🚨 Urgent Security Update for Fedora Users! 🚨 Critical vulnerabilities CVE-2026-25537 & CVE-2026-25727 affect tbtools and multiple Rust applications in #Fedora 43. Read more: 👉 tinyurl.com/yyantywz #Security
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • libexpat project
  • libexpat

23 Jan 2026
Published
23 Jan 2026
Updated

CVSS v3.1
LOW (2.9)
EPSS
0.00%

KEV

Description

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
USN-8023-1: libxmltok flaws (CVE-2026-24515 & CVE-2026-25210) are now public. Key takeaway: CVE-2026-25210 = Integer Overflow → Heap Overflow → Potential RCE. ⚠️ Patches ONLY in #Ubuntu Pro/ESM repos. Read more: 👉 tinyurl.com/fd6dsmfu #Security
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Ivanti
  • Endpoint Manager

10 Feb 2026
Published
10 Feb 2026
Updated

CVSS v3.1
HIGH (8.6)
EPSS
0.16%

KEV

Description

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
Ivanti released patches for EPM fixing a high-severity authentication bypass (CVE-2026-1603) and a medium SQL injection (CVE-2026-1602).
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • time-rs
  • time

06 Feb 2026
Published
06 Feb 2026
Updated

CVSS v4.0
MEDIUM (6.8)
EPSS
0.04%

KEV

Description

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
🚨 Urgent Security Update for Fedora Users! 🚨 Critical vulnerabilities CVE-2026-25537 & CVE-2026-25727 affect tbtools and multiple Rust applications in #Fedora 43. Read more: 👉 tinyurl.com/yyantywz #Security
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • libexpat project
  • libexpat

30 Jan 2026
Published
03 Feb 2026
Updated

CVSS v3.1
MEDIUM (6.9)
EPSS
Pending

KEV

Description

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
USN-8023-1: libxmltok flaws (CVE-2026-24515 & CVE-2026-25210) are now public. Key takeaway: CVE-2026-25210 = Integer Overflow → Heap Overflow → Potential RCE. ⚠️ Patches ONLY in #Ubuntu Pro/ESM repos. Read more: 👉 tinyurl.com/fd6dsmfu #Security
  • 0
  • 0
  • 0
  • Last hour
Showing 31 to 40 of 42 CVEs