24h | 7d | 30d

Overview

  • cloudways
  • Breeze Cache

23 Apr 2026
Published
23 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.06%

KEV

Description

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited if "Host Files Locally - Gravatars" is enabled, which is disabled by default.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture fallback
Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844) https://securityaffairs.com/191267/uncategorized/over-400000-sites-at-risk-as-hackers-exploit-breeze-cache-plugin-flaw-cve-2026-3844.html
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Linux
  • Linux

03 Apr 2026
Published
27 Apr 2026
Updated

CVSS v3.1
HIGH (8.2)
EPSS
0.03%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case In decode_int(), the CONS case calls get_bits(bs, 2) to read a length value, then calls get_uint(bs, len) without checking that len bytes remain in the buffer. The existing boundary check only validates the 2 bits for get_bits(), not the subsequent 1-4 bytes that get_uint() reads. This allows a malformed H.323/RAS packet to cause a 1-4 byte slab-out-of-bounds read. Add a boundary check for len bytes after get_bits() and before get_uint().

Statistics

  • 1 Post

Last activity: 23 hours ago

Fediverse

Profile picture fallback

📰 Log4j Deja Vu: Critical RCE Flaw in 'LogSpresso' Library Averts Major Supply Chain Crisis

🚨 A Log4j-style crisis averted! A critical 10.0 CVSS RCE flaw, CVE-2026-23456, was found in the popular 'LogSpresso' Java library. 😱 Patch released before wild exploitation. Update to version 3.5.1 NOW! #LogSpresso #Vulnerability #SupplyChain #Java

🔗 cybernetsec.io

  • 0
  • 0
  • 0
  • 23h ago

Overview

  • GeoVision Inc.
  • GV-IP Device Utility

26 Apr 2026
Published
27 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
0.03%

KEV

Description

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with various Geovision devices on the network, the utility may send privileged commands; in order to do so, the username and password of the device need to be provided. In some instances the command is broadcasted over UDP and the username/password are encrypted using a cryptographic protocol that appears to be derivated from Blowfish. However the symmetric key used for the encryption is also included in the packet, and thus the security of the username/password only relies on the "obscurity" of the encryption scheme. An attacker on the same LAN can listen to the broadcast traffic once an admin user interacts with the device, and decrypt the credentials using their own implementation of the algorithm. With this password the attacker would have full control over the device configuration, allowing them to change its ip address or even reset it to factory default.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture fallback

🚨CRITICAL: CVE-2026-42363 in GeoVision GV-IP Device Utility 9.0.5 exposes admin creds via UDP broadcast with weak encryption. Attackers on LAN can take full control. Limit access, avoid untrusted networks, and watch for patches. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Cisco
  • Cisco Secure Firewall Adaptive Security Appliance (ASA) Software

25 Sep 2025
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
24.78%

Description

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
Cisco ASA の脆弱性(CVE-2025-20333)とは?パッチ後も残るリスクを徹底解説 企業や政府機関のネットワークを守るファイアウォール製品「Cisco Secure Firewall ASA」に、深刻な脆弱性が確認されています。修正プログラムを適用しても攻撃が継続するケースが報告されており、単なるソフトウェアアップデートでは対処しきれない事態が起きています。 本記事では、Cisco ASA の脆弱性の概要から具体的な攻撃の手口、確認すべき対応策まで、技術者でない方にもわかりやすく解説します。 Cisco ASA とは? まずは製品の基本を押さえよう Cisco…
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • PowerDNS
  • Authoritative
  • pdns

22 Apr 2026
Published
22 Apr 2026
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
0.01%

KEV

Description

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
PowerDNS Authoritative Serverの脆弱性情報が公開されました (CVE-2026-33257、他5件) https://jprs.jp/tech/security/2026-04-27-powerdns-auth.html
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Google
  • Chrome

23 Apr 2026
Published
24 Apr 2026
Updated

CVSS
Pending
EPSS
0.08%

KEV

Description

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture fallback
【脆弱性情報】 CVE-2026-6920 googleのchromeの脆弱性について Google Chrome for Android の 147.0.7727.117 より前のバージョンにおいて、GPU に境界外読み取りの脆弱性が存在します。
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Tenda
  • F456

27 Apr 2026
Published
27 Apr 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-7082: HIGH severity buffer overflow in Tenda F456 v1.0.0.5 (formWrlExtraSet in httpd). Attack is remote and exploit is public. Audit exposure & restrict remote mgmt ASAP. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Linux
  • Linux

14 Feb 2026
Published
03 Apr 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are performed outside the cable lock, this may result in UAF when a program attempts to trigger frequently while opening/closing the tied stream, as spotted by fuzzers. For addressing the UAF, this patch changes two things: - It covers the most of code in loopback_check_format() with cable->lock spinlock, and add the proper NULL checks. This avoids already some racy accesses. - In addition, now we try to check the state of the capture PCM stream that may be stopped in this function, which was the major pain point leading to UAF.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
Stop chasing kernel CVEs like it's 2026. CVE-2026-23191 (ALSA race) and CVE-2026-23268 (AppArmor bypass) are already patched. But the NEXT one? Read more -> tinyurl.com/2hm6nwnt #SUSE
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Linux
  • Linux

18 Mar 2026
Published
18 Apr 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged local user can do privileged policy management An unprivileged local user can load, replace, and remove profiles by opening the apparmorfs interfaces, via a confused deputy attack, by passing the opened fd to a privileged process, and getting the privileged process to write to the interface. This does require a privileged target that can be manipulated to do the write for the unprivileged process, but once such access is achieved full policy management is possible and all the possible implications that implies: removing confinement, DoS of system or target applications by denying all execution, by-passing the unprivileged user namespace restriction, to exploiting kernel bugs for a local privilege escalation. The policy management interface can not have its permissions simply changed from 0666 to 0600 because non-root processes need to be able to load policy to different policy namespaces. Instead ensure the task writing the interface has privileges that are a subset of the task that opened the interface. This is already done via policy for confined processes, but unconfined can delegate access to the opened fd, by-passing the usual policy check.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
Stop chasing kernel CVEs like it's 2026. CVE-2026-23191 (ALSA race) and CVE-2026-23268 (AppArmor bypass) are already patched. But the NEXT one? Read more -> tinyurl.com/2hm6nwnt #SUSE
  • 0
  • 0
  • 0
  • 2h ago
Showing 21 to 29 of 29 CVEs