24h | 7d | 30d

CVE-2026-20119

Overview

  • Cisco
  • Cisco RoomOS Software
04 Feb 2026
Published
04 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.08%
KEV

Description

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of input received by an affected device. An attacker could exploit this vulnerability by getting the affected device to render crafted text, for example, a crafted meeting invitation. As indicated in the CVSS score, no user interaction is required, such as accepting the meeting invitation. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
シスコとF5が深刻度の高い脆弱性を複数件修正(CVE-2026-20119、CVE-2026-22548他) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43806/
  • 0
  • 0
  • 0
  • 14h ago

CVE-2026-24133

Overview

  • parallax
  • jsPDF
02 Feb 2026
Published
03 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.02%
KEV

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in jsPDF@4.1.0.

Statistics

  • 1 Post
Last activity: 19 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
jsPDFにPDF注入とDoSの高リスクの脆弱性、緊急アップデート呼びかけ(CVE-2026-24737,CVE-2026-24133) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-22548

Overview

  • F5
  • BIG-IP
04 Feb 2026
Published
04 Feb 2026
Updated
CVSS v3.1
MEDIUM (5.9)
EPSS
0.06%
KEV

Description

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 1 Post
Last activity: 14 hours ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
シスコとF5が深刻度の高い脆弱性を複数件修正(CVE-2026-20119、CVE-2026-22548他) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43806/
  • 0
  • 0
  • 0
  • 14h ago

CVE-2025-40551

Overview

  • SolarWinds
  • Web Help Desk
28 Jan 2026
Published
04 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
54.99%
KEV

Description

SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture fallback
Microsoft Threat Intelligence @threatintel.microsoft.com
While we have not yet confirmed whether the attacks are related to the most recently disclosed vulnerabilities such as CVE-2025-40551 and CVE-2025-40536, or stem from previously disclosed vulnerabilities like CVE-2025-26399, attackers will likely continue targeting vulnerable systems.
  • 0
  • 0
  • 0
  • 2h ago

CVE-2025-40536

Overview

  • SolarWinds
  • Web Help Desk
28 Jan 2026
Published
02 Feb 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
27.82%
KEV

Description

SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality.

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture fallback
Microsoft Threat Intelligence @threatintel.microsoft.com
While we have not yet confirmed whether the attacks are related to the most recently disclosed vulnerabilities such as CVE-2025-40551 and CVE-2025-40536, or stem from previously disclosed vulnerabilities like CVE-2025-26399, attackers will likely continue targeting vulnerable systems.
  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-22903

Overview

  • WAGO
  • 0852-1322
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.43%
KEV

Description

An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-22905

Overview

  • WAGO
  • 0852-1322
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.10%
KEV

Description

An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 12h ago
Showing 31 to 37 of 37 CVEs