24h | 7d | 30d

Overview

  • itsourcecode
  • Society Management System

02 Mar 2026
Published
02 Mar 2026
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.03%

KEV

Description

A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/check_studid.php. Executing a manipulation of the argument student_id can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-3410 - A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /... https://www.cyberhub.blog/cves/CVE-2026-3410
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Linux
  • Linux

03 Jul 2025
Published
19 Jan 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of size 8 at addr ffff8880286045a0 by task syz.0.284/6943 CPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline] _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline] page_pool_recycle_in_ring net/core/page_pool.c:707 [inline] page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826 page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline] page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline] napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036 skb_pp_recycle net/core/skbuff.c:1047 [inline] skb_free_head net/core/skbuff.c:1094 [inline] skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1263 [inline] __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline] root cause is: page_pool_recycle_in_ring ptr_ring_produce spin_lock(&r->producer_lock); WRITE_ONCE(r->queue[r->producer++], ptr) //recycle last page to pool page_pool_release page_pool_scrub page_pool_empty_ring ptr_ring_consume page_pool_return_page //release all page __page_pool_destroy free_percpu(pool->recycle_stats); free(pool) //free spin_unlock(&r->producer_lock); //pool->ring uaf read recycle_stat_inc(pool, ring); page_pool can be free while page pool recycle the last page in ring. Add producer-lock barrier to page_pool_release to prevent the page pool from being free before all pages have been recycled. recycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not enabled, which will trigger Wempty-body build warning. Add definition for pool stat macro to fix warning.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
Critical patch for #SUSE Linux Enterprise 15 SP7 is out! Advisory SUSE-SU-2026:0748-1 fixes a nasty use-after-free in the kernel (CVE-2025-38129). Read more: 👉 tinyurl.com/4ephaa7r #Security
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Tenda
  • F453

01 Mar 2026
Published
02 Mar 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-3399 - A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetS... https://www.cyberhub.blog/cves/CVE-2026-3399
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Tenda
  • F453

28 Feb 2026
Published
28 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromSafeMacFilter of the file /goform/SafeMacFilter. Such manipulation of the argument page leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-3376 - A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromSafeMacFilter of the file /goform... https://www.cyberhub.blog/cves/CVE-2026-3376
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
  • SODOLA SL902-SWTGW124AS

27 Feb 2026
Published
02 Mar 2026
Updated

CVSS v4.0
HIGH (7.1)
EPSS
0.04%

KEV

Description

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to an authenticated session can modify credentials to maintain persistent access to the management interface.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-27757 - SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account p... https://www.cyberhub.blog/cves/CVE-2026-27757
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Devolutions
  • Server

03 Mar 2026
Published
03 Mar 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 and earlier allows an unauthenticated user to authenticate as an arbitrary Entra ID user via a forged JSON Web Token (JWT).

Statistics

  • 1 Post

Last activity: 9 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-3224: CRITICAL auth bypass in Devolutions Server <=2025.3.15.0 using Microsoft Entra ID. Attackers can forge JWTs for full access. No known exploits, but patch ASAP & tighten token validation. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Juniper Networks
  • Junos OS Evolved

25 Feb 2026
Published
04 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.33%

KEV

Description

An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device. Please note that this service is enabled by default as no specific configuration is required. This issue affects Junos OS Evolved on PTX Series: * 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO. This issue does not affect Junos OS Evolved versions before 25.4R1-EVO. This issue does not affect Junos OS.

Statistics

  • 3 Posts

Last activity: 18 hours ago

Bluesky

Profile picture fallback
Sometimes, You Can Just Feel The Security In The Design (Junos OS Evolved CVE-2026-21902 RCE) - watchTowr Labs
  • 0
  • 0
  • 2
  • 18h ago

Overview

  • LabRedesCefetRJ
  • WeGIA

27 Feb 2026
Published
02 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.05%

KEV

Description

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionar_tipo_docs_atendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like Postman or the file's URL on the web to access features exclusive to employees. The vulnerability allows external parties to inject unauthorized data in massive quantities into the application server's storage. Version 3.6.5 fixes the issue.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-28408 - WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionar_tipo_docs_atendido.php does not go through the pro... https://www.cyberhub.blog/cves/CVE-2026-28408
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • chamilo
  • chamilo-lms

02 Mar 2026
Published
02 Mar 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.04%

KEV

Description

Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and "Username" fields. It allows attackers to inject a stored cross-site scripting (XSS) payload that is triggered when the user profile is viewed, potentially leading to malicious script execution in the context of the authenticated use. This issue has been patched in version 1.11.30.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
📌 CVE-2025-52468 - Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. T... https://www.cyberhub.blog/cves/CVE-2025-52468
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Portwell
  • Portwell Engineering Toolkits

03 Mar 2026
Published
03 Mar 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vulnerability could result in escalation of privileges or cause a denial-of-service condition.

Statistics

  • 1 Post

Last activity: 1 hour ago

Fediverse

Profile picture fallback

🚨 CVE-2026-3437 (CRITICAL, CVSS 9.3): Portwell Engineering Toolkits 4.8.2 lets local users escalate privileges or trigger DoS via memory access in driver. No patch yet — restrict local access, audit users, monitor! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 1h ago
Showing 31 to 40 of 68 CVEs