24h | 7d | 30d

CVE-2026-50264

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • xorg-x11-server-Xwayland
05 Jun 2026
Published
25 Jun 2026
Updated
CVSS
Pending
EPSS
0.14%
KEV

Description

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for privilege escalation if the X server runs as root.

Statistics

  • 2 Posts
Last activity: 11 hours ago

Fediverse

Profile picture fallback
zl2tod @zl2tod

...
* dri2: Deduplicate attachments in do_get_buffer (CVE-2026-50264) (Closes: #1138680)

  • 0
  • 0
  • 0
  • 11h ago
Profile picture fallback
zl2tod @zl2tod

...
* glx: fix reversed length check in ChangeDrawableAttributes (CVE-2026-50262) (Closes: #1138680)
* saver: re-fetch screen private after CheckScreenPrivate in CreateSaverWindow (CVE-2026-50263) (Closes: #1138680)
* dix: increase XLFDMAXFONTNAMELEN to match libXfont2's MAXFONTNAMELEN (CVE-2026-50256) (Closes: #1138680)
* dri2: Use booleans for (fake) front buffer tracking in do_get_buffers (CVE-2026-50264) (Closes: #1138680)
...

  • 0
  • 0
  • 0
  • 11h ago

CVE-2021-3782

Overview

  • wayland
23 Sep 2022
Published
22 May 2025
Updated
CVSS
Pending
EPSS
0.29%
KEV

Description

An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.

Statistics

  • 1 Post
Last activity: 8 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🛡️ RLSA-2023:2786: Wayland moderate security update for Rocky Linux 8. CVE-2021-3782 corrige overflow de referência no libwayland-server que permite use-after-free e vazamento de memória. Saiba mais: -> tinyurl.com/4rmxcjsb
  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-33017

Overview

  • langflow-ai
  • langflow
20 Mar 2026
Published
21 May 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
98.41%
KEV

Description

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored flow data from the database. This code is passed to exec() with zero sandboxing, resulting in unauthenticated remote code execution. This is distinct from CVE-2025-3248, which fixed /api/v1/validate/code by adding authentication. The build_public_tmp endpoint is designed to be unauthenticated (for public flows) but incorrectly accepts attacker-supplied flow data containing arbitrary executable code. This issue has been fixed in version 1.9.0.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture fallback
Daily CyberSecurity @DailyCyberSecurity

Langflow Cryptominer Malware Exploits CVE-2026-33017

At least 39 rival malware families appear on a kill list used by a new Langflow cryptominer malware campaign. Threat actors now target exposed artificial intelligence application endpoints to breach enterprise networks. They exploit CVE-2026-33017, which is a critical remote code execution vulnerability. Consequently, attackers hijack servers to mine cryptocurrency. At a glance Malware Family: Modified KORKERDS/MALXMR variant Threat Actor:

securityonline.info/langflow-c

  • 0
  • 0
  • 0
  • 21h ago

CVE-2014-0160

Overview

  • Pending
07 Apr 2014
Published
22 Oct 2025
Updated
CVSS
Pending
EPSS
100.00%
KEV

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Hugo | DevOps | Cybersecurity @hugovalters

Exploit Heartbleed (CVE-2014-0160) with OpenSSL s_client: send a malformed heartbeat request with oversized payload length to extract up to 64KB of heap memory. Use -no_ssl3 -no_tls1 for TLS 1.0/1.1, -msg to capture leaked data. #cve #snippet #heartbleed #cve-2014-0160 #ValtersIT

valtersit.com/vault/heartbleed

  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-52784

Overview

  • opf
  • openproject
26 Jun 2026
Published
26 Jun 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.16%
KEV

Description

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a CSRF on TARGET through /users/:id via POST parameter "user[admin]". This vulnerability is fixed in 17.3.3 and 17.4.1.

Statistics

  • 1 Post
Last activity: 22 hours ago

Fediverse

Profile picture fallback
Hugo | DevOps | Cybersecurity @hugovalters

CVE-2026-52784 - Critical CSRF in OpenProject. Attackers can escalate privileges via /users/:id. CVSS 8.8. Update to 17.3.3 or 17.4.1 immediately. #CVE #OpenProject #infosec

valtersit.com/cve/CVE-2026-527

  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-35373

Overview

  • Uutils
  • coreutils
  • coreutils
22 Apr 2026
Published
22 Apr 2026
Updated
CVSS v3.1
LOW (3.3)
EPSS
0.12%
KEV

Description

A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms (e.g., ln SOURCE... DIRECTORY). While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation enforces UTF-8 encoding, resulting in a failure to stat the file and a non-zero exit code. In environments where automated scripts or system tasks process valid but non-UTF-8 filenames common on Unix filesystems, this divergence causes the utility to fail, leading to a local denial of service for those specific operations.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Michael I Ransier @thecybermind

CVE-2026-35373 introduces a critical operational divergence in modern Linux system utilities, causing strict encoding enforcement to break automated backup and data migration pipelines. Access our strategic CSUITE briefing to audit system integrity: thecybermind.co/393z

  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-57915

Overview

  • Apache Software Foundation
  • Apache Kerby
  • org.apache.kerby:kerb-server
26 Jun 2026
Published
26 Jun 2026
Updated
CVSS
Pending
EPSS
0.26%
KEV

Description

It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue.

Statistics

  • 1 Post
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Can Artuc @canartuc

Apache Kerby, the Java implementation of Kerberos, shipped a fix for CVE-2026-57915: an authentication bypass where an attacker could skip pre-authentication by sending PA-DATA with an unrecognized or unsupported type. The severity is rated important, and the fix is in Kerby 2.1.2. How many Kerberos stacks silently accept PA-DATA types they do not understand, and how many of those are known to operators?
#Kerberos #security

  • 0
  • 0
  • 0
  • 2h ago

CVE-2020-12762

Overview

  • Pending
09 May 2020
Published
03 Nov 2025
Updated
CVSS
Pending
EPSS
1.89%
KEV

Description

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 Sysadmins: RLSA-2023:6976 corrige CVE-2020-12762 no libfastjson (integer overflow → out-of-bounds write). Saiba mais: -> Saiba mais: -> tinyurl.com/3dfeabkt
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-12957

Overview

  • Amazon Web Services
  • Language Servers for AWS
23 Jun 2026
Published
23 Jun 2026
Updated
CVSS v4.0
HIGH (8.5)
EPSS
0.12%
KEV

Description

Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This issue requires the user to trust the workspace when prompted. To remediate this issue, users should upgrade to Language Servers for AWS version 1.65.0 or higher.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture fallback
halil deniz @halildeniz

🚨 AWS Language Server Flaw!

CVE-2026-12957 allows zero-click command injection and cloud credential theft simply by opening a poisoned repository inside your IDE (affecting Amazon Q Developer).

denizhalil.com/2026/06/27/cve-

#CVE202612957 #aws #Cybersecurity #infosec #CloudSecurity

  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-48778

Overview

  • notepad-plus-plus
  • notepad-plus-plus
26 Jun 2026
Published
26 Jun 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
1.37%
KEV

Description

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="commandLineInterpreter"> tag in config.xml is read by NppXml::value() (Parameters.cpp:6430) and stored in _nppGUI._commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDM_FILE_OPEN_CMD (File → Open Containing Folder → cmd), NppCommands.cpp:228 creates a Command object with this value and calls run(), which invokes ShellExecute (RunDlg.cpp:221) with the attacker-controlled string as the executable path. This vulnerability is fixed in 8.9.6.1.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Hugo | DevOps | Cybersecurity @hugovalters

CVE-2026-48778 - Supply chain attack in Notepad++ pre-8.9.6.1. Unsanitized config.xml input leads to arbitrary command execution via File > Open Containing Folder > cmd. CVSS 7.8. No patch available. Disable feature or isolate. #CVE #Notepad #infosec

valtersit.com/cve/CVE-2026-487

  • 0
  • 0
  • 0
  • 4h ago
Showing 41 to 50 of 61 CVEs