24h | 7d | 30d

CVE-2026-24737

Overview

  • parallax
  • jsPDF
02 Feb 2026
Published
03 Feb 2026
Updated
CVSS v3.1
HIGH (8.1)
EPSS
0.01%
KEV

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. The vulnerability has been fixed in jsPDF@4.1.0.

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
jsPDFにPDF注入とDoSの高リスクの脆弱性、緊急アップデート呼びかけ(CVE-2026-24737,CVE-2026-24133) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-20119

Overview

  • Cisco
  • Cisco RoomOS Software
04 Feb 2026
Published
04 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.08%
KEV

Description

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of input received by an affected device. An attacker could exploit this vulnerability by getting the affected device to render crafted text, for example, a crafted meeting invitation. As indicated in the CVSS score, no user interaction is required, such as accepting the meeting invitation. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
シスコとF5が深刻度の高い脆弱性を複数件修正(CVE-2026-20119、CVE-2026-22548他) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43806/
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-1861

Overview

  • Google
  • Chrome
03 Feb 2026
Published
04 Feb 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post
Last activity: 20 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
URGENT: #Fedora 43 Chromium update patches critical RCE flaws: heap overflow in libvpx (CVE-2026-1861) and type confusion in V8 (CVE-2026-1862). Exploitable via crafted HTML. Read more: 👉 tinyurl.com/5j2hba73 #Security
  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-24133

Overview

  • parallax
  • jsPDF
02 Feb 2026
Published
03 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.02%
KEV

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in jsPDF@4.1.0.

Statistics

  • 1 Post
Last activity: 12 hours ago

Bluesky

Profile picture fallback
セキュリティ対策Lab @securitylab-jp.bsky.social
jsPDFにPDF注入とDoSの高リスクの脆弱性、緊急アップデート呼びかけ(CVE-2026-24737,CVE-2026-24133) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-1862

Overview

  • Google
  • Chrome
03 Feb 2026
Published
04 Feb 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post
Last activity: 20 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
URGENT: #Fedora 43 Chromium update patches critical RCE flaws: heap overflow in libvpx (CVE-2026-1861) and type confusion in V8 (CVE-2026-1862). Exploitable via crafted HTML. Read more: 👉 tinyurl.com/5j2hba73 #Security
  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-22548

Overview

  • F5
  • BIG-IP
04 Feb 2026
Published
04 Feb 2026
Updated
CVSS v3.1
MEDIUM (5.9)
EPSS
0.06%
KEV

Description

When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
ohhara @shiojiri.com
シスコとF5が深刻度の高い脆弱性を複数件修正(CVE-2026-20119、CVE-2026-22548他) | Codebook|Security News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/43806/
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-22903

Overview

  • WAGO
  • 0852-1322
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
Pending
KEV

Description

An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due to missing stack protections.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-22905

Overview

  • WAGO
  • 0852-1322
09 Feb 2026
Published
09 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-004
WAGO: Vulnerabilities in Managed Switch

Several vulnerabilities have been identified in the WAGO 852‑1328 device's web‑based management interface, which is implemented using a modified lighttpd server and custom CGI binaries. These issues include multiple stack buffer overflows, an authentication bypass, and insecure credential storage.
CVE-2026-22906, CVE-2026-22904, CVE-2026-22903, CVE-2026-22905

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 5h ago
Showing 31 to 38 of 38 CVEs