CVE-2026-28372

Overview

GNU
inetutils

27 Feb 2026

Published

07 Mar 2026

Updated

CVSS v3.1

HIGH (7.4)

EPSS

0.00%

MITRE

KEV

Description

telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALS_DIRECTORY environment variable, and requires an unprivileged local user to create a login.noauth file.

Statistics

1 Post

Last activity: 18 hours ago

Bluesky

nixpkgs security changes @nixpkgssecuritychanges.gerbet.me

[Backport staging-25.11] inetutils: apply patches for CVE-2026-32746 and CVE-2026-28372 https://github.com/NixOS/nixpkgs/pull/501896 #security

0
0
0
18h ago

CVE-2025-61143

Overview

Pending

23 Feb 2026

Published

25 Feb 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.

Statistics

2 Posts

Last activity: 6 hours ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

Critical LibTIFF DoS vulnerabilities (CVE-2025-61143, CVE-2025-61144) patched for #Ubuntu 25.10, 24.04 LTS, 22.04 LTS, and earlier releases with Ubuntu Pro. Read more: 👉 tinyurl.com/yenkmaar #Security

0
0
0
10h ago

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

🚨 URGENT: #Ubuntu Security Update 🚨 Patch now for LibTIFF DoS flaws (CVE-2025-61143, CVE-2025-61144) affecting Ubuntu 25.10 down to 14.04 LTS. Read more: 👉 tinyurl.com/ue8e2zbv #Security

0
0
0
6h ago

CVE-2024-4671

Overview

Google
Chrome

09 May 2024

Published

21 Oct 2025

Updated

CVSS

Pending

EPSS

0.51%

MITRE

KEV

Description

Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Statistics

1 Post

Last activity: 10 hours ago

Fediverse

CyberNetsecIO @netsecio

📰 CISA KEV Catalog Updated: Federal Agencies Must Patch Exploited Flaws in Apple, Laravel, Craft CMS

📢 CISA KEV UPDATE: Actively exploited flaws in Apple visionOS (CVE-2026-28217), Laravel (CVE-2024-4671), & Craft CMS (CVE-2026-25487) added to catalog. Federal agencies must patch by April 12. All orgs urged to patch NOW! ⚠️ #KEV #CISA

🔗 https://cyber.netsecops.io/articles/cisa-adds-apple-laravel-craft-cms-flaws-to-kev-catalog/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

0
0
0
10h ago

CVE-2026-28217

Overview

hoppscotch
hoppscotch

26 Feb 2026

Published

27 Feb 2026

Updated

CVSS v3.1

MEDIUM (6.5)

EPSS

0.01%

MITRE

KEV

Description

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the `userCollection` GraphQL query accepts an arbitrary collection ID and returns the full collection data — including title, type, and the serialized `data` field containing HTTP requests with headers and potentially secrets — to any authenticated user, without verifying that the requesting user owns the collection. This is an Insecure Direct Object Reference (IDOR) caused by a missing authorization check that exists on every other operation in the same resolver. Version 2026.2.0 fixes the issue.

Statistics

1 Post

Last activity: 10 hours ago

Fediverse

CyberNetsecIO @netsecio

📰 CISA KEV Catalog Updated: Federal Agencies Must Patch Exploited Flaws in Apple, Laravel, Craft CMS

📢 CISA KEV UPDATE: Actively exploited flaws in Apple visionOS (CVE-2026-28217), Laravel (CVE-2024-4671), & Craft CMS (CVE-2026-25487) added to catalog. Federal agencies must patch by April 12. All orgs urged to patch NOW! ⚠️ #KEV #CISA

🔗 https://cyber.netsecops.io/articles/cisa-adds-apple-laravel-craft-cms-flaws-to-kev-catalog/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

0
0
0
10h ago

CVE-2026-25487

Overview

craftcms
commerce

03 Feb 2026

Published

04 Feb 2026

Updated

CVSS v4.0

MEDIUM (6.1)

EPSS

0.02%

MITRE

KEV

Description

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the Store Management section is not properly sanitized before being displayed in the admin panel. This issue has been patched in versions 4.10.1 and 5.5.2.

Statistics

1 Post

Last activity: 10 hours ago

Fediverse

CyberNetsecIO @netsecio

📰 CISA KEV Catalog Updated: Federal Agencies Must Patch Exploited Flaws in Apple, Laravel, Craft CMS

📢 CISA KEV UPDATE: Actively exploited flaws in Apple visionOS (CVE-2026-28217), Laravel (CVE-2024-4671), & Craft CMS (CVE-2026-25487) added to catalog. Federal agencies must patch by April 12. All orgs urged to patch NOW! ⚠️ #KEV #CISA

🔗 https://cyber.netsecops.io/articles/cisa-adds-apple-laravel-craft-cms-flaws-to-kev-catalog/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

0
0
0
10h ago