24h | 7d | 30d

Overview

  • Adobe
  • ColdFusion

30 Jun 2026
Published
01 Jul 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
Pending

KEV

Description

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture fallback

CRITICAL vulnerabilities patched in Adobe ColdFusion (2025/2023) & Campaign Classic (7.4.3 build 9397). Multiple CVSS 10.0 flaws incl. CVE-2026-48286, CVE-2026-48276 – 83. No active exploits, but patch ASAP. radar.offseq.com/threat/adobe-

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • urllib3
  • urllib3

13 May 2026
Published
01 Jul 2026
Updated

CVSS v4.0
HIGH (8.9)
EPSS
0.06%

KEV

Description

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) when HTTPResponse.drain_conn() was called after the response had been read and decompressed partially (compression algorithm did not matter here). These issues could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This could result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data) on the client side. This vulnerability is fixed in 2.7.0.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
🚨 Administradores Rocky Linux 8: RLSA-2026:32992 corrige duas vulnerabilidades críticas no python3.12-urllib3: vazamento de headers sensíveis (CVE-2026-44431) e DoS por amplificação de descompressão (CVE-2026-44432). Saiba mais: -> tinyurl.com/yc8aeujn #RockyLinux
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Adobe
  • Adobe Campaign Classic (ACC)

30 Jun 2026
Published
01 Jul 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
Pending

KEV

Description

Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture fallback

CRITICAL vulnerabilities patched in Adobe ColdFusion (2025/2023) & Campaign Classic (7.4.3 build 9397). Multiple CVSS 10.0 flaws incl. CVE-2026-48286, CVE-2026-48276 – 83. No active exploits, but patch ASAP. radar.offseq.com/threat/adobe-

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • libssh2
  • libssh2

17 Jun 2026
Published
18 Jun 2026
Updated

CVSS v4.0
HIGH (8.2)
EPSS
Pending

KEV

Description

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can set nr_extensions to 0xFFFFFFFF during key exchange, causing the client to spin in a tight CPU loop for over 60 seconds because return values from _libssh2_get_string() are unchecked and the session timeout does not apply to CPU-bound loops.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
[Backport staging-26.05] libssh2: patch CVE-2025-15661, CVE-2026-55199, and CVE-2026-55200 https://github.com/NixOS/nixpkgs/pull/537259 #security
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • libssh2
  • libssh2

18 Jun 2026
Published
23 Jun 2026
Updated

CVSS v4.0
HIGH (8.3)
EPSS
Pending

KEV

Description

libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSH_FXP_NAME response. Attackers can supply a link_len value larger than the actual packet data in SSH_FXP_NAME responses for SFTP READLINK and REALPATH operations, triggering a heap buffer over-read of up to target_len minus one bytes due to the missing validation of available packet buffer size before the memcpy operation.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
[Backport staging-26.05] libssh2: patch CVE-2025-15661, CVE-2026-55199, and CVE-2026-55200 https://github.com/NixOS/nixpkgs/pull/537259 #security
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • libssh2
  • libssh2

17 Jun 2026
Published
01 Jul 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.92%

KEV

Description

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
[Backport staging-26.05] libssh2: patch CVE-2025-15661, CVE-2026-55199, and CVE-2026-55200 https://github.com/NixOS/nixpkgs/pull/537259 #security
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • Cacti
  • cacti

24 Jun 2026
Published
26 Jun 2026
Updated

CVSS v3.1
HIGH (7.6)
EPSS
0.19%

KEV

Description

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue has been fixed in version 1.2.31.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
ネットワーク監視フレームワーク Cactiに4件の脆弱性(CVE-2026-39893・CVE-2026-39955・CVE-2026-39938・CVE-2026-39951) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Cacti
  • cacti

24 Jun 2026
Published
26 Jun 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.44%

KEV

Description

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
ネットワーク監視フレームワーク Cactiに4件の脆弱性(CVE-2026-39893・CVE-2026-39955・CVE-2026-39938・CVE-2026-39951) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Cacti
  • cacti

24 Jun 2026
Published
26 Jun 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.32%

KEV

Description

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue has been fixed in version 1.2.31.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
ネットワーク監視フレームワーク Cactiに4件の脆弱性(CVE-2026-39893・CVE-2026-39955・CVE-2026-39938・CVE-2026-39951) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Cacti
  • cacti

24 Jun 2026
Published
26 Jun 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
Pending

KEV

Description

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication (graph viewing supports guest access via the configured guest user), so the SQLi was reachable pre-auth on installs with guest viewing enabled. This issue was fixed in version 1.2.31.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
ネットワーク監視フレームワーク Cactiに4件の脆弱性(CVE-2026-39893・CVE-2026-39955・CVE-2026-39938・CVE-2026-39951) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews
  • 0
  • 0
  • 0
  • 2h ago
Showing 61 to 70 of 70 CVEs