CVE-2026-3025

Overview

ShuoRen
Smart Heating Integrated Management Platform

23 Feb 2026

Published

25 Feb 2026

Updated

CVSS v4.0

MEDIUM (6.9)

EPSS

0.05%

MITRE

KEV

Description

A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

1 Post

Last activity: 21 hours ago

Bluesky

CyberHub @cyberhub.blog

📌 CVE-2026-3025 - A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the... https://www.cyberhub.blog/cves/CVE-2026-3025

0
0
0
21h ago

CVE-2026-22719

Overview

VMware
Aria Operations
vmware-aria-operations

25 Feb 2026

Published

03 Mar 2026

Updated

CVSS v3.1

HIGH (8.1)

EPSS

0.47%

MITRE

KEV

Description

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. To remediate CVE-2026-22719, apply the patches listed in the 'Fixed Version' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001 Workarounds for CVE-2026-22719 are documented in the 'Workarounds' column of the ' Response Matrix https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ' in VMSA-2026-0001

Statistics

1 Post

Last activity: 3 hours ago

Bluesky

piggo @pigondrugs.bsky.social

~Cisa~ CISA added actively exploited Qualcomm and VMware Aria vulnerabilities to its KEV catalog. - IOCs: CVE-2026-21385, CVE-2026-22719 - #CISA #KEV #ThreatIntel

0
0
0
3h ago

CVE-2026-27749

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post
4 Interactions

Last activity: 7 hours ago

Bluesky

Quarkslab @quarkslab.bsky.social

Another antivirus 🛡️, another unfulfilled promise 😣. @kaluche_ turns Avira's protection into a privilege escalation playground. This time: 3 LPE vectors 🆙 via symlink abuse (CVE-2026-27748, CVE-2026-27750) and unsafe deserialization (CVE-2026-27749). Find out more: blog.quarkslab.com/avira-deseri...

1
3
0
7h ago

CVE-2026-27748

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post
4 Interactions

Last activity: 7 hours ago

Bluesky

Quarkslab @quarkslab.bsky.social

Another antivirus 🛡️, another unfulfilled promise 😣. @kaluche_ turns Avira's protection into a privilege escalation playground. This time: 3 LPE vectors 🆙 via symlink abuse (CVE-2026-27748, CVE-2026-27750) and unsafe deserialization (CVE-2026-27749). Find out more: blog.quarkslab.com/avira-deseri...

1
3
0
7h ago

CVE-2026-27750

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post
4 Interactions

Last activity: 7 hours ago

Bluesky

Quarkslab @quarkslab.bsky.social

Another antivirus 🛡️, another unfulfilled promise 😣. @kaluche_ turns Avira's protection into a privilege escalation playground. This time: 3 LPE vectors 🆙 via symlink abuse (CVE-2026-27748, CVE-2026-27750) and unsafe deserialization (CVE-2026-27749). Find out more: blog.quarkslab.com/avira-deseri...

1
3
0
7h ago

CVE-2026-24061

Overview

GNU
Inetutils

21 Jan 2026

Published

26 Feb 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

77.92%

MITRE

KEV

Description

telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.

Statistics

1 Post

Last activity: 9 hours ago

Fediverse

pentest-tools.com @pentesttools

February was about moving from detection to proof.

Here are the top updates in Pentest-Tools.com:

🧪 New research hub - we launched the Offensive Security Research Hub to share original 0-day research, working PoCs, and technical exploit chains built by our own team.

🔐 ISO 27001 certified - we are officially ISO/IEC 27001:2022 certified, providing verified assurance for your sensitive findings.

🎯 One-click RCE validation - Sniper: Auto-Exploiter now supports controlled exploitation for Telnet (CVE-2026-24061) and Ivanti EPMM (CVE-2026-1281) for confirmed proof-of-impact.

🛡️ New detection: Redis RCE - identify exploitable Redis instances (CVE-2025-62507) across internet-facing and internal segments.

🧭 Granular scan logs - Website and API Scanners now display discoveries in the console output in real-time.

Catch the full breakdown in the video or in this link: https://pentest-tools.com/change-log

Until next time: Stay sharp. Stay human.

#OffensiveSecurity #EthicalHacking #Infosec #VulnerabilityManagement #ISO27001

0
0
0
9h ago

CVE-2025-62507

Overview

redis
redis

04 Nov 2025

Published

26 Feb 2026

Updated

CVSS v4.0

HIGH (7.7)

EPSS

0.12%

MITRE

KEV

Description

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

Statistics

1 Post

Last activity: 9 hours ago

Fediverse

pentest-tools.com @pentesttools

February was about moving from detection to proof.

Here are the top updates in Pentest-Tools.com:

🧪 New research hub - we launched the Offensive Security Research Hub to share original 0-day research, working PoCs, and technical exploit chains built by our own team.

🔐 ISO 27001 certified - we are officially ISO/IEC 27001:2022 certified, providing verified assurance for your sensitive findings.

🎯 One-click RCE validation - Sniper: Auto-Exploiter now supports controlled exploitation for Telnet (CVE-2026-24061) and Ivanti EPMM (CVE-2026-1281) for confirmed proof-of-impact.

🛡️ New detection: Redis RCE - identify exploitable Redis instances (CVE-2025-62507) across internet-facing and internal segments.

🧭 Granular scan logs - Website and API Scanners now display discoveries in the console output in real-time.

Catch the full breakdown in the video or in this link: https://pentest-tools.com/change-log

Until next time: Stay sharp. Stay human.

#OffensiveSecurity #EthicalHacking #Infosec #VulnerabilityManagement #ISO27001

0
0
0
9h ago

CVE-2026-1281

Overview

Ivanti
Endpoint Manager Mobile

29 Jan 2026

Published

26 Feb 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

64.79%

MITRE

KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

1 Post

Last activity: 9 hours ago

Fediverse

pentest-tools.com @pentesttools

February was about moving from detection to proof.

Here are the top updates in Pentest-Tools.com:

🧪 New research hub - we launched the Offensive Security Research Hub to share original 0-day research, working PoCs, and technical exploit chains built by our own team.

🔐 ISO 27001 certified - we are officially ISO/IEC 27001:2022 certified, providing verified assurance for your sensitive findings.

🎯 One-click RCE validation - Sniper: Auto-Exploiter now supports controlled exploitation for Telnet (CVE-2026-24061) and Ivanti EPMM (CVE-2026-1281) for confirmed proof-of-impact.

🛡️ New detection: Redis RCE - identify exploitable Redis instances (CVE-2025-62507) across internet-facing and internal segments.

🧭 Granular scan logs - Website and API Scanners now display discoveries in the console output in real-time.

Catch the full breakdown in the video or in this link: https://pentest-tools.com/change-log

Until next time: Stay sharp. Stay human.

#OffensiveSecurity #EthicalHacking #Infosec #VulnerabilityManagement #ISO27001

0
0
0
9h ago