24h | 7d | 30d

Overview

  • Pending

05 Jul 2009
Published
07 Aug 2024
Updated

CVSS
Pending
EPSS
93.10%

KEV

Description

Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
Global Cybercrime Networks Exploit Outdated Software, Crypto Hype, and Fake Online Stores to Defraud Users #cryptophishingscam #CVE20092265exploit #CyberFraud
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Go standard library
  • archive/tar
  • archive/tar

08 Apr 2026
Published
08 Apr 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
🚨 New UNKNOWN CVE detected in AWS Lambda 🚨 CVE-2026-32288 impacts stdlib in 26 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/461 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Go standard library
  • crypto/x509
  • crypto/x509

08 Apr 2026
Published
08 Apr 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
🚨 New UNKNOWN CVE detected in AWS Lambda 🚨 CVE-2026-32281 impacts stdlib in 26 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/458 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • obsidianforensics
  • unfurl
  • dfir-unfurl

08 Apr 2026
Published
08 Apr 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run(), causing any non-empty string to evaluate truthy, allowing attackers to access the Werkzeug debugger and disclose sensitive information or achieve remote code execution.

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture fallback

⚠️ CRITICAL: obsidianforensics unfurl up to 2025.08 enables Flask debug mode by default. Attackers can exploit CVE-2026-40035 for RCE & info disclosure. Avoid production use, disable debug mode, monitor for fixes. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • Last hour
Showing 41 to 44 of 44 CVEs