24h | 7d | 30d

Overview

  • OpenS100 Project
  • OpenS100
  • OpenS100

17 Feb 2026
Published
17 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
Pending

KEV

Description

OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL_openlibs() without sandboxing or capability restrictions, exposing standard libraries such as 'os' and 'io' to untrusted portrayal catalogues. An attacker can provide a malicious S-100 portrayal catalogue containing Lua scripts that execute arbitrary commands with the privileges of the OpenS100 process when a user imports the catalogue and loads a chart.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-22208 in OpenS100 (S-100 viewer) enables RCE via unsandboxed Lua. Attackers can embed malicious scripts in S-100 catalogues — risk of full system compromise. Block untrusted imports & monitor. Patch when released. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Microsoft
  • Microsoft Edge (Chromium-based)

17 Feb 2026
Published
17 Feb 2026
Updated

CVSS v3.1
LOW (3.1)
EPSS
Pending

KEV

Description

Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 2 hours ago

Fediverse

Profile picture fallback

Microsoft Edge 145.0.3800.58 korrigiert CVE-2026-2441 und CVE-2026-0102 und weitere Änderungen

deskmodder.de/blog/2026/02/18/

  • 1
  • 0
  • 1
  • 2h ago

Overview

  • Linux
  • Linux

03 Jul 2025
Published
03 Nov 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via mdiobus, there is no verification of parameters passed to the ioctl and it accepts any mdio address. Currently there is support for 32 addresses in kernel via PHY_MAX_ADDR define, but it is possible to pass higher value than that via ioctl. While read/write operation should generally fail in this case, mdiobus provides stats array, where wrong address may allow out-of-bounds read/write. Fix that by adding address verification before read/write operation. While this excludes this access from any statistics, it improves security of read/write operation.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
🚨 URGENT: #SUSE Linux Kernel Update! 🚨 SUSE-SU-2026:0565-1 patches 4 HIGH-severity flaws in SLE 15 SP4, including CVE-2023-53321 (Wi-Fi driver) & CVE-2025-38111 (Memory corruption). R ead more: 👉 tinyurl.com/52u328c5 #Security
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Pending

27 Oct 2025
Published
28 Oct 2025
Updated

CVSS
Pending
EPSS
0.08%

KEV

Description

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
🚨 Critical patch for #openSUSE Tumbleweed! FRR routing suite updated to 10.2.1-4.1. This addresses three security issues (CVE-2025-61099, CVE-2025-61100, CVE-2025-61104) that could impact BGP stability. Read more: 👉 tinyurl.com/2hk7tfed #Security
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Pending

28 Oct 2025
Published
28 Oct 2025
Updated

CVSS
Pending
EPSS
0.08%

KEV

Description

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
🚨 Critical patch for #openSUSE Tumbleweed! FRR routing suite updated to 10.2.1-4.1. This addresses three security issues (CVE-2025-61099, CVE-2025-61100, CVE-2025-61104) that could impact BGP stability. Read more: 👉 tinyurl.com/2hk7tfed #Security
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Apache Software Foundation
  • Apache Tomcat

17 Feb 2026
Published
17 Feb 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a (specification invalid) HEAD request using HTTP/0.9. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112. Older, EOL versions are also affected. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.

Statistics

  • 2 Posts

Last activity: 3 hours ago

Bluesky

Profile picture fallback
JVNVU#91658988: Apache Tomcatにおける複数の脆弱性(CVE-2025-66614、CVE-2026-24733、CVE-2026-24734) https://jvn.jp/vu/JVNVU91658988/
  • 0
  • 0
  • 1
  • 3h ago

Overview

  • Apache Software Foundation
  • Apache Tomcat Native

17 Feb 2026
Published
17 Feb 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed. This issue affects Apache Tomcat Native:  from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114. The following versions were EOL at the time the CVE was created but are known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39. Older EOL versions are not affected. Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue. Apache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue.

Statistics

  • 2 Posts

Last activity: 3 hours ago

Bluesky

Profile picture fallback
JVNVU#91658988: Apache Tomcatにおける複数の脆弱性(CVE-2025-66614、CVE-2026-24733、CVE-2026-24734) https://jvn.jp/vu/JVNVU91658988/
  • 0
  • 0
  • 1
  • 3h ago

Overview

  • Apache Software Foundation
  • Apache Tomcat

17 Feb 2026
Published
17 Feb 2026
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected. Tomcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one of those hosts did not require client certificate authentication but another one did, it was possible for a client to bypass the client certificate authentication by sending different host names in the SNI extension and the HTTP host header field. The vulnerability only applies if client certificate authentication is only enforced at the Connector. It does not apply if client certificate authentication is enforced at the web application. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.

Statistics

  • 2 Posts

Last activity: 3 hours ago

Bluesky

Profile picture fallback
JVNVU#91658988: Apache Tomcatにおける複数の脆弱性(CVE-2025-66614、CVE-2026-24733、CVE-2026-24734) https://jvn.jp/vu/JVNVU91658988/
  • 0
  • 0
  • 1
  • 3h ago

Overview

  • Pending

27 Oct 2025
Published
28 Oct 2025
Updated

CVSS
Pending
EPSS
0.08%

KEV

Description

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
🚨 Critical patch for #openSUSE Tumbleweed! FRR routing suite updated to 10.2.1-4.1. This addresses three security issues (CVE-2025-61099, CVE-2025-61100, CVE-2025-61104) that could impact BGP stability. Read more: 👉 tinyurl.com/2hk7tfed #Security
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Pending

18 Feb 2020
Published
18 Feb 2026
Updated

CVSS
Pending
EPSS
90.60%

Description

Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
~Cisa~ CISA added four actively exploited vulnerabilities affecting Microsoft, Zimbra, TeamT5, and Chromium to its KEV catalog, requiring urgent remediation. - IOCs: CVE-2026-2441, CVE-2024-7694, CVE-2020-7796 - #CISA #KEV #PatchNow #ThreatIntel
  • 0
  • 0
  • 0
  • 6h ago
Showing 31 to 40 of 40 CVEs