24h | 7d | 30d

Overview

  • Galaxy Software Services Corporation
  • iota C.ai Conversational Platform

27 Nov 2024
Published
27 Nov 2024
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.36%

KEV

Description

A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
📌 CVE-2024-52959 - A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through... https://www.cyberhub.blog/cves/CVE-2024-52959
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Go standard library
  • crypto/x509
  • crypto/x509

06 Mar 2026
Published
06 Mar 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
🚨 New UNKNOWN CVE detected in AWS Lambda 🚨 CVE-2026-27138 impacts stdlib in 27 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/437 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • SICK AG
  • SICK Lector85x

06 Mar 2026
Published
06 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.4)
EPSS
0.21%

KEV

Description

An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-2330 in SICK Lector85x lets remote, unauthenticated attackers modify device configs via the CROWN REST interface. Patch or restrict access now to prevent OT compromise. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Cisco
  • Cisco Secure Firewall Management Center (FMC)

04 Mar 2026
Published
05 Mar 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.44%

KEV

Description

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 21 hours ago

Bluesky

Profile picture fallback
The latest update for #ArcticWolf includes "CVE-2026-29000: Authentication Bypass in pac4j-jwt #Java Library" and "CVE-2026-20079 & CVE-2026-20131: Maximum-severity Vulnerabilities in Cisco FMC". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 1
  • 1
  • 0
  • 21h ago

Overview

  • Cisco
  • Cisco Secure Firewall Management Center (FMC)

04 Mar 2026
Published
05 Mar 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.18%

KEV

Description

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 21 hours ago

Bluesky

Profile picture fallback
The latest update for #ArcticWolf includes "CVE-2026-29000: Authentication Bypass in pac4j-jwt #Java Library" and "CVE-2026-20079 & CVE-2026-20131: Maximum-severity Vulnerabilities in Cisco FMC". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 1
  • 1
  • 0
  • 21h ago

Overview

  • pac4j
  • pac4j-jwt

04 Mar 2026
Published
07 Mar 2026
Updated

CVSS v4.0
CRITICAL (10.0)
EPSS
0.24%

KEV

Description

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 21 hours ago

Bluesky

Profile picture fallback
The latest update for #ArcticWolf includes "CVE-2026-29000: Authentication Bypass in pac4j-jwt #Java Library" and "CVE-2026-20079 & CVE-2026-20131: Maximum-severity Vulnerabilities in Cisco FMC". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 1
  • 1
  • 0
  • 21h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • libsoup3

02 Feb 2026
Published
02 Feb 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
🚨 ALERT: Critical libsoup vulns (CVE-2026-1467, CVE-2026-1539, CVE-2026-1760) hit #SUSE/#openSUSE. Risks include HTTP request smuggling, credential leaks, and DoS. Read more: 👉 tinyurl.com/f3mdpcth #Security
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • libsoup3

27 Jan 2026
Published
28 Jan 2026
Updated

CVSS
Pending
EPSS
0.08%

KEV

Description

A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the Host header. A remote attacker can exploit this by providing a specially crafted URL containing CRLF sequences, allowing them to inject additional HTTP headers or complete HTTP request bodies. This can lead to unintended or unauthorized HTTP requests being forwarded by the proxy, potentially impacting downstream services.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
🚨 ALERT: Critical libsoup vulns (CVE-2026-1467, CVE-2026-1539, CVE-2026-1760) hit #SUSE/#openSUSE. Risks include HTTP request smuggling, credential leaks, and DoS. Read more: 👉 tinyurl.com/f3mdpcth #Security
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • libsoup3

28 Jan 2026
Published
28 Jan 2026
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
🚨 ALERT: Critical libsoup vulns (CVE-2026-1467, CVE-2026-1539, CVE-2026-1760) hit #SUSE/#openSUSE. Risks include HTTP request smuggling, credential leaks, and DoS. Read more: 👉 tinyurl.com/f3mdpcth #Security
  • 0
  • 0
  • 0
  • 23h ago
Showing 61 to 69 of 69 CVEs