24h | 7d | 30d

Overview

  • Acer
  • NitrorSense V3

25 May 2026
Published
25 May 2026
Updated

CVSS v4.0
HIGH (8.5)
EPSS
Pending

KEV

Description

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges.

Statistics

  • 2 Posts

Last activity: 18 hours ago

Fediverse

Profile picture fallback

A lot of offensive activities were identified targeting Acer NitrorSense (CVE-2026-9489) vuldb.com/vuln/365471/cti

  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback

There is a new vulnerability with elevated criticality in Acer NitrorSense (CVE-2026-9489) vuldb.com/vuln/365471

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • huggingface
  • huggingface/transformers

24 May 2026
Published
24 May 2026
Updated

CVSS v3.0
HIGH (7.8)
EPSS
Pending

KEV

Description

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious `config.json` file containing the `_attn_implementation_internal` field set to an attacker-controlled HuggingFace Hub repository ID. When a victim loads this model using the standard `AutoModelForCausalLM.from_pretrained()` API, the library downloads and executes arbitrary Python code from the attacker's repository with the victim's full OS privileges. This issue arises due to unfiltered deserialization of configuration attributes, insufficient sanitization of internal fields, and unsandboxed execution of downloaded kernels. The vulnerability bypasses the `trust_remote_code` security mechanism, is invisible to the victim, and exploits the standard documented usage pattern, making it particularly severe. Users are advised to upgrade to version 5.3.0 or later to mitigate this issue.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture fallback

Attention, elevated activities detected targeting huggingface transformers (CVE-2026-4372) vuldb.com/vuln/365468/cti

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • HAProxy
  • HAProxy

13 Apr 2026
Published
22 Apr 2026
Updated

CVSS v3.1
MEDIUM (4.0)
EPSS
0.01%

KEV

Description

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. The earliest affected version is 2.6.

Statistics

  • 1 Post

Last activity: 15 hours ago

Bluesky

Profile picture fallback
HAProxy request smuggling vuln (CVE-2026-33555) just got a Debian patch. Here's your guide Read more -> tinyurl.com/3sj8j4hx #Debian
  • 0
  • 0
  • 0
  • 15h ago

Overview

  • Microsoft
  • Microsoft Malware Protection Engine

20 May 2026
Published
22 May 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
5.22%

Description

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
~Checkpoint~ Highlights include actively exploited Defender & Drupal flaws, major breaches at GitHub & 7-Eleven, and new AI-driven threats. - IOCs: CVE-2026-41091, CVE-2026-9082, Showboat - #CVE #Malware #ThreatIntel
  • 0
  • 0
  • 0
  • 11h ago
Showing 41 to 44 of 44 CVEs