24h | 7d | 30d

CVE-2026-4046

Overview

  • The GNU C Library
  • glibc
30 Mar 2026
Published
20 Apr 2026
Updated
CVSS
Pending
EPSS
0.05%
KEV

Description

The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2026-4046 impacts glibc in 26 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/486 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-34757

Overview

  • pnggroup
  • libpng
09 Apr 2026
Published
09 Apr 2026
Updated
CVSS v3.1
MEDIUM (5.1)
EPSS
0.02%
KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2026-34757 impacts libpng in 6 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/487 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-7491

Overview

  • Zyosoft
  • School App
02 May 2026
Published
02 May 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
0.04%
KEV

Description

School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data.

Statistics

  • 1 Post
Last activity: 3 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

⚠️ CVE-2026-7491 (HIGH, CVSS 8.6): Zyosoft School App v0 is vulnerable to auth bypass via user-controlled keys (CWE-639). Authenticated users can access & modify others' data. No patch yet — restrict access & stay alert for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-33210

Overview

  • ruby
  • json
20 Mar 2026
Published
23 Mar 2026
Updated
CVSS v4.0
HIGH (8.3)
EPSS
0.04%
KEV

Description

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🔍 Lambda Watchdog detected that CVE-2026-33210 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/485 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-35414

Overview

  • OpenBSD
  • OpenSSH
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
MEDIUM (4.2)
EPSS
0.02%
KEV

Description

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

Statistics

  • 1 Post
Last activity: 4 hours ago

Bluesky

Profile picture fallback
Undercode Testing @undercode.bsky.social
Critical OpenSSH Authentication Bypass Vulnerability Grants Root Shell Access – Patch Immediately (CVE-2026-35414) + Video Introduction: A critical authentication bypass vulnerability in OpenSSH (CVE-2026-35414) has remained undetected for 15 years, affecting nearly all OpenSSH versions released…
  • 0
  • 0
  • 0
  • 4h ago

CVE-2025-14917

Overview

  • IBM
  • WebSphere Application Server - Liberty
25 Mar 2026
Published
27 Mar 2026
Updated
CVSS v3.1
MEDIUM (6.7)
EPSS
0.01%
KEV

Description

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.

Statistics

  • 1 Post
Last activity: 20 hours ago

Bluesky

Profile picture fallback
knaepp.bsky.social @knaepp.bsky.social
PH70078:IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14917 CVSS 6.7) https://tinyurl.com/22aozekr
  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-40372

Overview

  • Microsoft
  • ASP.NET Core 10.0
21 Apr 2026
Published
30 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.1)
EPSS
0.02%
KEV

Description

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #Sentrium includes "cPanel and WHM Authentication Bypass Vulnerability (CVE-2026-41940)" and "ASP.NET Core Privilege Escalation Vulnerability (CVE-2026-40372)". #Cybersecurity #PenTesting #infosec https://opsmtrs.com/3aPKkxS
  • 0
  • 0
  • 0
  • 9h ago
Showing 21 to 27 of 27 CVEs