24h | 7d | 30d

Overview

  • Fortinet
  • FortiSandbox

14 Apr 2026
Published
17 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
84.16%

Description

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
CVE-2026-39808 now has 84.158% EPSS. Use that to break remediation ties, not to invent a campaign: no validated actor, victim, ransomware, or geopolitical link surfaced in today's review.
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • @fastify/http-proxy
  • @fastify/http-proxy

18 Jul 2026
Published
18 Jul 2026
Updated

CVSS v3.1
HIGH (8.7)
EPSS
Pending

KEV

Description

Impact: @fastify/http-proxy versions from 9.4.0 up to and including 11.5.0 fail to validate the resolved WebSocket destination path against the configured rewrite prefix. The WebSocket routing path in WebSocketProxy.findUpstream resolves the destination via the WHATWG URL constructor, which collapses dot segments, so a crafted upgrade request with path traversal sequences can escape the rewrite prefix and reach upstream endpoints that were not meant to be exposed by the proxy. This is a variant of CVE-2021-21322 in a code path that never went through the HTTP fix in fastify/reply-from. Exploitation requires a non-normalizing WebSocket client, since browsers and the ws package normalize the request path before sending, but raw HTTP clients or downstream proxies that forward the request target unchanged make the attack reachable in production topologies. Patches: upgrade to @fastify/http-proxy 11.6.0. Workarounds: none.

Statistics

  • 2 Posts

Last activity: 5 hours ago

Fediverse

Profile picture fallback

🚨 High-severity security fix in @fastify/http-proxy@11.6.0 just released!

Patches CVE-2026-15631, prefix escape via WebSocket path traversal.

github.com/fastify/fastify-htt

  • 0
  • 0
  • 1
  • 5h ago

Overview

  • IBM
  • Langflow OSS

17 Jul 2026
Published
17 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.21%

KEV

Description

IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture fallback

CVE-2026-13446: IBM Langflow OSS 1.0.0 – 1.10.1 contains hard-coded credentials (CRITICAL, CVSS 9.8). Total system compromise possible. No patch yet — restrict access, monitor activity. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • ruby
  • erb

24 Apr 2026
Published
15 Jul 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
1.13%

KEV

Description

ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). However, three other public methods that also evaluate `@src` via `eval()` were not given the same guard: `ERB#def_method`, `ERB#def_module`, and `ERB#def_class`. An attacker who can trigger `Marshal.load` on untrusted data in a Ruby application that has `erb` loaded can use `ERB#def_module` (zero-arg, default parameters) as a code execution sink, bypassing the `@_init` protection entirely. ERB 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4 patch the issue.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2026-41316 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/484 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Zoom Communications
  • Zoom Workplace for Windows

16 Jul 2026
Published
17 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.51%

KEV

Description

Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
📢 Zoom : vulnérabilité critique CVE-2026-53412 permettant la prise de contrôle de comptes 📝 ## 🔍 Contexte Source : BleepingComputer — publié l… https://cyberveille.ch/posts/2026-07-18-zoom-vulnerabilite-critique-cve-2026-53412-permettant-la-prise-de-controle-de-comptes/ #CVE_2026_53409 #Cyberveille
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • Zoom Communications
  • Zoom Rooms

16 Jul 2026
Published
17 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.15%

KEV

Description

Improper Privilege Management in Zoom Rooms for Windows before version 7.1.0 may allow an authenticated user to conduct an escalation of privilege via local access.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
📢 Zoom : vulnérabilité critique CVE-2026-53412 permettant la prise de contrôle de comptes 📝 ## 🔍 Contexte Source : BleepingComputer — publié l… https://cyberveille.ch/posts/2026-07-18-zoom-vulnerabilite-critique-cve-2026-53412-permettant-la-prise-de-controle-de-comptes/ #CVE_2026_53409 #Cyberveille
  • 0
  • 0
  • 0
  • 19h ago
Showing 31 to 36 of 36 CVEs