24h | 7d | 30d

CVE-2026-3769

Overview

  • Tenda
  • F453
08 Mar 2026
Published
08 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.05%
KEV

Description

A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function WrlclientSet of the file /goform/WrlclientSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚩 CVE-2026-3769: HIGH severity vuln in Tenda F453 (v1.0.0.3) — stack-based buffer overflow in /goform/WrlclientSet. Public exploit released! Limit remote access, monitor traffic, apply mitigations. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-3811

Overview

  • Tenda
  • FH1202
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.05%
KEV

Description

A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ HIGH severity: Tenda FH1202 (1.2.0.14) vulnerable to stack-based buffer overflow (CVE-2026-3811). Remote exploit is public. No fix yet — monitor, isolate, and watch for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

CVE-2017-11882

Overview

  • Microsoft Corporation
  • Microsoft Office
15 Nov 2017
Published
21 Oct 2025
Updated
CVSS
Pending
EPSS
94.38%
KEV

Description

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture fallback
CyberVeille @cyberveille-ch.bsky.social
📢 LLM et analyse de malware : gains réels, limites fortes et bonnes pratiques 📝 Security Blog publie un retour d’expérience détaillé sur l’usage d’LLMs (GPT… https://cyberveille.ch/posts/2026-03-08-llm-et-analyse-de-malware-gains-reels-limites-fortes-et-bonnes-pratiques/ #CVE_2017_11882 #Cyberveille
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-69969

Overview

  • Pending
04 Mar 2026
Published
04 Mar 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services.

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2025-69969 - A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism U... https://www.cyberhub.blog/cves/CVE-2025-69969
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-28514

Overview

  • RocketChat
  • Rocket.Chat
06 Mar 2026
Published
09 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
0.11%
KEV

Description

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows an attacker to log in to the service as any user with a password set, using any arbitrary password. The vulnerability stems from a missing await keyword when calling an asynchronous password validation function, causing a Promise object (which is always truthy) to be evaluated instead of the actual boolean validation result. This may lead to account takeover of any user whose username is known or guessable. This issue has been patched in versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0.

Statistics

  • 2 Posts
Last activity: 1 hour ago

Bluesky

Profile picture fallback
/r/netsec @r-netsec-bot.bsky.social
Sign in with ANY password into Rocket.Chat EE (CVE-2026-28514) and other vulnerabilities we’ve found with our open source AI framework
  • 0
  • 0
  • 1
  • 1h ago

CVE-2026-3787

Overview

  • UltraVNC
08 Mar 2026
Published
08 Mar 2026
Updated
CVSS v4.0
HIGH (7.3)
EPSS
0.00%
KEV

Description

A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

UltraVNC 1.6.4.0 on Windows hit by HIGH-severity vuln (CVE-2026-3787): uncontrolled DLL search path in cryptbase.dll. Local attackers could escalate privileges. No patch yet — restrict access & monitor for DLL hijacking. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-1340

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
50.87%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 8 hours ago

Fediverse

Profile picture fallback
Patrick Terlisten @pterlisten

Nice... sitting in a customer meeting and hunting IOCs. If you are using #Ivanti EPMM, you might want to take a look at this:

Mass exploitation of #CVE-2026-1281 and #CVE-2026-1340 in Ivanti EPMM

github.security.telekom.com/20

#ivanti_backdoors

  • 1
  • 0
  • 1
  • 8h ago

CVE-2026-1281

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
64.79%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 8 hours ago

Fediverse

Profile picture fallback
Patrick Terlisten @pterlisten

Nice... sitting in a customer meeting and hunting IOCs. If you are using #Ivanti EPMM, you might want to take a look at this:

Mass exploitation of #CVE-2026-1281 and #CVE-2026-1340 in Ivanti EPMM

github.security.telekom.com/20

#ivanti_backdoors

  • 1
  • 0
  • 1
  • 8h ago

CVE-2025-61985

Overview

  • OpenBSD
  • OpenSSH
06 Oct 2025
Published
06 Oct 2025
Updated
CVSS v3.1
LOW (3.6)
EPSS
0.01%
KEV

Description

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Flatcar Container Linux 🚂 @flatcar

New Flatcar Alpha, Beta and Stable releases now available!
🚀 /etc is now shipped as #systemd confext
🔒 CVE fixes & security patches: CVE-2025-61984 and CVE-2025-61985 for OpenSSH on Stable
📜 Release notes at the usual spot: flatcar.org/releases/

  • 0
  • 1
  • 1
  • 1h ago

CVE-2025-61984

Overview

  • OpenBSD
  • OpenSSH
06 Oct 2025
Published
26 Feb 2026
Updated
CVSS v3.1
LOW (3.6)
EPSS
0.00%
KEV

Description

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Flatcar Container Linux 🚂 @flatcar

New Flatcar Alpha, Beta and Stable releases now available!
🚀 /etc is now shipped as #systemd confext
🔒 CVE fixes & security patches: CVE-2025-61984 and CVE-2025-61985 for OpenSSH on Stable
📜 Release notes at the usual spot: flatcar.org/releases/

  • 0
  • 1
  • 1
  • 1h ago
Showing 31 to 40 of 40 CVEs