24h | 7d | 30d

CVE-2026-28472

Overview

  • OpenClaw
  • OpenClaw
05 Mar 2026
Published
09 Mar 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
0.04%
KEV

Description

OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting the presence check instead of validation, potentially gaining operator access in vulnerable deployments.

Statistics

  • 1 Post
Last activity: 3 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
πŸ“Œ CVE-2026-28472 - OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity che... https://www.cyberhub.blog/cves/CVE-2026-28472
  • 0
  • 0
  • 0
  • 3h ago

CVE-2025-59464

Overview

  • nodejs
  • node
20 Jan 2026
Published
21 Jan 2026
Updated
CVSS v3.0
MEDIUM (6.5)
EPSS
0.06%
KEV

Description

A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.

Statistics

  • 1 Post
Last activity: 7 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Heads up, #openSUSE Tumbleweed community! A new security advisory (2026-10311-1) is out for Corepack and Node.js 24, addressing CVE-2025-59464. Read more: πŸ‘‰ tinyurl.com/9m9732ru #Security
  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-3811

Overview

  • Tenda
  • FH1202
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.05%
KEV

Description

A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

⚠️ HIGH severity: Tenda FH1202 (1.2.0.14) vulnerable to stack-based buffer overflow (CVE-2026-3811). Remote exploit is public. No fix yet β€” monitor, isolate, and watch for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-25085

Overview

  • Copeland
  • Copeland XWEB 300D PRO
27 Feb 2026
Published
02 Mar 2026
Updated
CVSS v3.1
HIGH (8.6)
EPSS
0.08%
KEV

Description

A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.

Statistics

  • 1 Post
Last activity: 4 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
πŸ“Œ CVE-2026-25085 - A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later o... https://www.cyberhub.blog/cves/CVE-2026-25085
  • 0
  • 0
  • 0
  • 4h ago

CVE-2025-69969

Overview

  • Pending
04 Mar 2026
Published
04 Mar 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services.

Statistics

  • 1 Post
Last activity: 10 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
πŸ“Œ CVE-2025-69969 - A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism U... https://www.cyberhub.blog/cves/CVE-2025-69969
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-3630

Overview

  • DeltaWW
  • COMMGR2
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.04%
KEV

Description

Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture fallback
BaseFortify.eu @basefortify.bsky.social
🚨 CVE-2026-3630 – CRITICAL (9.8) Stack-Based Buffer Overflow in Delta Electronics COMMGR2. A memory handling flaw could allow attackers to overwrite stack memory and potentially execute arbitrary code. Full report: basefortify.eu/cve_reports/... #CVE #IndustrialSecurity #CyberSecurity #InfoSec
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-30869

Overview

  • siyuan-note
  • siyuan
09 Mar 2026
Published
09 Mar 2026
Updated
CVSS v3.1
CRITICAL (9.3)
EPSS
Pending
KEV

Description

SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as conf/conf.json, which contains secrets including the API token, cookie signing key, and workspace access authentication code. Leaking these secrets may enable administrative access to the SiYuan kernel API, and in certain deployment scenarios could potentially be chained into remote code execution (RCE). This vulnerability is fixed in 3.5.10.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Offensive Sequence @offseq

🚨 CRITICAL: CVE-2026-30869 affects SiYuan (< 3.5.10) β€” path traversal via /export lets attackers read sensitive files (API tokens, keys). Patch to 3.5.10+ now! No auth needed. All admins review configs. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-1340

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
50.87%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 18 hours ago

Fediverse

Profile picture fallback
Patrick Terlisten @pterlisten

Nice... sitting in a customer meeting and hunting IOCs. If you are using #Ivanti EPMM, you might want to take a look at this:

Mass exploitation of #CVE-2026-1281 and #CVE-2026-1340 in Ivanti EPMM

github.security.telekom.com/20

#ivanti_backdoors

  • 1
  • 0
  • 1
  • 18h ago

CVE-2026-1281

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
64.79%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 18 hours ago

Fediverse

Profile picture fallback
Patrick Terlisten @pterlisten

Nice... sitting in a customer meeting and hunting IOCs. If you are using #Ivanti EPMM, you might want to take a look at this:

Mass exploitation of #CVE-2026-1281 and #CVE-2026-1340 in Ivanti EPMM

github.security.telekom.com/20

#ivanti_backdoors

  • 1
  • 0
  • 1
  • 18h ago

CVE-2025-61985

Overview

  • OpenBSD
  • OpenSSH
06 Oct 2025
Published
06 Oct 2025
Updated
CVSS v3.1
LOW (3.6)
EPSS
0.01%
KEV

Description

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

Statistics

  • 2 Posts
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
Flatcar Container Linux πŸš‚ @flatcar

New Flatcar Alpha, Beta and Stable releases now available!
πŸš€ /etc is now shipped as #systemd confext
πŸ”’ CVE fixes & security patches: CVE-2025-61984 and CVE-2025-61985 for OpenSSH on Stable
πŸ“œ Release notes at the usual spot: flatcar.org/releases/

  • 0
  • 1
  • 1
  • 11h ago
Showing 71 to 80 of 93 CVEs