24h | 7d | 30d

CVE-2026-25727

Overview

  • time-rs
  • time
06 Feb 2026
Published
06 Feb 2026
Updated
CVSS v4.0
MEDIUM (6.8)
EPSS
0.04%
KEV

Description

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.

Statistics

  • 2 Posts
Last activity: 3 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 CRITICAL: #Fedora 43 #Security Advisory Update 🚨 CVE-2026-25537 (auth bypass) + CVE-2026-25727 (stack exhaustion) now patched. Affects tuigreet, rustup, keylime-agent-rust + 6 other packages. This is a SOFTWARE SUPPLY CHAIN incident. Read more: 👉 tinyurl.com/4ky4w8mt
  • 0
  • 0
  • 0
  • 4h ago
Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 Urgent Security Update for Fedora Users! 🚨 Critical vulnerabilities CVE-2026-25537 & CVE-2026-25727 affect tbtools and multiple Rust applications in #Fedora 43. Read more: 👉 tinyurl.com/yyantywz #Security
  • 0
  • 0
  • 0
  • 3h ago

CVE-2026-21510

Overview

  • Microsoft
  • Windows 10 Version 1809
10 Feb 2026
Published
10 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CISA has added 6 vulnerabilities to the KEV Catalog

CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.

CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.

  • 0
  • 1
  • 0
  • 2h ago

CVE-2026-21519

Overview

  • Microsoft
  • Windows 10 Version 1809
10 Feb 2026
Published
10 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CISA has added 6 vulnerabilities to the KEV Catalog

CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.

CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.

  • 0
  • 1
  • 0
  • 2h ago

CVE-2026-21513

Overview

  • Microsoft
  • Windows 11 version 26H1
10 Feb 2026
Published
10 Feb 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
Pending
KEV

Description

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CISA has added 6 vulnerabilities to the KEV Catalog

CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.

CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.

  • 0
  • 1
  • 0
  • 2h ago

CVE-2026-21525

Overview

  • Microsoft
  • Windows 10 Version 1809
10 Feb 2026
Published
10 Feb 2026
Updated
CVSS v3.1
MEDIUM (6.2)
EPSS
Pending
KEV

Description

Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CISA has added 6 vulnerabilities to the KEV Catalog

CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.

CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.

  • 0
  • 1
  • 0
  • 2h ago

CVE-2026-21533

Overview

  • Microsoft
  • Windows 11 version 26H1
10 Feb 2026
Published
10 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CISA has added 6 vulnerabilities to the KEV Catalog

CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.

CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.

  • 0
  • 1
  • 0
  • 2h ago

CVE-2026-21514

Overview

  • Microsoft
  • Microsoft 365 Apps for Enterprise
10 Feb 2026
Published
10 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 2 hours ago

Fediverse

Profile picture fallback
Dark Web Informer :verified_paw: @DarkWebInformer

‼️ CISA has added 6 vulnerabilities to the KEV Catalog

CVE-2026-21513: Microsoft Internet Explorer Protection Mechanism Failure Vulnerability: Microsoft Internet Explorer contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21525: Microsoft Windows NULL Pointer Dereference Vulnerability: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally.

CVE-2026-21510: Microsoft Windows Shell Protection Mechanism Failure Vulnerability: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21533: Microsoft Windows Improper Privilege Management Vulnerability: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21519: Microsoft Windows Type Confusion Vulnerability: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.

CVE-2026-21514: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.

  • 0
  • 1
  • 0
  • 2h ago
Showing 41 to 47 of 47 CVEs