24h | 7d | 30d

Overview

  • Go toolchain
  • cmd/go
  • cmd/go

28 Jan 2026
Published
29 Jan 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2025-68119 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/400 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Roxnor
  • ElementsKit Lite

23 Feb 2026
Published
23 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
Pending

KEV

Description

ElementsKit Lite (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mailchimp/subscribe without authentication. The endpoint accepts client-supplied Mailchimp API credentials and insufficiently validates certain parameters, including the list parameter, when constructing upstream Mailchimp API requests. An unauthenticated attacker can abuse the endpoint as an open proxy to Mailchimp, potentially triggering unauthorized API calls, manipulating subscription data, exhausting API quotas, or causing resource consumption on the affected WordPress site.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-23693 (CRITICAL, CVSS 9.3) in ElementsKit Lite <3.7.9 exposes a Mailchimp REST endpoint to unauth’d abuse — risking API quota exhaustion & data manipulation. Patch ASAP & block /wp-json/elementskit/v1/widget/mailchimp/subscribe. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Tenda
  • HG9

22 Feb 2026
Published
23 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-2910 - A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the ... https://www.cyberhub.blog/cves/CVE-2026-2910
  • 0
  • 0
  • 0
  • 6h ago

Overview

  • QuantumNous
  • new-api

24 Feb 2026
Published
24 Feb 2026
Updated

CVSS v3.1
HIGH (7.6)
EPSS
Pending

KEV

Description

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component `MarkdownRenderer.jsx`, allowing for Cross-Site Scripting(XSS) when the model outputs items containing `<script>` tag. Version 0.10.8-alpha.9 fixes the issue.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

🛡️ HIGH-severity XSS (CVE-2026-25802) in QuantumNous new-api (<0.10.8-alpha.9): Unsafe MarkdownRenderer.jsx allows script injection with user interaction. Upgrade ASAP & implement CSP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Tenda
  • FH451

22 Feb 2026
Published
23 Feb 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.05%

KEV

Description

A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post

Last activity: 7 hours ago

Bluesky

Profile picture fallback
📌 CVE-2026-2911 - A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipul... https://www.cyberhub.blog/cves/CVE-2026-2911
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • NaturalIntelligence
  • fast-xml-parser

19 Feb 2026
Published
19 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.05%

KEV

Description

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application. Version 5.3.6 fixes the issue. As a workaround, avoid using DOCTYPE parsing by `processEntities: false` option.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
📌 CVE-2026-26278 - fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In ve... https://www.cyberhub.blog/cves/CVE-2026-26278
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Ivanti
  • Endpoint Manager Mobile

29 Jan 2026
Published
30 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
41.90%

KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
Ivanti Under Fire: Urgent Zero-Day Alert—Corporate Networks at Immediate Risk + Video Introduction: In a stark reminder of the fragility of enterprise perimeters, two new zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340, are being actively exploited in Ivanti Endpoint Manager Mobile…
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Ivanti
  • Endpoint Manager Mobile

29 Jan 2026
Published
30 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
57.41%

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
Ivanti Under Fire: Urgent Zero-Day Alert—Corporate Networks at Immediate Risk + Video Introduction: In a stark reminder of the fragility of enterprise perimeters, two new zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340, are being actively exploited in Ivanti Endpoint Manager Mobile…
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • VMware vCenter Server

18 Jun 2024
Published
24 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
22.42%

KEV

Description

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture fallback
I'm getting more and more contacts about this being actively used, so patch, patch, patch! VMSA-2024-0012:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) #vmware support.broadcom.com/web/ecx/supp...
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Pending

16 Feb 2026
Published
18 Feb 2026
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page.

Statistics

  • 1 Post

Last activity: 6 hours ago

Bluesky

Profile picture fallback
VS Codeの主要な拡張機能4件で危険性のある脆弱性-最大1.2億に影響(CVE-2025-65717,CVE-2025-65715,CVE-2025-65716) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
  • 0
  • 0
  • 0
  • 6h ago
Showing 71 to 80 of 88 CVEs