24h | 7d | 30d

Overview

  • HDFGroup
  • hdf5

19 Feb 2026
Published
19 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
Pending

KEV

Description

HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems. Real-world exploitability of this issue in terms of remote-code execution is currently unknown. Version 1.14.4-2 fixes the issue.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
📌 CVE-2026-26200 - HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap ... https://www.cyberhub.blog/cves/CVE-2026-26200
  • 0
  • 0
  • 0
  • Last hour

Overview

  • kovidgoyal
  • calibre

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.01%

KEV

Description

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files are written in 'wb' mode, silently overwriting existing files. This can lead to potential code execution and Denial of Service through file corruption. This issue has been fixed in version 9.3.0.

Statistics

  • 1 Post

Last activity: 18 hours ago

Fediverse

Profile picture fallback

⚠️ CRITICAL vuln: calibre <9.3.0 (CVE-2026-26065) allows arbitrary file writes via path traversal in PDB reader. Risks: code execution, DoS. Patch to 9.3.0+ ASAP! No known exploits yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 18h ago

Overview

  • openclaw
  • openclaw

19 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.03%

KEV

Description

OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated callers to forge Telnyx events. Telnyx webhooks are expected to be authenticated via Ed25519 signature verification. In affected versions, TelnyxProvider.verifyWebhook() could effectively fail open when no Telnyx public key was configured, allowing arbitrary HTTP POST requests to the voice-call webhook endpoint to be treated as legitimate Telnyx events. This only impacts deployments where the Voice Call plugin is installed, enabled, and the webhook endpoint is reachable from the attacker (for example, publicly exposed via a tunnel/proxy). The issue has been fixed in version 2026.2.14.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
📌 CVE-2026-26319 - OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsi... https://www.cyberhub.blog/cves/CVE-2026-26319
  • 0
  • 0
  • 0
  • Last hour

Overview

  • EPSON
  • EPSON Printer Controller Installer
  • com.epson.InstallNavi.helper

19 Feb 2026
Published
19 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.01%

KEV

Description

The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS’s authorization model, exposing privileged functionality to untrusted users. Although it invokes the AuthorizationCopyRights API, it does so using overly permissive custom rights that it registers in the system’s authorization database (/var/db/auth.db). These rights can be requested and granted by the authorization daemon to any local user, regardless of privilege level. As a result, an attacker can exploit the vulnerable service to perform privileged operations such as executing arbitrary commands or installing system components without requiring administrative credentials.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
📌 CVE-2025-4960 https://www.cyberhub.blog/article/alert-cve-2025-4960
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Apache Software Foundation
  • Apache Tomcat

17 Feb 2026
Published
17 Feb 2026
Updated

CVSS
Pending
EPSS
0.04%

KEV

Description

Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a (specification invalid) HEAD request using HTTP/0.9. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112. Older, EOL versions are also affected. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.

Statistics

  • 1 Post

Last activity: 8 hours ago

Fediverse

Profile picture fallback

Apache Tomcat has a CVE-2026-24733 vulnerability that allows attackers to bypass security constraints via HTTP/0.9 requests when specific access-control rules are configured. This issue requires a particular configuration where HEAD requests are allowed but GET requests are denied, and an attacker must be able to send crafted HTTP/0.9 traffic.
cybersecuritynews.com/apache-t

  • 0
  • 0
  • 0
  • 8h ago

Overview

  • scadaapp
  • scadaApp for iOS

18 Feb 2026
Published
19 Feb 2026
Updated

CVSS v4.0
MEDIUM (4.6)
EPSS
0.03%

KEV

Description

ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture fallback
📌 CVE-2019-25349 https://www.cyberhub.blog/article/alert-cve-2019-25349
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Acronis
  • Acronis Cyber Protect 16

20 Feb 2026
Published
20 Feb 2026
Updated

CVSS v3.0
CRITICAL (10.0)
EPSS
0.02%

KEV

Description

Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
📌 CVE-2025-30412 - Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windo... https://www.cyberhub.blog/cves/CVE-2025-30412
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • NaturalIntelligence
  • fast-xml-parser

19 Feb 2026
Published
19 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.05%

KEV

Description

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application. Version 5.3.6 fixes the issue. As a workaround, avoid using DOCTYPE parsing by `processEntities: false` option.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2026-26278 impacts fast-xml-parser in 4 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/426 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • SmarterTools
  • SmarterMail

23 Jan 2026
Published
06 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
22.65%

Description

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

Statistics

  • 1 Post

Last activity: 9 hours ago

Fediverse

Profile picture fallback

Rapid weaponization of SmarterMail flaws exposed through underground Telegram channels. Just days after CVE-2026-24423 and CVE-2026-23760 were disclosed, exploit PoCs and stolen admin credentials were shared among these communities, highlighting the urgent need for...

Read more: steelefortress.com/dlk923

  • 0
  • 0
  • 0
  • 9h ago

Overview

  • SmarterTools
  • SmarterMail

22 Jan 2026
Published
27 Jan 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
55.75%

Description

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.

Statistics

  • 1 Post

Last activity: 9 hours ago

Fediverse

Profile picture fallback

Rapid weaponization of SmarterMail flaws exposed through underground Telegram channels. Just days after CVE-2026-24423 and CVE-2026-23760 were disclosed, exploit PoCs and stolen admin credentials were shared among these communities, highlighting the urgent need for...

Read more: steelefortress.com/dlk923

  • 0
  • 0
  • 0
  • 9h ago
Showing 71 to 80 of 88 CVEs