24h | 7d | 30d

Overview

  • Google
  • Chrome

30 Jun 2025
Published
21 Oct 2025
Updated

CVSS
Pending
EPSS
1.58%

Description

Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
Chrome V8 Sandbox Escape: 3 Primitives for Arbitrary Memory Read/Write (CVE-2025-6554 Explained) + Video Introduction: A recently surfaced GitHub repository, aklnjakln/CVE-2025-6554, provides a working Proof-of-Concept (PoC) for a critical type confusion vulnerability in Google Chrome's V8…
  • 0
  • 0
  • 0
  • Last hour

Overview

  • tigroumeow
  • AI Engine – The Chatbot, AI Framework & MCP for WordPress

17 May 2026
Published
17 May 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.04%

KEV

Description

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be granted without verifying administrator privileges. This makes it possible for authenticated (Subscriber+) attackers to invoke admin-level MCP tools and escalate privileges to Administrator.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-8719 (HIGH, CVSS 8.8): AI Engine for WordPress v3.4.9 lets any OAuth token holder with Subscriber+ escalate to admin via MCP tools. Restrict OAuth, monitor for fixes. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Linux
  • Linux

11 May 2026
Published
17 May 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before calling into the security ops only when skb_cloned() is true. An skb that is not cloned but still carries externally-owned paged fragments (e.g. SKBFL_SHARED_FRAG set by splice() into a UDP socket via __ip_append_data, or a chained skb_has_frag_list()) falls through to the in-place decryption path, which binds the frag pages directly into the AEAD/skcipher SGL via skb_to_sgvec(). Extend the gate to also unshare when skb_has_frag_list() or skb_has_shared_frag() is true. This catches the splice-loopback vector and other externally-shared frag sources while preserving the zero-copy fast path for skbs whose frags are kernel-private (e.g. NIC page_pool RX, GRO). The OOM/trace handling already in place is reused.

Statistics

  • 2 Posts

Last activity: 21 hours ago

Fediverse

Profile picture fallback

#DirtyFrag #vulnerability: Universal Linux LPE

Obtains root privileges on major Linux distributions by chaining the xfrm-ESP Page-Cache Write (CVE-2026-43284) vulnerability and the RxRPC Page-Cache Write (CVE-2026-43500) vulnerability.

github.com/V4bel/dirtyfrag

#CVE

  • 0
  • 0
  • 0
  • 21h ago
Profile picture fallback

To make sure the latest linux kernel security issues (CVE-2026-43284, CVE-2026-43500, CVE-2026-46300, CVE-2026-46333) are properly patched we have rebooted various systems (again).

Specifically you might have seen interruptions for starfive-{1-4}, debian-i386, debian-i386-2, debian-armhf, snapshots, osuosl-arm64, osuosl-arm64-2, sw3bb1, sw3bb2, sw3runner1, sw3runner2, sourceware-builder3, rh-ospo-sourceware01, forge and forge-stage.

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Cisco
  • Cisco Catalyst SD-WAN Manager

25 Feb 2026
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
58.95%

Description

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 2 hours ago

Fediverse

Profile picture fallback

Cisco: Noch ein Zero-Day mit „perfekter 10“

Im Februar wurde eine weltweite Warnung verbreitet, weil Cisco SD-WAN Produkte Sicherheitslücken enthielten, die bereits seit mindestens 2023 für Angriffe ausgenutzt wurden (Zero-Day). Cisco hat Updates veröffentlicht, mit denen diese Sicherheitslücken geschlossen werden sollten. Jetzt kommt der Witz. Forscher des Sicherheitsunternehmens Rapid7 haben die Sicherheitslücke CVE-2026-20127 weiter untersucht und dabei eine weitere Sicherheitslücke gefunden! Sie hat die Nummer CVE-2026-20182 und die Risiko-Einstufung 10 von 10 bekommen. Auch diese Sicherheitslücke wird bereits für Angriffe ausgenutzt

pc-fluesterer.info/wordpress/2

#Allgemein #Empfehlung #Hintergrund #Warnung #0day #cybercrime #exploits #hersteller #hintertr #spionage #UnplugTrump #backdoor

  • 1
  • 0
  • 0
  • 2h ago

Overview

  • F5
  • NGINX Plus

13 May 2026
Published
13 May 2026
Updated

CVSS v3.1
MEDIUM (4.8)
EPSS
0.03%

KEV

Description

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacker can send requests along with conditions beyond its control that may cause a heap-use-after-free error in the NGINX worker process. This vulnerability may result in limited modification of data or the NGINX worker process restarting.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
📢 NGINX Rift : RCE critique via un heap overflow vieux de 18 ans (CVE-2026-42945) 📝 ## 🔍 Contexte Publié le 13 mai 2026 par Zhenpeng (Leo) Lin, chercheu… https://cyberveille.ch/posts/2026-05-15-nginx-rift-rce-critique-via-un-heap-overflow-vieux-de-18-ans-cve-2026-42945/ #CVE_2026_40701 #Cyberveille
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture fallback

To make sure the latest linux kernel security issues (CVE-2026-43284, CVE-2026-43500, CVE-2026-46300, CVE-2026-46333) are properly patched we have rebooted various systems (again).

Specifically you might have seen interruptions for starfive-{1-4}, debian-i386, debian-i386-2, debian-armhf, snapshots, osuosl-arm64, osuosl-arm64-2, sw3bb1, sw3bb2, sw3runner1, sw3runner2, sourceware-builder3, rh-ospo-sourceware01, forge and forge-stage.

  • 0
  • 0
  • 0
  • 22h ago
Showing 21 to 26 of 26 CVEs