24h | 7d | 30d

Overview

  • Microsoft
  • Microsoft Malware Protection Engine

20 May 2026
Published
22 May 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
5.22%

Description

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

Your antivirus is now the exploit. Defender's own remediation engine writes SYSTEM-level files to attacker-chosen paths via a symlink race. Check MPE version 1.1.26040.8 manually. Auto-update is a faith-based control.
decryptiondigest.com/blog/cve-

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • Edimax
  • BR-6428NS

23 May 2026
Published
23 May 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.02%

KEV

Description

A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 12 hours ago

Fediverse

Profile picture fallback

🚨 New HIGH-severity vuln: CVE-2026-9294 in Edimax BR-6428NS (v1.10) enables remote buffer overflow via pppUserName in formWanTcpipSetup. Public exploit, no patch yet — restrict access & monitor traffic. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Edimax
  • EW-7438RPn

24 May 2026
Published
24 May 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

A security flaw has been discovered in Edimax EW-7438RPn 1.28a. Affected by this issue is the function formwlencrypt24g of the file /goform/formwlencrypt24g of the component POST Request Handler. The manipulation of the argument key1 results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture fallback

CVE-2026-9360: HIGH severity buffer overflow in Edimax EW-7438RPn v1.28a. Remotely exploitable, public exploit released, no patch yet. Disable remote access or isolate! Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Pending

06 May 2026
Published
07 May 2026
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling authentication bypass and network compromise. Some firmware versions may expose only partial identifiers (e.g., serial number, ESSID, MAC addresses).

Statistics

  • 1 Post

Last activity: 17 hours ago

Fediverse

Profile picture fallback

CVE-2026-34474: Pre-auth #credential disclosure in #ZTE #H298A / #H108N via #ETHCheat...The short version: an ETHCheat branch returns credential-bearing #HTML before #authentication. The captured fields include the #admin #password, WLAN PSK, and ESSID, and a companion wizard #endpoint #exposes serial data.

#cybersecurity #cybersec #security #exploited

  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Docker
  • Docker Desktop

20 Aug 2025
Published
26 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
1.19%

KEV

Description

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.

Statistics

  • 2 Posts

Last activity: 14 hours ago

Fediverse

Profile picture fallback

MonitorsFour from HackTheBox features PHP type juggling to dump users, CVE-2025-24367 for RCE in Cacti, and CVE-2025-9074 to abuse the Docker Desktop API and mount the Windows host drive for root. Beyond Root: a shell on Windows."

0xdf.gitlab.io/2026/05/23/htb-

  • 0
  • 0
  • 1
  • 14h ago

Overview

  • Cacti
  • cacti

27 Jan 2025
Published
03 Nov 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
87.93%

KEV

Description

Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.

Statistics

  • 2 Posts

Last activity: 14 hours ago

Fediverse

Profile picture fallback

MonitorsFour from HackTheBox features PHP type juggling to dump users, CVE-2025-24367 for RCE in Cacti, and CVE-2025-9074 to abuse the Docker Desktop API and mount the Windows host drive for root. Beyond Root: a shell on Windows."

0xdf.gitlab.io/2026/05/23/htb-

  • 0
  • 0
  • 1
  • 14h ago

Overview

  • Python Software Foundation
  • CPython

14 Apr 2026
Published
15 Apr 2026
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.02%

KEV

Description

The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.

Statistics

  • 2 Posts

Last activity: 21 hours ago

Fediverse

Profile picture fallback

Latest Python 3.14.5 release (including fixes for CVE-2026-1502, CVE-2026-4786, and CVE-2026-5713) is now available to #SavOS PPA users of #Ubuntu #Linux at ppa:savoury1/python-3.14 (launchpad.net/~savoury1/+archi) for all PPA supported LTS releases.

  • 0
  • 0
  • 1
  • 21h ago

Overview

  • Python Software Foundation
  • CPython
  • http.client

10 Apr 2026
Published
12 May 2026
Updated

CVSS v4.0
MEDIUM (5.7)
EPSS
0.02%

KEV

Description

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.

Statistics

  • 2 Posts

Last activity: 21 hours ago

Fediverse

Profile picture fallback

Latest Python 3.14.5 release (including fixes for CVE-2026-1502, CVE-2026-4786, and CVE-2026-5713) is now available to #SavOS PPA users of #Ubuntu #Linux at ppa:savoury1/python-3.14 (launchpad.net/~savoury1/+archi) for all PPA supported LTS releases.

  • 0
  • 0
  • 1
  • 21h ago

Overview

  • Python Software Foundation
  • CPython

13 Apr 2026
Published
29 Apr 2026
Updated

CVSS v4.0
HIGH (7.0)
EPSS
0.02%

KEV

Description

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.

Statistics

  • 2 Posts

Last activity: 21 hours ago

Fediverse

Profile picture fallback

Latest Python 3.14.5 release (including fixes for CVE-2026-1502, CVE-2026-4786, and CVE-2026-5713) is now available to #SavOS PPA users of #Ubuntu #Linux at ppa:savoury1/python-3.14 (launchpad.net/~savoury1/+archi) for all PPA supported LTS releases.

  • 0
  • 0
  • 1
  • 21h ago
Showing 21 to 29 of 29 CVEs