24h | 7d | 30d

Overview

  • NVIDIA
  • Cumulus Linux GA

24 Feb 2026
Published
24 Feb 2026
Updated

CVSS v3.1
HIGH (7.3)
EPSS
0.02%

KEV

Description

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture fallback
📌 CVE-2025-33181 - NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful... https://www.cyberhub.blog/cves/CVE-2025-33181
  • 0
  • 0
  • 0
  • 19h ago

Overview

  • axios
  • axios

09 Feb 2026
Published
18 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.03%

KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.

Statistics

  • 1 Post

Last activity: 16 hours ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2026-25639 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/407 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • PHPOffice
  • PhpSpreadsheet

20 Jan 2025
Published
21 Jan 2025
Updated

CVSS v4.0
MEDIUM (5.1)
EPSS
0.43%

KEV

Description

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response.

Statistics

  • 2 Posts

Last activity: 13 hours ago

Fediverse

Profile picture fallback

Guardian from HackTheBox features chat IDOR, XSS via PhpSpreadsheet CVE-2025-22131, CSRF to create an admin account, PHP filter chain LFI-to-RCE, password cracking, Python script injection, and bypassing a custom Apache config validator many ways.

0xdf.gitlab.io/2026/02/28/htb-

  • 0
  • 0
  • 1
  • 13h ago

Overview

  • Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
  • SODOLA SL902-SWTGW124AS

27 Feb 2026
Published
27 Feb 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%

KEV

Description

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the hardcoded default credentials without password change enforcement to gain full administrative control of the device.

Statistics

  • 1 Post

Last activity: 19 hours ago

Fediverse

Profile picture fallback

🔐 CVE-2026-27751 (CRITICAL): SODOLA SL902-SWTGW124AS gateways (≤200.1.20) use default creds, enabling remote admin takeover. Change all passwords or restrict access ASAP! No patch yet. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 19h ago

Overview

  • GitLab
  • GitLab

25 Feb 2026
Published
26 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.03%

KEV

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certain conditions.

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
📌 CVE-2025-14511 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could h... https://www.cyberhub.blog/cves/CVE-2025-14511
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • anthropics
  • claude-code

03 Oct 2025
Published
03 Oct 2025
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.10%

KEV

Description

Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 8 hours ago

Bluesky

Profile picture fallback
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852
  • 0
  • 1
  • 0
  • 8h ago

Overview

  • anthropics
  • claude-code

21 Jan 2026
Published
21 Jan 2026
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.05%

KEV

Description

Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets ANTHROPIC_BASE_URL to an attacker-controlled endpoint and when the repository was opened, Claude Code would read the configuration and immediately issue API requests before showing the trust prompt, potentially leaking the user's API keys. Users on standard Claude Code auto-update have received this fix already. Users performing manual updates are advised to update to version 2.0.65, which contains a patch, or to the latest version.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 8 hours ago

Bluesky

Profile picture fallback
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852
  • 0
  • 1
  • 0
  • 8h ago

Overview

  • Python Software Foundation
  • CPython

23 Jan 2026
Published
13 Feb 2026
Updated

CVSS v4.0
MEDIUM (6.0)
EPSS
0.05%

KEV

Description

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in "BytesGenerator".

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
Critical patch for #Fedora 42's python3.9 is live. Fixes CVE-2026-1299 (email header injection) and CVE-2025-15366 (IMAP command injection). Read more: 👉 tinyurl.com/2yxa8r39 #Security
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Python Software Foundation
  • CPython

20 Jan 2026
Published
26 Feb 2026
Updated

CVSS v4.0
MEDIUM (5.9)
EPSS
0.09%

KEV

Description

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture fallback
Critical patch for #Fedora 42's python3.9 is live. Fixes CVE-2026-1299 (email header injection) and CVE-2025-15366 (IMAP command injection). Read more: 👉 tinyurl.com/2yxa8r39 #Security
  • 0
  • 0
  • 0
  • 11h ago
Showing 31 to 39 of 39 CVEs