24h | 7d | 30d

Overview

  • Ivanti
  • Endpoint Manager Mobile

29 Jan 2026
Published
30 Jan 2026
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.14%

KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 1 Post

Last activity: 11 hours ago

Fediverse

Profile picture fallback

Aktuelle Neuigkeiten: Aktive Ausnutzung von Sicherheitslücken in Ivanti Endpoint Manager Mobile (CVE-2026-1281, CVE-2026-1340)
cert.at/de/aktuelles/2026/2/ak

  • 0
  • 0
  • 0
  • 11h ago

Overview

  • Foxit Software Inc.
  • pdfonline.foxit.com

03 Feb 2026
Published
03 Feb 2026
Updated

CVSS v3.1
MEDIUM (6.3)
EPSS
0.04%

KEV

Description

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before 2026‑02‑03.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture fallback

Critical cross-site scripting (XSS) vulnerabilities, CVE-2026-1591 and CVE-2026-1592, in Foxit PDF Editor Cloud allow attackers to execute arbitrary JavaScript code by exploiting insecure handling of file attachments and layer names. Foxit has released security patches, with automatic updates for the Cloud version and desktop users advised to update manually.
cybersecuritynews.com/foxit-pd

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Foxit Software Inc.
  • pdfonline.foxit.com

03 Feb 2026
Published
03 Feb 2026
Updated

CVSS v3.1
MEDIUM (6.3)
EPSS
0.04%

KEV

Description

Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects pdfonline.foxit.com: before 2026‑02‑03.

Statistics

  • 1 Post

Last activity: 5 hours ago

Fediverse

Profile picture fallback

Critical cross-site scripting (XSS) vulnerabilities, CVE-2026-1591 and CVE-2026-1592, in Foxit PDF Editor Cloud allow attackers to execute arbitrary JavaScript code by exploiting insecure handling of file attachments and layer names. Foxit has released security patches, with automatic updates for the Cloud version and desktop users advised to update manually.
cybersecuritynews.com/foxit-pd

  • 0
  • 0
  • 0
  • 5h ago

Overview

  • OpenSSL
  • OpenSSL

27 Jan 2026
Published
29 Jan 2026
Updated

CVSS
Pending
EPSS
0.66%

KEV

Description

Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
AISLE's autonomous analysis discovered 12 previously undisclosed OpenSSL vulnerabilities and flagged six more, including CVE-2025-15467 and CVE-2025-15469, and OpenSSL maintainers praised high quality of the reports and constructive collaboration.
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • OpenSSL
  • OpenSSL

27 Jan 2026
Published
29 Jan 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
Critical #SUSE security update patches 7 #OpenSSL 1.1 vulnerabilities (CVE-2025-68160, CVE-2026-22795+). Affects SLES 15 SP4, openSUSE Leap 15.4, Micro distributions. Memory corruption, parsing flaws, encryption issues. Patch now! Read more: 👉 tinyurl.com/2a33bca3 #Security
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • OpenSSL
  • OpenSSL

27 Jan 2026
Published
29 Jan 2026
Updated

CVSS
Pending
EPSS
0.00%

KEV

Description

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the entire file is authenticated while trailing data beyond 16MB remains unauthenticated. When the 'openssl dgst' command is used with algorithms that only support one-shot signing (Ed25519, Ed448, ML-DSA-44, ML-DSA-65, ML-DSA-87), the input is buffered with a 16MB limit. If the input exceeds this limit, the tool silently truncates to the first 16MB and continues without signaling an error, contrary to what the documentation states. This creates an integrity gap where trailing bytes can be modified without detection if both signing and verification are performed using the same affected codepath. The issue affects only the command-line tool behavior. Verifiers that process the full message using library APIs will reject the signature, so the risk primarily affects workflows that both sign and verify with the affected 'openssl dgst' command. Streaming digest algorithms for 'openssl dgst' and library users are unaffected. The FIPS modules in 3.5 and 3.6 are not affected by this issue, as the command-line tools are outside the OpenSSL FIPS module boundary. OpenSSL 3.5 and 3.6 are vulnerable to this issue. OpenSSL 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue.

Statistics

  • 1 Post

Last activity: 22 hours ago

Bluesky

Profile picture fallback
AISLE's autonomous analysis discovered 12 previously undisclosed OpenSSL vulnerabilities and flagged six more, including CVE-2025-15467 and CVE-2025-15469, and OpenSSL maintainers praised high quality of the reports and constructive collaboration.
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Pending

21 Nov 2019
Published
03 Feb 2026
Updated

CVSS
Pending
EPSS
2.14%

Description

Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.

Statistics

  • 1 Post
  • 3 Interactions

Last activity: 3 hours ago

Fediverse

Profile picture fallback

‼️ CISA has added 4 vulnerabilities to the KEV Catalog

darkwebinformer.com/cisa-kev-c

CVE-2025-40551: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability

CVE-2019-19006: Sangoma FreePBX Improper Authentication Vulnerability

CVE-2025-64328: Sangoma FreePBX OS Command Injection Vulnerability

CVE-2021-39935: GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability

  • 1
  • 2
  • 0
  • 3h ago
Showing 31 to 37 of 37 CVEs