24h | 7d | 30d

Overview

  • The GNU C Library
  • glibc

30 Mar 2026
Published
20 Apr 2026
Updated

CVSS
Pending
EPSS
0.05%

KEV

Description

The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2026-4046 impacts glibc in 26 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/486 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • pnggroup
  • libpng

09 Apr 2026
Published
09 Apr 2026
Updated

CVSS v3.1
MEDIUM (5.1)
EPSS
0.02%

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2026-34757 impacts libpng in 6 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/487 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Zyosoft
  • School App

02 May 2026
Published
02 May 2026
Updated

CVSS v4.0
HIGH (8.6)
EPSS
0.04%

KEV

Description

School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data.

Statistics

  • 1 Post

Last activity: 3 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-7491 (HIGH, CVSS 8.6): Zyosoft School App v0 is vulnerable to auth bypass via user-controlled keys (CWE-639). Authenticated users can access & modify others' data. No patch yet — restrict access & stay alert for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 3h ago

Overview

  • ruby
  • json

20 Mar 2026
Published
23 Mar 2026
Updated

CVSS v4.0
HIGH (8.3)
EPSS
0.04%

KEV

Description

Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used to parse user supplied documents. This issue has been patched in versions 2.15.2.1, 2.17.1.2, and 2.19.2.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
🔍 Lambda Watchdog detected that CVE-2026-33210 is no longer present in latest AWS Lambda base image scans. https://github.com/aws/aws-lambda-base-images/issues/485 #AWS #Lambda #Security #CVE #DevOps #SecOps
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • OpenBSD
  • OpenSSH

02 Apr 2026
Published
02 Apr 2026
Updated

CVSS v3.1
MEDIUM (4.2)
EPSS
0.02%

KEV

Description

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture fallback
Critical OpenSSH Authentication Bypass Vulnerability Grants Root Shell Access – Patch Immediately (CVE-2026-35414) + Video Introduction: A critical authentication bypass vulnerability in OpenSSH (CVE-2026-35414) has remained undetected for 15 years, affecting nearly all OpenSSH versions released…
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • IBM
  • WebSphere Application Server - Liberty

25 Mar 2026
Published
27 Mar 2026
Updated

CVSS v3.1
MEDIUM (6.7)
EPSS
0.01%

KEV

Description

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
PH70078:IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14917 CVSS 6.7) https://tinyurl.com/22aozekr
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Microsoft
  • ASP.NET Core 10.0

21 Apr 2026
Published
30 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.02%

KEV

Description

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
The latest update for #Sentrium includes "cPanel and WHM Authentication Bypass Vulnerability (CVE-2026-41940)" and "ASP.NET Core Privilege Escalation Vulnerability (CVE-2026-40372)". #Cybersecurity #PenTesting #infosec https://opsmtrs.com/3aPKkxS
  • 0
  • 0
  • 0
  • 9h ago
Showing 21 to 27 of 27 CVEs