24h | 7d | 30d

CVE-2025-30412

Overview

  • Acronis
  • Acronis Cyber Protect 16
20 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.0
CRITICAL (10.0)
EPSS
0.02%
KEV

Description

Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.

Statistics

  • 1 Post
Last activity: 9 hours ago

Bluesky

Profile picture fallback
CyberHub @cyberhub.blog
📌 CVE-2025-30412 - Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windo... https://www.cyberhub.blog/cves/CVE-2025-30412
  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-26278

Overview

  • NaturalIntelligence
  • fast-xml-parser
19 Feb 2026
Published
19 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.05%
KEV

Description

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it’s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application. Version 5.3.6 fixes the issue. As a workaround, avoid using DOCTYPE parsing by `processEntities: false` option.

Statistics

  • 1 Post
Last activity: 13 hours ago

Bluesky

Profile picture fallback
Lambda Watchdog @lambdawatchdog.bsky.social
🚨 New HIGH CVE detected in AWS Lambda 🚨 CVE-2026-26278 impacts fast-xml-parser in 4 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/426 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-24423

Overview

  • SmarterTools
  • SmarterMail
23 Jan 2026
Published
06 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
22.65%
KEV

Description

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Steele Fortress @steelefortress

Rapid weaponization of SmarterMail flaws exposed through underground Telegram channels. Just days after CVE-2026-24423 and CVE-2026-23760 were disclosed, exploit PoCs and stolen admin credentials were shared among these communities, highlighting the urgent need for...

Read more: steelefortress.com/dlk923

  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-23760

Overview

  • SmarterTools
  • SmarterMail
22 Jan 2026
Published
27 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
55.75%
KEV

Description

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
Steele Fortress @steelefortress

Rapid weaponization of SmarterMail flaws exposed through underground Telegram channels. Just days after CVE-2026-24423 and CVE-2026-23760 were disclosed, exploit PoCs and stolen admin credentials were shared among these communities, highlighting the urgent need for...

Read more: steelefortress.com/dlk923

  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-1340

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
32.27%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
#cryptohagen @cryptohagen

2 nylige #0day (CVE-2026-1281 og CVE-2026-1340) i Ivanti EPMM-platformen er blevet udnyttet i siden mindst sommeren 2025

Tysklands 🇩🇪 cyber-sikkerheds-agentur har fundet beviser for kompromittering under efterforskningen af angrebene

De 2 zero-days er blevet knyttet til angreb på det hollandske 🇳🇱 data-beskyttelses-agentur og Europa-Kommissionen 🇪🇺

Palo Alto Networks har nogle detaljer om angrebene, som nu omfatter både spionage og cyber-kriminalitet
unit42.paloaltonetworks.com/iv

  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-27100

Overview

  • Jenkins Project
  • Jenkins
18 Feb 2026
Published
18 Feb 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV

Description

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds, and if a specified build exists, its display name.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
ekiledjian @edwardk

A critical stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2026-27099, has been discovered in Jenkins Core affecting versions 2.550 and earlier, and LTS versions 2.541.1 and earlier, potentially exposing build environments to severe security risks. Additionally, CVE-2026-27100, a medium-severity vulnerability, allowed unauthorized access to build information. Jenkins versions 2.551 and LTS 2.541.2 have been released to address these issues.
cybersecuritynews.com/jenkins-

  • 0
  • 0
  • 0
  • 12h ago

CVE-2026-27099

Overview

  • Jenkins Project
  • Jenkins
18 Feb 2026
Published
18 Feb 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.541.1 (both inclusive) does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure or Agent/Disconnect permission.

Statistics

  • 1 Post
Last activity: 12 hours ago

Fediverse

Profile picture fallback
ekiledjian @edwardk

A critical stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2026-27099, has been discovered in Jenkins Core affecting versions 2.550 and earlier, and LTS versions 2.541.1 and earlier, potentially exposing build environments to severe security risks. Additionally, CVE-2026-27100, a medium-severity vulnerability, allowed unauthorized access to build information. Jenkins versions 2.551 and LTS 2.541.2 have been released to address these issues.
cybersecuritynews.com/jenkins-

  • 0
  • 0
  • 0
  • 12h ago

CVE-2025-66039

Overview

  • FreePBX
  • framework
09 Dec 2025
Published
13 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
29.02%
KEV

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture fallback
Ben Rothke @benrothke

is a popular open-source IP PBX management tool. @FreePBX manages communications & requires high availability & relatively open access, making it a very attractive target for threat actors. It now has serious CVE vulns. HT @PicusSecurity cybersec.picussecurity.com/s/c

  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-61675

Overview

  • FreePBX
  • endpoint
14 Oct 2025
Published
13 Feb 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
16.95%
KEV

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the basestation, model, firmware, and custom extension configuration functionality areas. Authentication with a known username is required to exploit these vulnerabilities. Successful exploitation allows authenticated users to execute arbitrary SQL queries against the database, potentially enabling access to sensitive data or modification of database contents. This issue has been patched in version 16.0.92 for FreePBX 16 and version 17.0.6 for FreePBX 17.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture fallback
Ben Rothke @benrothke

is a popular open-source IP PBX management tool. @FreePBX manages communications & requires high availability & relatively open access, making it a very attractive target for threat actors. It now has serious CVE vulns. HT @PicusSecurity cybersec.picussecurity.com/s/c

  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-1281

Overview

  • Ivanti
  • Endpoint Manager Mobile
29 Jan 2026
Published
30 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
43.87%
KEV

Description

A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
#cryptohagen @cryptohagen

2 nylige #0day (CVE-2026-1281 og CVE-2026-1340) i Ivanti EPMM-platformen er blevet udnyttet i siden mindst sommeren 2025

Tysklands 🇩🇪 cyber-sikkerheds-agentur har fundet beviser for kompromittering under efterforskningen af angrebene

De 2 zero-days er blevet knyttet til angreb på det hollandske 🇳🇱 data-beskyttelses-agentur og Europa-Kommissionen 🇪🇺

Palo Alto Networks har nogle detaljer om angrebene, som nu omfatter både spionage og cyber-kriminalitet
unit42.paloaltonetworks.com/iv

  • 0
  • 0
  • 0
  • 20h ago
Showing 71 to 80 of 83 CVEs