24h | 7d | 30d

CVE-2014-0160

Overview

  • Pending
07 Apr 2014
Published
22 Oct 2025
Updated
CVSS
Pending
EPSS
100.00%
KEV

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture fallback
Hugo | DevOps | Cybersecurity @hugovalters

CVE-2014-0160 Heartbleed exploit using OpenSSL s_client with -tlsextdebug flag to extract up to 64KB of server heap memory per heartbeat request. Tested on Ubuntu 22.04, Debian 12, Kali Linux. #cve #heartbleed #ValtersIT

valtersit.com/vault/cve2014016

  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-13486

Overview

  • SourceCodester
  • Class and Exam Timetabling System
28 Jun 2026
Published
28 Jun 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.41%
KEV

Description

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This impacts an unknown function of the file /preview6.php. Executing a manipulation of the argument course_year_section can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

CVE-2026-13486 | SQL injection in SourceCodester Class and Exam Timetabling System (v1.0/6.php). MEDIUM severity. Exploit public for /preview6.php — remote attackers can target course_year_section param. Monitor & mitigate. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-13496

Overview

  • itsourcecode
  • Hospital Management System
28 Jun 2026
Published
28 Jun 2026
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
Pending
KEV

Description

A vulnerability was found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /ajaxmedicine.php. The manipulation of the argument medicineid results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

CVE-2026-13496 (MEDIUM): SQL injection in itsourcecode Hospital Management System 1.0 via /ajaxmedicine.php (medicineid param). No patch yet. Restrict endpoint & use WAF. More: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-12957

Overview

  • Amazon Web Services
  • Language Servers for AWS
23 Jun 2026
Published
23 Jun 2026
Updated
CVSS v4.0
HIGH (8.5)
EPSS
0.12%
KEV

Description

Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This issue requires the user to trust the workspace when prompted. To remediate this issue, users should upgrade to Language Servers for AWS version 1.65.0 or higher.

Statistics

  • 1 Post
Last activity: 16 hours ago

Bluesky

Profile picture fallback
Royans Tharakan @royans.bsky.social
Amazon Q Developer: CVE-2026-12957 and MCP-Based Credential Exfiltration ##AWS ##CloudSecurity ##VulnerabilityAnalysis ##AI_Security ##AmazonQ https://flagthis.com/newsletter/2026/06/28/tldr/4020
  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-12569

Overview

  • PTC
  • Windchill PDMLink
18 Jun 2026
Published
26 Jun 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
1.11%
KEV

Description

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.  * This advisory also applies to all CPS versions * The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture fallback
CyberNetsecIO @netsecio

📰 CISA Adds Actively Exploited PTC and Cisco Flaws to KEV Catalog, Mandates Federal Patching

📢 CISA adds two actively exploited vulnerabilities to its KEV catalog: CVE-2026-12569 in PTC products and CVE-2026-20230 in Cisco UCM. Federal agencies are mandated to patch. All orgs should prioritize these now! ⚠️ #CyberSecurity #Vulnerability #CI...

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/ci

  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-12245

Overview

  • NLnet Labs
  • NSD
25 Jun 2026
Published
25 Jun 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.27%
KEV

Description

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Can Artuc @canartuc

NLnet Labs released NSD 4.14.3 on June 25, fixing four CVEs: CVE-2026-12244, CVE-2026-12245, CVE-2026-12246, and CVE-2026-12490. The most serious is a heap overflow triggered by a crafted SVCB record inside an AXFR transfer, rated a stated CVSS of 8.7. For NSD operators running secondaries, the AXFR path is the one to scrutinize here. How tightly do you restrict who can hand your NSD an AXFR?

#DNS #security

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-12244

Overview

  • NLnet Labs
  • NSD
25 Jun 2026
Published
25 Jun 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.30%
KEV

Description

If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size > 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 65509 bytes

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Can Artuc @canartuc

NLnet Labs released NSD 4.14.3 on June 25, fixing four CVEs: CVE-2026-12244, CVE-2026-12245, CVE-2026-12246, and CVE-2026-12490. The most serious is a heap overflow triggered by a crafted SVCB record inside an AXFR transfer, rated a stated CVSS of 8.7. For NSD operators running secondaries, the AXFR path is the one to scrutinize here. How tightly do you restrict who can hand your NSD an AXFR?

#DNS #security

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-12490

Overview

  • NLnet Labs
  • NSD
25 Jun 2026
Published
25 Jun 2026
Updated
CVSS v4.0
HIGH (8.2)
EPSS
0.14%
KEV

Description

When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the tls-auth-port) or over over TCP over the regular port, when the other conditions of the provide-xfr rule match.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Can Artuc @canartuc

NLnet Labs released NSD 4.14.3 on June 25, fixing four CVEs: CVE-2026-12244, CVE-2026-12245, CVE-2026-12246, and CVE-2026-12490. The most serious is a heap overflow triggered by a crafted SVCB record inside an AXFR transfer, rated a stated CVSS of 8.7. For NSD operators running secondaries, the AXFR path is the one to scrutinize here. How tightly do you restrict who can hand your NSD an AXFR?

#DNS #security

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-12246

Overview

  • NLnet Labs
  • NSD
25 Jun 2026
Published
25 Jun 2026
Updated
CVSS v4.0
HIGH (7.2)
EPSS
0.26%
KEV

Description

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Can Artuc @canartuc

NLnet Labs released NSD 4.14.3 on June 25, fixing four CVEs: CVE-2026-12244, CVE-2026-12245, CVE-2026-12246, and CVE-2026-12490. The most serious is a heap overflow triggered by a crafted SVCB record inside an AXFR transfer, rated a stated CVSS of 8.7. For NSD operators running secondaries, the AXFR path is the one to scrutinize here. How tightly do you restrict who can hand your NSD an AXFR?

#DNS #security

  • 0
  • 0
  • 0
  • 4h ago
Showing 21 to 29 of 29 CVEs