Cyber Security
Live feeds from CISA Known Exploited Vulnerabilities, NVD CVE database, and Hacker News security stream.
CISA KEV — Known Exploited Vulnerabilities
- ExploitedCISA KEV • 1d ago
CVE-2026-9082 — Drupal Core: Drupal Core SQL Injection Vulnerability
Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.
- ExploitedCISA KEV • 2d ago
CVE-2026-34926 — Trend Micro Apex One: Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.
- ExploitedCISA KEV • 2d ago
CVE-2025-34291 — Langflow Langflow: Langflow Origin Validation Error Vulnerability
Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. This could allow the attacker to execute arbitrary code and achieve full system compromise via obtained tokens that permit access to authenticated endpoints.
- ExploitedCISA KEV • 3d ago
CVE-2026-45498 — Microsoft Defender: Microsoft Defender Denial of Service Vulnerability
Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
- ExploitedCISA KEV • 3d ago
CVE-2026-41091 — Microsoft Defender: Microsoft Defender Link Following Vulnerability
Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.
- ExploitedCISA KEV • 3d ago
CVE-2010-0806 — Microsoft Internet Explorer: Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
- ExploitedCISA KEV • 3d ago
CVE-2010-0249 — Microsoft Internet Explorer: Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
- ExploitedCISA KEV • 3d ago
CVE-2009-3459 — Adobe Acrobat and Reader: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption.
- ExploitedCISA KEV • 3d ago
CVE-2009-1537 — Microsoft DirectX: Microsoft DirectX NULL Byte Overwrite Vulnerability
Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file.
- ExploitedCISA KEV • 3d ago
CVE-2008-4250 — Microsoft Windows: Microsoft Windows Buffer Overflow Vulnerability
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.
- ExploitedCISA KEV • 8d ago
CVE-2026-42897 — Microsoft Microsoft: Microsoft Exchange Server Cross-Site Scripting Vulnerability
Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.
- ExploitedCISA KEV • 9d ago
CVE-2026-20182 — Cisco Catalyst SD-WAN: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
- ExploitedCISA KEV • 15d ago
CVE-2026-42208 — BerriAI LiteLLM: BerriAI LiteLLM SQL Injection Vulnerability
BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized access to the proxy and the credentials it manages.
- ExploitedCISA KEV • 16d ago
CVE-2026-6973 — Ivanti Endpoint Manager Mobile (EPMM): Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.
- ExploitedCISA KEV • 17d ago
CVE-2026-0300 — Palo Alto Networks PAN-OS: Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
- ExploitedCISA KEV • 22d ago
CVE-2026-31431 — Linux Kernel: Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.
- RansomwareCISA KEV • 23d ago
CVE-2026-41940 — WebPros cPanel & WHM and WP2 (WordPress Squared): WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
- ExploitedCISA KEV • 25d ago
CVE-2026-32202 — Microsoft Windows: Microsoft Windows Protection Mechanism Failure Vulnerability
Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network.
- RansomwareCISA KEV • 25d ago
CVE-2024-1708 — ConnectWise ScreenConnect: ConnectWise ScreenConnect Path Traversal Vulnerability
ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.
- RansomwareCISA KEV • 29d ago
CVE-2024-57726 — SimpleHelp SimpleHelp: SimpleHelp Missing Authorization Vulnerability
SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
- RansomwareCISA KEV • 29d ago
CVE-2024-57728 — SimpleHelp SimpleHelp: SimpleHelp Path Traversal Vulnerability
SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
- ExploitedCISA KEV • 29d ago
CVE-2024-7399 — Samsung MagicINFO 9 Server: Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.
- ExploitedCISA KEV • 29d ago
CVE-2025-29635 — D-Link DIR-823X: D-Link DIR-823X Command Injection Vulnerability
D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
- ExploitedCISA KEV • 30d ago
CVE-2026-39987 — Marimo Marimo: Marimo Remote Code Execution Vulnerability
Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands.
Hacker News — Security Stream
No stories.
GitHub Security Advisories — Latest
- CVE-2026-47124GitHub Advisory • 15h ago
Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members
### Summary Any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users. The normal server list API filters objects by `Has
- CVE-2026-46716GitHub Advisory • 15h ago
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
## Summary `nezha`'s dashboard supports two user roles: `RoleAdmin` (Role==0) and `RoleMember` (Role==1). The cron routes `POST /api/v1/cron` and `PATCH /api/v1/cron/:id` are wired through `commonHandler` (any authentic
- CVE-2026-47125GitHub Advisory • 15h ago
Arcane: Missing admin authorization on global variables endpoint
## Summary The `PUT /api/environments/{id}/templates/variables` endpoint, which writes the system-wide `.env.global` file used for variable substitution in every project's compose file, is missing an admin authorization
- mediumGitHub Advisory • 15h ago
instagrapi: Unsafe signup challenge path handling in instagrapi
instagrapi versions before 2.6.9 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge p
- CVE-2026-47157GitHub Advisory • 15h ago
aiograpi: Unsafe signup challenge path handling
aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge pa
- CVE-2026-47138GitHub Advisory • 15h ago
Parse Server: Pre-authentication denial of service via client version header regex backtracking
### Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in
- CVE-2026-47120GitHub Advisory • 15h ago
Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)
## Summary `createAlertRule` and `createService` (and their `update*` siblings) accept `FailTriggerTasks []uint64` and `RecoverTriggerTasks []uint64` — IDs of cron tasks to fire when the alert/service trips. The validat
- CVE-2026-46717GitHub Advisory • 15h ago
Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification
## Summary nezha's dashboard supports two user roles: `RoleAdmin` (Role==0) and `RoleMember` (Role==1). The notification routes `POST /api/v1/notification` and `PATCH /api/v1/notification/:id` are wired through `commonH
- CVE-2026-46715GitHub Advisory • 22h ago
Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance
### Summary Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user. If an attacker can operate an already-authentica
- highGitHub Advisory • 22h ago
aiosend: Deserialization of request body before signature verification (Pre-auth DoS) in webhook handler
# Vulnerability Description In `aiosend/webhook/base.py`, the `WebhookHandler.feed_update()` method performs full deserialization of the incoming JSON via Pydantic **before** verifying the HMAC signature. Anyone can sen
- CVE-2026-8723GitHub Advisory • 22h ago
qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set
### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not handled by any of qs's nu
- criticalGitHub Advisory • 22h ago
FileBrowser Quantum: Path traversal in public share PATCH allows file ops outside shared directory
## Summary `publicPatchHandler` in `backend/http/public.go` joins user-controlled `fromPath` and `toPath` body fields with the trusted `d.share.Path` BEFORE the downstream sanitizer runs. Because `filepath.Join` collaps
- CVE-2026-46670GitHub Advisory • 1d ago
YesWiki: Unauthenticated SQL Injection
### Summary An unauthenticated SQL injection in the Bazar form-import path (`FormManager::create()`) allows any unauthenticated visitor of a default YesWiki install to inject arbitrary SQL into an `INSERT` statement and
- CVE-2026-47166GitHub Advisory • 1d ago
ImageMagick: Heap Buffer Over-Read in distributed pixel cache server
An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process.
- CVE-2026-47165GitHub Advisory • 1d ago
ImageMagick: Information Disclosure in distributed pixel cache server because it is not using a challenge–response authentication model
The distributed pixel cache was originally designed to operate without a challenge–response authentication model. However, given today’s heightened security expectations, we have changed our implementation.