24h | 7d | 30d

Overview

  • Linux
  • Linux

30 May 2026
Published
04 Jul 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.12%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file UAF ep_remove() (via ep_remove_file()) cleared file->f_ep under file->f_lock but then kept using @file inside the critical section (is_file_epoll(), hlist_del_rcu() through the head, spin_unlock). A concurrent __fput() taking the eventpoll_release() fastpath in that window observed the transient NULL, skipped eventpoll_release_file() and ran to f_op->release / file_free(). For the epoll-watches-epoll case, f_op->release is ep_eventpoll_release() -> ep_clear_and_put() -> ep_free(), which kfree()s the watched struct eventpoll. Its embedded ->refs hlist_head is exactly where epi->fllink.pprev points, so the subsequent hlist_del_rcu()'s "*pprev = next" scribbles into freed kmalloc-192 memory. In addition, struct file is SLAB_TYPESAFE_BY_RCU, so the slot backing @file could be recycled by alloc_empty_file() -- reinitializing f_lock and f_ep -- while ep_remove() is still nominally inside that lock. The upshot is an attacker-controllable kmem_cache_free() against the wrong slab cache. Pin @file via epi_fget() at the top of ep_remove() and gate the critical section on the pin succeeding. With the pin held @file cannot reach refcount zero, which holds __fput() off and transitively keeps the watched struct eventpoll alive across the hlist_del_rcu() and the f_lock use, closing both UAFs. If the pin fails @file has already reached refcount zero and its __fput() is in flight. Because we bailed before clearing f_ep, that path takes the eventpoll_release() slow path into eventpoll_release_file() and blocks on ep->mtx until the waiter side's ep_clear_and_put() drops it. The bailed epi's share of ep->refcount stays intact, so the trailing ep_refcount_dec_and_test() in ep_clear_and_put() cannot free the eventpoll out from under eventpoll_release_file(); the orphaned epi is then cleaned up there. A successful pin also proves we are not racing eventpoll_release_file() on this epi, so drop the now-redundant re-check of epi->dying under f_lock. The cheap lockless READ_ONCE(epi->dying) fast-path bailout stays.

Statistics

  • 6 Posts
  • 1 Interaction

Last activity: 5 hours ago

Fediverse

Profile picture fallback

El malware Avalon combina técnicas avanzadas para desplegar ransomware CrownX y desactivar defensas en sistemas empresariales, mientras que la vulnerabilidad Bad Epoll en Linux y Android eleva riesgos de acceso root masivo. Además, la falta de visibilidad integral expone más a las organizaciones y FedRAMP impulsa imágenes de contenedores pre-hardened para robustecer la seguridad en la nube. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 04/07/26 📆 |====

🔐 NEW AVALON MALWARE FRAMEWORK CON CAPACIDADES DE CROWN X RANSOMWARE

Blackpoint revela que el malware Avalon emplea técnicas avanzadas como Drive Proton, imágenes ISO, archivos LNK y MSBuild para desactivar Event Tracing for Windows (ETW), robar credenciales y desplegar la familia de ransomware CrownX. Esta sofisticada combinación aumenta el riesgo de ataques dirigidos que pueden comprometer la integridad de sistemas empresariales. Mantente informado para reforzar tus defensas ante estas amenazas emergentes. Descubre más detalles sobre esta amenaza y cómo protegerte 👉 djar.co/p9sC3r

🐧 VULNERABILIDAD “BAD EPOLL” EN KERNEL DE LINUX PERMITE ACCESO ROOT EN ANDROID

La vulnerabilidad Bad Epoll (CVE-2026-46242) es una condición de carrera que permite a usuarios sin privilegios escalar a acceso root en sistemas Linux y dispositivos Android. Dada la criticidad del fallo, que afecta a millones de dispositivos, es fundamental aplicar el parche disponible cuanto antes para evitar explotaciones que comprometan la seguridad y privacidad de tus datos. Aprende cómo identificar y gestionar esta amenaza ahora 👉 djar.co/376Aj

👁️ LA FALTA DE VISIBILIDAD INTEGRAL AUMENTA EL RIESGO DE CIBERATAQUES EN LAS ORGANIZACIONES

Víctor Ruiz, fundador de SILIKN, destaca que sin una visión completa y consolidada de todos los activos y actividades en la red, las empresas incrementan significativamente su exposición a ciberamenazas. La ausencia de monitoreo integral dificulta la detección temprana de incidentes y la respuesta eficaz, aumentando el impacto potencial. Conoce las estrategias para mejorar tu postura de seguridad y minimizar riesgos 👉 djar.co/TtvT

☁️ FEDRAMP IMPULSA EL USO DE IMÁGENES DE CONTENEDORES PRE-HARDENED PARA AUMENTAR LA SEGURIDAD EN NUBE

La certificación FedRAMP recomienda el uso de imágenes de contenedores que ya incluyen configuraciones seguras (pre-hardened) para reducir vulnerabilidades desde el despliegue inicial. Esta práctica mejora la seguridad en entornos cloud y facilita el cumplimiento con normativas federales y estándares internacionales. Explora cómo implementar estas imágenes para fortalecer tus entornos en la nube 👉 djar.co/VHut

  • 0
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture fallback
Bad Epoll (CVE-2026-46242) is a use-after-free race in the Linux kernel that lets a local user gain root on Linux and Android. A patch is out; update
  • 0
  • 1
  • 0
  • 13h ago
Profile picture fallback
Bad Epoll (CVE-2026-46242) is a timing-based use-after-free Linux kernel flaw that enables unprivileged users to gain root control; fixes are available.
  • 0
  • 0
  • 0
  • 20h ago
Profile picture fallback
A critical Linux kernel flaw, Bad Epoll (CVE-2026-46242), allows a standard user to gain full root control on desktops, servers, […]
  • 0
  • 0
  • 0
  • 19h ago
Profile picture fallback
Bad Epoll (CVE-2026-46242): The 99% Reliable Linux Kernel Race That Puts Root in Every User’s Hands + Video Introduction A newly disclosed Linux kernel flaw, dubbed "Bad Epoll" and officially tracked as CVE-2026-46242, allows any unprivileged local user to escalate privileges to root on affected…
  • 0
  • 0
  • 0
  • 17h ago
Profile picture fallback
New Bad Epoll (CVE-2026-46242) Linux kernel use-after-free flaw can let local users gain root on desktops, servers, and Android. A fix is available. #BadEpoll #Linux #Android
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • ChaN
  • FatFs

01 Jul 2026
Published
01 Jul 2026
Updated

CVSS v3.1
HIGH (7.6)
EPSS
0.21%

KEV

Description

In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mount_volume() where fasize *= fs->n_fats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. This maps to CWE-190 (Integer Overflow or Wraparound). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (7.6, High). Remote delivery is also possible in OTA/update pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Total.

Statistics

  • 2 Posts
  • 3 Interactions

Last activity: 11 hours ago

Fediverse

Profile picture fallback

🧩 Runzero warnt: Eine KI-gestützte Suche fand eine gefährliche Lücke im FatFs-Treiber. Schon das Anschließen eines USB-Sticks soll genügen, um über CVE-2026-6682 (CVSS 7,6) Schadcode einzuschleusen. Patch derzeit unklar. Angriff auch via manipulierte OTA-Updates möglich. 🔥
golem.de/news/angriff-per-usb-
#Security #IoT #Embedded #USB #CVE #Vulnerability

  • 2
  • 1
  • 0
  • 11h ago

Bluesky

Profile picture fallback
Seven vulnerabilities (CVE-2026-6682 to CVE-2026- 6688) were found in the widely used FatFs filesystem library, with three rated as High […]
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • NetScaler
  • ADC

30 Jun 2026
Published
30 Jun 2026
Updated

CVSS v4.0
HIGH (8.8)
EPSS
0.50%

KEV

Description

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP

Statistics

  • 4 Posts
  • 1 Interaction

Last activity: Last hour

Fediverse

Profile picture fallback

A CitrixBleed-like memory overread vulnerability (CVE-2026-8451) in NetScaler appliances is currently being exploited in the wild, prompting Citrix to release urgent security patches. Organizations are advised to upgrade their NetScaler ADC and Gateway appliances immediately to mitigate this high-severity threat.
csoonline.com/article/4192741/

  • 0
  • 0
  • 0
  • 23h ago

Bluesky

Profile picture fallback
Critical Memory Overread Vulnerability in Citrix NetScaler CVE-2026-8451 https://www.securityweek.com/new-citrixbleed-vulnerability-exploited-immediately-after-public-disclosure https://flagthis.com/tldr/4739 ##Citrix ##NetScaler ##CVE20268451 ##MemoryOverread ##Vulnerability
  • 0
  • 0
  • 0
  • Last hour
Profile picture fallback
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-8451, CVE-2026-8452, CVE-2026-8655, CVE-2026-10816, CVE-2026-10817, and CVE-2026-13474 #patchmanagement
  • 0
  • 1
  • 1
  • Last hour

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016

22 May 2026
Published
02 Jul 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
3.22%

Description

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 16 hours ago

Bluesky

Profile picture fallback
SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...
  • 0
  • 1
  • 0
  • 16h ago
Profile picture fallback
📢 CISA ajoute CVE-2026-45659 au KEV : RCE activement exploitée dans SharePoint Server 📝 ## 📰 Contexte Source : SOCRadar, publié le 2 juillet 2026. https://cyberveille.ch/posts/2026-07-03-cisa-ajoute-cve-2026-45659-au-kev-rce-activement-exploitee-dans-sharepoint-server/ #CISA_KEV #Cyberveille
  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Linux
  • Linux

23 May 2026
Published
03 Jul 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.14%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail to propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()->flags when moving frags from source to destination. __pskb_copy_fclone() defers the rest of the shinfo metadata to skb_copy_header() after copying frag descriptors, but that helper only carries over gso_{size,segs, type} and never touches skb_shinfo()->flags; skb_shift() moves frag descriptors directly and leaves flags untouched. As a result, the destination skb keeps a reference to the same externally-owned or page-cache-backed pages while reporting skb_has_shared_frag() as false. The mismatch is harmful in any in-place writer that uses skb_has_shared_frag() to decide whether shared pages must be detoured through skb_cow_data(). ESP input is one such writer (esp4.c, esp6.c), and a single nft 'dup to <local>' rule -- or any other nf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()'d skb in esp_input() with the marker stripped, letting an unprivileged user write into the page cache of a root-owned read-only file via authencesn-ESN stray writes. Set SKBFL_SHARED_FRAG on the destination whenever frag descriptors were actually moved from the source. skb_copy() and skb_copy_expand() share skb_copy_header() too but linearize all paged data into freshly allocated head storage and emerge with nr_frags == 0, so skb_has_shared_frag() returns false on its own; they need no change. The same omission exists in skb_gro_receive() and skb_gro_receive_list(). The former moves the incoming skb's frag descriptors into the accumulator's last sub-skb via two paths (a direct frag-move loop and the head_frag + memcpy path); the latter chains the incoming skb whole onto p's frag_list. Downstream skb_segment() reads only skb_shinfo(p)->flags, and skb_segment_list() reuses each sub-skb's shinfo as the nskb -- both p and lp must carry the marker. The same omission also exists in tcp_clone_payload(), which builds an MTU probe skb by moving frag descriptors from skbs on sk_write_queue into a freshly allocated nskb. The helper falls into the same family and warrants the same fix for consistency; no TCP TX-side in-place writer is currently known to reach a user page through this gap, but a future consumer depending on the marker would regress silently. The same omission exists in skb_segment(): the per-iteration flag merge takes only head_skb's flag, and the inner switch that rebinds frag_skb to list_skb on head_skb-frags exhaustion does not fold the new frag_skb's flag into nskb. Fold frag_skb's flag at both sites so segments drawing frags from frag_list members carry the marker.

Statistics

  • 2 Posts

Last activity: Last hour

Bluesky

Profile picture fallback
Dissecting and Exploiting Linux LPE Variant: DirtyClone (CVE-2026-43503) https://lobste.rs/s/adgyhb #security #linux
  • 0
  • 0
  • 0
  • 23h ago
Profile picture fallback
> Ubuntu 26.04 その55 - Linux kernel に権限昇格の脆弱性・DirtyClone(CVE-2026-43503) https://kledgeb.blogspot.com/2026/07/ubuntu-2604-55-linux-kernel.html
  • 0
  • 0
  • 0
  • Last hour

Overview

  • Pending

Pending
Published
Pending
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts

Last activity: 23 hours ago

Fediverse

Profile picture fallback
[RSS] Privilege escalation to root in Lima QEMU guests via a world-writable agent socket (CVE-2026-53657)

https://syntetisk.tech/blog/posts/privilege-escalation-to-root-in-lima-qemu-guests-via-a-world-writable-agent-socket-cve-2026-53657/
  • 0
  • 0
  • 0
  • 23h ago

Bluesky

Profile picture fallback
[RSS] Privilege escalation to root in Lima QEMU guests via a world-writable agent socket (CVE-2026-53657) syntetisk.tech -> Original->
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Microsoft
  • Windows 10 Version 1507

10 Jun 2025
Published
26 Feb 2026
Updated

CVSS v3.1
HIGH (8.8)
EPSS
64.99%

Description

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 3 hours ago

Bluesky

Profile picture fallback
NTLM Reflection Bypass PoC Unleashed: How Attackers Are Gaining SYSTEM Access on Windows Server 2025 + Video Introduction A critical proof-of-concept (PoC) has been published that bypasses Microsoft’s mitigation for the NTLM reflection vulnerability tracked as CVE-2025-33073, enabling attackers to…
  • 1
  • 1
  • 0
  • 3h ago

Overview

  • Go standard library
  • net/url
  • net/url

06 Mar 2026
Published
03 Jul 2026
Updated

CVSS
Pending
EPSS
0.73%

KEV

Description

url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 6 hours ago

Fediverse

Profile picture fallback
>net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

30 years later and the stupidly complicated address syntax is still causing problems.
stop-doing-ipv6.png
  • 1
  • 0
  • 0
  • 6h ago

Overview

  • Cisco
  • Cisco Unified Communications Manager

03 Jun 2026
Published
01 Jul 2026
Updated

CVSS v3.1
HIGH (8.6)
EPSS
41.69%

Description

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 21 hours ago

Fediverse

Profile picture fallback

Explotan vulnerabilidad CVE-2026-20230 en Cisco Unified CM

blog.elhacker.net/2026/07/expl

  • 0
  • 1
  • 0
  • 21h ago

Overview

  • WebPros
  • cPanel

29 Apr 2026
Published
06 May 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
98.10%

Description

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 10 hours ago

Fediverse

Profile picture fallback

Was originally doing security research for a CVE, but then found some piece of malware pretending to be a POC lmao, GitHub needs to take this down fr fr github.com/aquace/CVE-2026-419

  • 0
  • 1
  • 0
  • 10h ago
Showing 1 to 10 of 41 CVEs