24h | 7d | 30d

CVE-2026-12197

Overview

  • Ruijie
  • EG105G-P
14 Jun 2026
Published
15 Jun 2026
Updated
CVSS v4.0
HIGH (8.6)
EPSS
2.38%
KEV

Description

A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

โš ๏ธ HIGH-severity: CVE-2026-12197 in Ruijie EG105G-P v2.340 enables remote command injection via /cgi-bin/luci/api/diagnose. No patch, exploit code public. Restrict access & monitor for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-54413

Overview

  • driftregion
  • iso14229
14 Jun 2026
Published
15 Jun 2026
Updated
CVSS v4.0
HIGH (7.8)
EPSS
0.46%
KEV

Description

driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle_0x27_SecurityAccess() function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer by sending a single-byte 0x27 SecurityAccess request that follows any earlier well-formed 0x27 message. The handler reads the SecurityAccess subFunction from recv_buf[1] without first checking that recv_len is at least 2, then computes the key-data length as the unsigned subtraction (uint16_t)(recv_len - UDS_0X27_REQ_BASE_LEN); when recv_len equals 1 the result underflows to 65535 and is passed as args.len to the application's SecAccessValidateKey or SecAccessRequestSeed callback, which typically iterates or copies that many bytes from the 4-KB receive buffer. Every other UDS sub-function handler in the library (0x10, 0x11, 0x14, 0x19, 0x22, 0x23, 0x28, and others) performs an explicit recv_len lower-bound check before indexing; Handle_0x27_SecurityAccess is the sole outlier. The vulnerable handler reaches over CAN bus, OBD-II, ISO-TP, and DoIP transports and is exposed in the default diagnostic session without prior authentication; deployments on automotive ECUs, industrial controllers, and IoT devices that ship iso14229 as their UDS server are affected.

Statistics

  • 1 Post
Last activity: 23 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

๐Ÿšจ CVE-2026-54413 (HIGH, CVSS 7.8): Integer underflow in driftregion iso14229 โ‰ค0.9.0 lets remote attackers crash automotive, IoT, and industrial UDS servers via crafted 0x27 requests. Validate input, monitor traffic, and restrict access. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 23h ago

CVE-2026-5038

Overview

  • multer
  • multer
15 Jun 2026
Published
15 Jun 2026
Updated
CVSS v3.1
MEDIUM (5.3)
EPSS
Pending
KEV

Description

Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe() call does not propagate the stream destroy signal to the underlying fs.WriteStream. An attacker can exhaust disk space by triggering many aborted uploads, with no application bug required. Patches: Users should upgrade to multer 2.2.0 (2.x line) or 3.0.0-alpha.2 (3.x prerelease). Both versions track in-flight write streams and clean them up on the abort path. Workarounds: None.

Statistics

  • 2 Posts
Last activity: 4 hours ago

Fediverse

Profile picture fallback
Ulises Gascon @ulisesgascon

๐Ÿšจ Medium-severity security fix in multer@2.2.0 and multer@3.0.0-alpha.2 just released!

Patches CVE-2026-5038. multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads.

github.com/expressjs/multer/se

  • 0
  • 0
  • 1
  • 4h ago

CVE-2026-49975

Overview

  • Apache Software Foundation
  • Apache HTTP Server
08 Jun 2026
Published
09 Jun 2026
Updated
CVSS
Pending
EPSS
1.31%
KEV

Description

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture fallback
Dryusdan @Dryusdan
Partage, veille et lecture : Protecting against HTTP/2 Bomb vulnerability (CVE-2026-49975) with HAProxy https://www.haproxy.com/blog/haproxy-cve-2026-49975-http2-bomb Protect your infrastructure from the HTTP/2 Bomb vulnerability (CVE-2026-49975) using HAProxy. Learn about immediate mitigation strategies and automatic protection. #Shaarli https://dryusdan.link/shaare/bhVzBQ
  • 0
  • 0
  • 0
  • 5h ago

CVE-2026-11860

Overview

  • OpenSolution
  • Quick.CMS
15 Jun 2026
Published
15 Jun 2026
Updated
CVSS v4.0
HIGH (7.5)
EPSS
0.36%
KEV

Description

Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation or class restrictions, crafted payloads can trigger dangerous magic methods (e.g., __wakeup() and __destruct()) and leverage gadget chains, resulting in arbitrary code execution. Exploitation is triggered automatically when an administrator accesses the admin panel. When successfully exploited, this vulnerability allows attackers to execute arbitrary code on the server via manipulated serialized data transmitted over an unprotected channel. This issue was mitigated by limiting the communication to HTTPS in a patch for version 6.8 published on 14.05.2026, deployments without this patch remain vulnerable.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

โš ๏ธ CVE-2026-11860 (HIGH): OpenSolution Quick.CMS vulnerable to deserialization of untrusted data over HTTP. Remote code execution possible if admin accesses panel. Upgrade to v6.8+ to enforce HTTPS and mitigate risk. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

CVE-2026-12192

Overview

  • GALAYOU
  • Y4
14 Jun 2026
Published
14 Jun 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.43%
KEV

Description

A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

๐Ÿ” HIGH severity: Buffer overflow in GALAYOU Y4 v1.0.0 (CVE-2026-12192). Exploitable via local network โ€” no patch or vendor response yet. Restrict network access & monitor for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-43500

Overview

  • Linux
  • Linux
11 May 2026
Published
14 Jun 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
93.99%
KEV

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before calling into the security ops only when skb_cloned() is true. An skb that is not cloned but still carries externally-owned paged fragments (e.g. SKBFL_SHARED_FRAG set by splice() into a UDP socket via __ip_append_data, or a chained skb_has_frag_list()) falls through to the in-place decryption path, which binds the frag pages directly into the AEAD/skcipher SGL via skb_to_sgvec(). Extend the gate to also unshare when skb_has_frag_list() or skb_has_shared_frag() is true. This catches the splice-loopback vector and other externally-shared frag sources while preserving the zero-copy fast path for skbs whose frags are kernel-private (e.g. NIC page_pool RX, GRO). The OOM/trace handling already in place is reused.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture fallback
Can Artuc @canartuc

The Linux 6.18.35 longterm stable update gathers around 70 backported fixes. The headline is a patch for CVE-2026-43500 in rxrpc, which corrected pagecache corruption from in-place decryption of locally transmitted DATA packets via splice(). It also carries AMDGPU and AMDKFD memory-leak and NULL-pointer fixes, plus arm64 TLB-flush corrections. None of it is dramatic, which is how a longterm kernel should read. How do you decide when a point release is worth a reboot?
#Linux #kernel

  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-49757

Overview

  • team-alembic
  • ash_authentication
  • ash_authentication
15 Jun 2026
Published
15 Jun 2026
Updated
CVSS v4.0
CRITICAL (9.2)
EPSS
Pending
KEV

Description

Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the local user by email address (an upsert on the email field, or a user-defined sign-in filter) rather than by the OpenID Connect iss/sub claim combination. Per OpenID Connect Core ยง5.7, only iss/sub uniquely and stably identifies an end-user; other claims, including email, MUST NOT be used as unique identifiers. A provider login presenting a victim's email, including an unverified email, a reused email, or an account with email_verified: false, resolved to and signed in as the victim's existing local account. An unauthenticated attacker who can register an account on any accepted OAuth provider with the victim's email (or who benefits from provider-side email reuse or reclamation) obtains the victim's full local privileges. The fix resolves users by the (strategy, sub) identity stored in a user identity resource, and only links a new sub to an existing local account by email when the provider's email_verified claim is trusted (trust_email_verified?). This issue affects ash_authentication from 0.1.0 before 4.14.0 and from 5.0.0-rc.0 before 5.0.0-rc.10.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture fallback
OffSequence @offseq

๐Ÿšจ CRITICAL: CVE-2026-49757 in ash_authentication lets attackers bypass auth by spoofing email in OAuth2/OIDC, risking local account takeover. Patch status unconfirmed โ€” check vendor advisory. Affected: v0.1.0, 5.0.0-rc.0. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-45257

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 13 hours ago

Fediverse

Profile picture fallback
@northalpha

I would say bumsrake.de/ / -2026-45257 / FreeBSD-SA-26:26.kTLS. sets a new standard in everything local priv esc bug website. period. I think even @GossiTheDog could appreciate it :D

  • 0
  • 0
  • 0
  • 13h ago

CVE-2026-12043

Overview

  • AWS
  • aws-c-http
12 Jun 2026
Published
12 Jun 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.33%
KEV

Description

Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2 HEADERS frames. To remediate this issue, users should upgrade to aws-c-http version 0.11.0.

Statistics

  • 1 Post
Last activity: 10 hours ago

Fediverse

Profile picture fallback
Hugo | DevOps | Cybersecurity @hugovalters

CVE-2026-12043 - High severity memory corruption in AWS aws-c-http. Improper HPACK table handling could lead to RCE via crafted HTTP/2 frames. CVSS 8.8. Upgrade to aws-c-http 0.11.0 immediately. #CVE #AWS #infosec

valtersit.com/cve/CVE-2026-120

  • 0
  • 0
  • 0
  • 10h ago
Showing 21 to 30 of 50 CVEs