24h | 7d | 30d

CVE-2026-5166

Overview

  • TUBITAK BILGEM Software Technologies Research Institute
  • Pardus Software Center
29 Apr 2026
Published
29 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.6)
EPSS
Pending
KEV

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal. This issue affects Pardus Software Center: before 1.0.3.

Statistics

  • 1 Post
Last activity: 9 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚩 CRITICAL: CVE-2026-5166 in Pardus Software Center <1.0.3 enables path traversal — attackers may access/modify files outside restricted dirs. No patch yet. Restrict access, monitor updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 9h ago

CVE-2026-4412

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture fallback
NEWSTECNICAS | Tecnología , IA y Gaming @newstecnicas.info.ve
⚠️ #Vulnerabilidad 'Ghost-Print' (CVE-2026-4412): Fallo en la cola de impresión de #Windows que afecta a #redes corporativas (+MITIGACIÓN) www.newstecnicas.info.ve/2026/04/vuln...
  • 0
  • 0
  • 0
  • Last hour

CVE-2025-20333

Overview

  • Cisco
  • Cisco Secure Firewall Adaptive Security Appliance (ASA) Software
25 Sep 2025
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
24.78%
KEV

Description

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.

Statistics

  • 2 Posts
Last activity: 15 hours ago

Bluesky

Profile picture fallback
キタきつね @kitafox.bsky.social
Cisco Secure Firewall ASAおよびCisco Secure FTDの脆弱性について (CVE-2025-20333等) #IPA (Apr 27) www.ipa.go.jp/security/sec...
  • 0
  • 0
  • 0
  • 15h ago
Profile picture fallback
キタきつね @kitafox.bsky.social
Cisco ASAおよびFTDにおける複数の脆弱性(CVE-2025-20333、CVE-2025-20362)に関する注意喚起 #JPCERTCC (Apr 27) www.jpcert.or.jp/at/2025/at25...
  • 0
  • 0
  • 0
  • 15h ago

CVE-2026-1659

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 18 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
You can copy my openSUSE script for CVE-2026-1659. It works today. But next month? Next CVE? You'll be guessing again. Read more -> tinyurl.com/mnm844br #openSUSE
  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-1643

Overview

  • ariagle
  • MP-Ukagaka
07 Feb 2026
Published
08 Apr 2026
Updated
CVSS v3.1
MEDIUM (6.1)
EPSS
0.05%
KEV

Description

The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Statistics

  • 1 Post
Last activity: 21 hours ago

Bluesky

Profile picture fallback
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
You patched CVE-2026-1643? Good. Next month’s zero day won’t wait for an update -> tinyurl.com/2zvcj36z #openSUSE ->
  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-0740

Overview

  • SaturdayDrive
  • Ninja Forms - File Uploads
07 Apr 2026
Published
08 Apr 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.09%
KEV

Description

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'NF_FU_AJAX_Controllers_Uploads::handle_upload' function in all versions up to, and including, 3.3.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The vulnerability was partially patched in version 3.3.25 and fully patched in version 3.3.27.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture fallback
Torsten Landsiedel @Zodiac1978

If you use Ninja Forms File Uploads in a version lower than 3.3.28, update IMMEDIATELY and check your website for malware!

CVE score 9.8 🚨
tenable.com/cve/CVE-2026-0740

  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-25262

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture fallback
ari @ari

ooo its vulnerable to CVE-2026-25262

  • 0
  • 0
  • 0
  • 19h ago

CVE-2026-42523

Overview

  • Jenkins Project
  • Jenkins GitHub Plugin
29 Apr 2026
Published
29 Apr 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting (XSS) vulnerability exploitable by non-anonymous attackers with Overall/Read permission.

Statistics

  • 1 Post
Last activity: 8 hours ago

Fediverse

Profile picture fallback
OffSequence @offseq

🚨 CRITICAL: Jenkins GitHub Plugin ≤1.46.0 has a stored XSS (CVE-2026-42523). Attackers with Overall/Read permission can run JS in users' browsers. Limit permissions & check vendor for patches. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 8h ago

CVE-2025-24054

Overview

  • Microsoft
  • Windows 10 Version 1507
11 Mar 2025
Published
13 Feb 2026
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
7.83%
KEV

Description

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture fallback
Steele Fortress @steelefortress

CISA just added CVE-2025-24054 to its Known Exploited Vulnerabilities catalog, mandating federal agencies patch Windows systems against an NTLM hash-leaking flaw already weaponized in the wild.

Read more: steelefortress.com/6o7x90

CyberDefense

  • 0
  • 0
  • 0
  • 1h ago

CVE-2026-25710

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 2 Posts
Last activity: 19 hours ago

Bluesky

Profile picture fallback
Christine Hall @brideoflinux.bsky.social
The SUSE team finds security issues in Plasma's Login Manager and explain them here: plasma-login-manager: Weaknesses in plasmaloginauthhelper (CVE-2026-25710) buff.ly/r1Ys9k6
  • 0
  • 0
  • 1
  • 19h ago
Showing 21 to 30 of 44 CVEs