CIRCLE WITH A DOT

New security advisory:CVE-2026-30893 affects multiple systems.• Impact: Remote code execution or complete system compromise possible• Risk: Attackers can gain full control of affected systems• Mitigation: Patch immediately or isolate affected systemsFull breakdown:https://www.yazoul.net/advisory/cve/cve-2026-30893-wazuh-cluster-path-traversal-rce#CVE #SecurityPatching #HackerNews

Reliably detecting Copyfail https://www.threatbear.co/blog/detecting-copyfail-using-ebpf/ #CVE-2026-31431 #copyfail #detectionengineering

EUVD-2026-26296 Score: n/a Product: Plack::Middleware::XSendfile Vendor: MIYAGAWA Updated: 2026-04-29 Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting.Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if it is not c... https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-26296#cybersecurity #infosec #euvd #cve #vulnerability

EUVD-2026-26237 Score: n/a Product: Text::CSV_XS Vendor: HMBRAND Updated: 2026-04-29 Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption.The Parse, print, getline, and getline_all methods invoke registered callbacks (for exampl... https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-26237#cybersecurity #infosec #euvd #cve #vulnerability

CVE-2026-3854: any authenticated GitHub user could RCE the backend with a git push. Unsanitized semicolons in push options → X-Stat header injection → sandbox bypass → code execution.Same day, a survey of 18 months of supply chain attacks all tracing back to GitHub Actions.Same structural problem at two layers.New post: https://alexreed.srht.site/blog/github-rce-actions-weakest-link.html#infosec #supplychain #github #CVE

RE: https://mstdn.social/@Hackread/116483523143375972I knew it! Ever wondered how you can just install packages without having to install a password in Fedora when you type a command that doesn't exist in the terminal? Turns out that's indeed unsafe, and now PackageKit has a privilege escalation CVE.I guess this explains why some things suddenly started to ask for passwords recently #Security #Linux #CVE

GCVE-BCP-10: Improved Common Platform Enumeration for GCVEThis document specifies an improved platform enumeration model for GCVE aligned with the current implementation of cpe-editor.#cpe #cve #gcve #infosec #vulnerabilitymanagement https://gcve.eu/bcp/gcve-bcp-10/

CVE Alert: CVE-2026-7035 - Tenda - FH1202 - https://www.redpacketsecurity.com/cve-alert-cve-2026-7035-tenda-fh1202/#OSINT #ThreatIntel #CyberSecurity #cve-2026-7035 #tenda #fh1202

CVE Alert: CVE-2026-7036 - Tenda - i9 - https://www.redpacketsecurity.com/cve-alert-cve-2026-7036-tenda-i9/#OSINT #ThreatIntel #CyberSecurity #cve-2026-7036 #tenda #i9

Today, this is THE risk from attackers armed with an LLM. Had one bounty hunter report a bug, a stored CSS in an uploaded SVG file that became an unauth RCE due to an obscure Struts flaw. Found by a robot, manually confirmed and reported by a sensible human.https://securityaffairs.com/191231/security/12-year-old-pack2theroot-bug-lets-linux-users-gain-root-privileges.html#ai #cve

[CISA-2026:0423] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0423)CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.️ CVE-2026-39987 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-39987)- Name: Marimo Remote Code Execution Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Marimo- Product: Marimo- Notes: https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc ; https://nvd.nist.gov/vuln/detail/CVE-2026-39987#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260423 #cisa20260423 #cve_2026_39987 #cve202639987

EUVD-2026-25229 Score: 7.8/10 (CVSS v3.1) Vendor: Red Hat Updated: 2026-04-23 A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potential... https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-25229#cybersecurity #infosec #euvd #cve #vulnerability

New security advisory:CVE-2026-41228 affects multiple systems.• Impact: Remote code execution or complete system compromise possible• Risk: Attackers can gain full control of affected systems• Mitigation: Patch immediately or isolate affected systemsFull breakdown:https://www.yazoul.net/advisory/cve/cve-2026-41228-froxlor-rce-via-path-traversal#CVE #PatchNow #InfoSecCommunity

CRITICAL 9.9 ADM VPN Vulnerability Exposed!A 9.9 CVSS vulnerability just hit ADM systems worldwide!https://www.youtube.com/shorts/0QfBbQEa1t4#cybersecurity #vulnerability #ADM #bufferoverflow #CVE #cybersecurity #infosec #hacking #cve #vulnerability

Official Advisory: https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv#PackageKit #vulnerability

#OT #Advisory VDE-2026-023Phoenix Contact: Several products are affected by vulnerabilities found in OpenSSLAttacks are possible when installing key files and digitally signed objects. These attacks can only be carried out if these files are uploaded and installed by a logged-in user with high privileges.#CVE CVE-2025-15467, CVE-2025-69419https://certvde.com/en/advisories/vde-2026-023/#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-023.json

New security advisory:CVE-2026-6257 affects multiple systems.• Impact: Remote code execution or complete system compromise possible• Risk: Attackers can gain full control of affected systems• Mitigation: Patch immediately or isolate affected systemsFull breakdown:https://www.yazoul.net/advisory/cve/cve-2026-6257-vvveb-cms-authenticated-rce-via-file-rename#CVE #VulnerabilityManagement #CyberSec

New research from Matei "Mal" Bădănoiu (Pentest-Tools.com):Stored XSS to RCE in DNN Platform (DotNetNuke), CVE-2026-40321.SVG upload with javascript: in an <a href> bypasses the filter. The /API/personaBar/ConfigConsole/UpdateConfigFile endpoint writes an ASPX backdoor to the web root. whoami → iis apppool, Potato your way to SYSTEM.Delivery: DNN's own internal messaging. No external infra.https://pentest-tools.com/blog/dotnetnuke-xss-to-rce#RedTeam #InfoSec #CVE #AppSec

New security advisory:CVE-2026-32613 affects multiple systems.• Impact: Remote code execution or complete system compromise possible• Risk: Attackers can gain full control of affected systems• Mitigation: Patch immediately or isolate affected systemsFull breakdown:https://www.yazoul.net/advisory/cve/cve-2026-32613-spinnaker-rce-via-unrestricted-java-classes#CVE #VulnerabilityManagement #CyberSec

@airtowerIt’s indeed a problem and we are working on a cpe editor at GCVE to propose links to vulnerabilities towards vendor, product, version. And people can query that for correcting potential wrong attribution to vendor, product.https://github.com/gcve-eu/cpe-editorWe plan to release it online in the next weeks.@Bubu @gcve