CVE-2026-47729

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

6 Posts
2 Interactions

Last activity: 1 hour ago

Fediverse

benzogaga33 :verified: @benzogaga33

Squidbleed : une faille vieille de 29 ans fait fuiter les identifiants des utilisateurs du proxy Squid https://www.it-connect.fr/squidbleed-faille-proxy-squid-cve-2026-47729/ #ActuCybersécurité #Cybersécurité #Vulnérabilité

0
0
0
6h ago

Bluesky

L'algorisme @lalgorisme.bsky.social

🧵Un bug introduït al codi de Squid el 1997 s'ha descobert el 2026, i, un cop més, l'ha caçat una IA. Permet que un usuari d'una xarxa compartida llegeixi la petició HTTP d'un altre, credencials i tokens de sessió inclosos. Es diu Squidbleed (CVE-2026-47729).

1
1
0
8h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Squidbleed (CVE-2026-47729) in Squid can leak other users' cleartext HTTP requests, including credentials or tokens, through a long-standing FTP parser bug. Fix with a parser guard or disable FTP. #Squid #Squidbleed #CVE202647729

0
0
0
22h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Squidbleed, a Squid Proxy memory leak tracked as CVE-2026-47729, has existed since 1997 and can expose uncleared HTTP data, including credentials and session tokens, in shared proxy setups. #SquidProxy #Squidbleed #CVE202647729

0
0
0
22h ago

Il Software @mm-ilsoftware-bot.bsky.social

Squidbleed: falla di sicurezza rimasta nascosta in Squid Proxy per quasi 30 anni CVE-2026-47729, nota come Squidbleed, interessa Squid Proxy da quasi 29 anni:... https://www.ilsoftware.it/squidbleed-falla-sicurezza-nascosta-in-squid-proxy-per-29-anni/

0
0
0
5h ago

IT-Connect @it-connect.bsky.social

Squidbleed (CVE-2026-47729) : un bug d'une ligne planqué depuis 1997 dans le proxy Squid. Repéré par une IA 👇 www.it-connect.fr/squidbleed-f... #cybersecurite

0
0
0
1h ago

CVE-2026-8461

Overview

FFmpeg
FFmpeg

18 Jun 2026

Published

19 Jun 2026

Updated

CVSS v3.1

HIGH (8.8)

EPSS

0.39%

MITRE

KEV

Description

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg before version 8.1.2.

Statistics

4 Posts
3 Interactions

Last activity: 1 hour ago

Fediverse

OffSequence @offseq

FFmpeg MagicYUV decoder CRITICAL heap out-of-bounds bug (CVE-2026-8461): AVI/MKV/MOV files can trigger DoS or RCE in apps like Jellyfin, Nextcloud. Patch to 8.1.2 ASAP. https://radar.offseq.com/threat/ffmpeg-fixes-pixelsmash-flaw-in-widely-used-video--5ccb783d6ccf419b #OffSeq #FFmpeg #CVE20268461 #infosec

1
0
0
17h ago

Marcus Wilhelmsson @marcus

If you’re collecting Linux ISOs, have a look at CVE-2026-8461 and patch when a patch is available.

1
0
0
4h ago

Bluesky

TugaTech @tugate.ch

Foi descoberta uma vulnerabilidade crítica, denominada PixelSmash, na biblioteca FFmpeg, que pode permitir a execução remota de código em servidores Jellyfin e causar a negação de serviço em plataformas como Kodi. A falha, identificada como CVE-2026-8461, recebeu uma pontuação de gravidade significa

1
0
0
8h ago

Il Software @mm-ilsoftware-bot.bsky.social

FFmpeg, scoperta la falla PixelSmash: rischio attacchi su Jellyfin, Kodi e Nextcloud La vulnerabilità CVE-2026-8461 nel decoder MagicYUV di... https://www.ilsoftware.it/ffmpeg-scoperta-la-falla-pixelsmash-rischio-attacchi-su-jellyfin-kodi-e-nextcloud/

0
0
0
1h ago

CVE-2026-55200

Overview

libssh2
libssh2

17 Jun 2026

Published

18 Jun 2026

Updated

CVSS v4.0

CRITICAL (9.2)

EPSS

0.54%

MITRE

KEV

Description

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

Statistics

2 Posts
19 Interactions

Last activity: 6 hours ago

Fediverse

Stéphane Bortzmeyer @bortzmeyer

Ah sinon, si vous utilisez du logiciel, vous allez être piraté. Cette fois, c'est SSH (CVE-2026-55200).
https://www.cve.org/CVERecord?id=CVE-2026-55200

15
4
0
6h ago

The CyberSec Guru @guru

A critical flaw in libssh2 puts SSH clients at remote code execution risk

CVE-2026-55200 is a CVSS 9.2 heap overflow in libssh2 enabling pre-auth RCE on all versions through 1.11.1. Fix: commit 97acf3d

https://thecybersecguru.com/news/cve-2026-55200-libssh2-remote-code-execution/

0
0
0
6h ago

CVE-2026-20253

Overview

Splunk
Splunk Enterprise

10 Jun 2026

Published

19 Jun 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

92.10%

MITRE

KEV

Description

In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service.

Statistics

3 Posts

Last activity: 10 hours ago

Bluesky

セキュリティ対策Lab @securitylab-jp.bsky.social

CISAがSplunk Enterprise史上初のKEV追加-脆弱性 CVE-2026-20253がサイバー攻撃に悪用 rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews #cyberattack #incident

0
0
0
15h ago

Red Hot Cyber @redhotcyber.bsky.social

9,8 su 10! Gli Hacker criminali stanno sfruttando un bug critico su Splunk Enterprise 📌 Link all'articolo : www.redhotcyber.com/post/98-su-1... A cura di Luigi Zullo #redhotcyber #news #cybersecurity #hacking #vulnerabilita #splunk #cve202620253

0
0
0
10h ago

boredchilada @boredchilada.bsky.social

~Checkpoint~ Weekly threat intel highlights FortiSandbox & Splunk zero-days, AI agent exploits, and major breaches at Texas Parks & Klue. - IOCs: CVE-2026-39813, CVE-2026-50656, CVE-2026-20253 - #DataBreach #ThreatIntel #Vulnerabilities

0
0
0
19h ago

CVE-2026-4020

Overview

RocketGenius
Gravity SMTP

31 Mar 2026

Published

08 Apr 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

39.70%

MITRE

KEV

Description

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permission_callback that unconditionally returns true, allowing any unauthenticated visitor to access it. When the ?page=gravitysmtp-settings query parameter is appended, the plugin's register_connector_data() method populates internal connector data, causing the endpoint to return approximately 365 KB of JSON containing the full System Report. This makes it possible for unauthenticated attackers to retrieve detailed system configuration data including PHP version, loaded extensions, web server version, document root path, database server type and version, WordPress version, all active plugins with versions, active theme, WordPress configuration details, database table names, and any API keys/tokens configured in the plugin.

Statistics

2 Posts
1 Interaction

Last activity: 11 hours ago

Bluesky

セキュリティ対策Lab @securitylab-jp.bsky.social

WordPressプラグイン「Gravity SMTP」の脆弱性がサイバー攻撃に悪用中(CVE-2026-4020) rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #security #securitynews #cyberattack #incident

0
1
0
11h ago

Kaldata.com @kaldata.bsky.social

Хакери атакуват популярен WP плъгин с над 100 000 активни инсталации Компанията за киберсигурност Defiant предупреждава, че хакери атакуват масово уязвимост в WordPress плъгин. Става дума за Gravity SMTP, разширение с над 100 000 активни инсталации. Експлоатирането на CVE-2026-4020 позволява…

0
0
0
21h ago

CVE-2026-10521

Overview

MB connect line
mbCONNECT24

23 Jun 2026

Published

23 Jun 2026

Updated

CVSS v4.0

HIGH (8.6)

EPSS

0.31%

MITRE

KEV

Description

An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability.

Statistics

3 Posts

Last activity: 3 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2026-068
MB connect line: Authenticated unintended access to critical program parameters in mbCONNECT24/mymbCONNECT24

There is a vulnerability in mbCONNECT24/mymbCONNECT24 that allows an authenticated remote attacker to access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters.
#CVE CVE-2026-10521

https://certvde.com/en/advisories/vde-2026-068/

#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-068.json

0
0
1
8h ago

OffSequence @offseq

CVE-2026-10521 (HIGH, CVSS 8.6) in mbCONNECT24: Remote attackers with high privileges can access hidden configs, risking full system compromise. No patch yet — restrict access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-10521-cwe-425-direct-request-forced-brows-d20bd7167efa941e #OffSeq #Vulnerability #ICS #Security

0
0
0
3h ago

CVE-2026-50656

Overview

Microsoft
Microsoft Malware Protection Engine

16 Jun 2026

Published

19 Jun 2026

Updated

CVSS v3.1

HIGH (7.8)

EPSS

3.39%

MITRE

KEV

Description

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.

Statistics

2 Posts

Last activity: 17 hours ago

Fediverse

𝔸𝕟𝕠𝕟𝕪𝕞𝕠𝕦𝕤 :verified: @youranonnewsirc

Geopolitical tensions escalate as US-Iran talks stall amidst renewed Israel-Hezbollah strikes and Trump's Strait of Hormuz threats; Iran reportedly closed the waterway. In technology, Anthropic's Fable 5 AI models remain offline due to a US export ban. Cybersecurity alerts include active exploitation of Microsoft Defender zero-day (CVE-2026-50656), Cisco SD-WAN, and Splunk flaws.

#AnonNews_irc #Cybersecurity #News

0
0
0
17h ago

Bluesky

boredchilada @boredchilada.bsky.social

~Checkpoint~ Weekly threat intel highlights FortiSandbox & Splunk zero-days, AI agent exploits, and major breaches at Texas Parks & Klue. - IOCs: CVE-2026-39813, CVE-2026-50656, CVE-2026-20253 - #DataBreach #ThreatIntel #Vulnerabilities

0
0
0
19h ago

CVE-2026-48907

Overview

joomlacontenteditor.net
Joomla Content Editor (JCE) extension for Joomla

05 Jun 2026

Published

20 Jun 2026

Updated

CVSS v4.0

CRITICAL (10.0)

EPSS

80.42%

MITRE

KEV

Description

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

Statistics

2 Posts
4 Interactions

Last activity: 3 hours ago

Bluesky

The Shadowserver Foundation @shadowserver.bsky.social

Last week we added scanning for Joomla JCE editor extension CVE-2026-48907 vulnerable instances. This RCE vulnerability is exploited in the wild & on US CISA KEV. 4840 vulnerable instances seen 2026-06-22 down from 5146 on 2026-06-19. Top affected: US dashboard.shadowserver.org/statistics/c...

2
2
0
3h ago

The Shadowserver Foundation @shadowserver.bsky.social

Raw IP data shared in our Vulnerable HTTP reporting www.shadowserver.org/what-we-do/n... tagged 'cve-2026-48907' filtered by network/constituency Dashboard Tree Map view: dashboard.shadowserver.org/statistics/c... Patch info: www.joomlacontenteditor.net/news/jce-sec...

0
0
0
3h ago

CVE-2025-10263

Overview

Arm
C1-Ultra

09 Jun 2026

Published

09 Jun 2026

Updated

CVSS

Pending

EPSS

0.66%

MITRE

KEV

Description

Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level.

Statistics

1 Post
2 Interactions

Last activity: 3 hours ago

Fediverse

Bryan Steele :flan_beard: @brynet

Mark Kettenis has brought over the generic binary codepatching infrastructure to the #OpenBSD/arm64 kernel, and is using it to NOP out costly mitigations for microarchitectural vulnerabilities on CPUs that are not vulnerable.

The codepatch code is put in a separate section which gets unmapped after boot, making it unavailable for use in ROP attacks. :flan_thumbs:

The commit addresses CVE-2025-10263 too, I guess. :flan_hacker:

https://marc.info/?l=openbsd-cvs&m=178221510961685&w=2

2
0
0
3h ago

CVE-2026-11833

Overview

Yokogawa Electric Corporation
FAST/TOOLS

23 Jun 2026

Published

23 Jun 2026

Updated

CVSS v4.0

HIGH (8.2)

EPSS

0.22%

MITRE

KEV

Description

Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server (All packages) R1.01 to R1.04

Statistics

1 Post
1 Interaction

Last activity: 12 hours ago

Fediverse

OffSequence @offseq

Yokogawa FAST/TOOLS & CI Server (R9.01 – R10.04, R1.01 – R1.04) affected by HIGH severity CVE-2026-11833 (CVSS 8.2): config data sent in cleartext 🛡️. Limit access, monitor advisories. https://radar.offseq.com/threat/cve-2026-11833-cwe-319-cleartext-transmission-of-s-bc44d4c0b280a67c #OffSeq #ICS #Vuln #Cybersecurity

1
0
0
12h ago