#infosec β Public Fediverse posts
Live and recent posts from across the Fediverse tagged #infosec, aggregated by home.social.
-
Security Tip: Stop vulnerability aging with Remediation SLAs. π‘οΈ
A "Critical" CVE is only half the story; how long it stays unpatched is the real risk. Establish a formal policy for patching timelines:
- Critical: 48-72 hours
- High: 14 days
- Medium: 30-60 daysEnforcing these Service Level Agreements (SLAs) ensures your team stays ahead of exploit kits. Stay updated on the latest threats at https://cvedatabase.com.
-
π CVE-2026-62228 - High (8.8)
OpenClaw before 2026.6.5 contain an authorization bypass vulnerability in node exec approvals that allows lower-trust callers to execute actions beyond their intended authorization by using different gateway and node environments. Attackers can ex...
π https://www.thehackerwire.com/vulnerability/CVE-2026-62228/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-62228 - High (8.8)
OpenClaw before 2026.6.5 contain an authorization bypass vulnerability in node exec approvals that allows lower-trust callers to execute actions beyond their intended authorization by using different gateway and node environments. Attackers can ex...
π https://www.thehackerwire.com/vulnerability/CVE-2026-62228/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-62227 - High (7.7)
OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in browser snapshot routes that fail to validate post-navigation destinations. Attackers with lower-trust access can bypass OpenClaw policy checks to reach net...
π https://www.thehackerwire.com/vulnerability/CVE-2026-62227/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-62227 - High (7.7)
OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in browser snapshot routes that fail to validate post-navigation destinations. Attackers with lower-trust access can bypass OpenClaw policy checks to reach net...
π https://www.thehackerwire.com/vulnerability/CVE-2026-62227/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-16221 - High (7.5)
Impact: fast-uri versions from 2.3.1 through 4.1.0 (including the 3.x line up to 3.1.3 and the 2.x line up to 2.4.2) do not treat a literal backslash character (U+005C) as an authority delimiter. Node's native WHATWG URL parser, used by fetch, und...
π https://www.thehackerwire.com/vulnerability/CVE-2026-16221/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-16221 - High (7.5)
Impact: fast-uri versions from 2.3.1 through 4.1.0 (including the 3.x line up to 3.1.3 and the 2.x line up to 2.4.2) do not treat a literal backslash character (U+005C) as an authority delimiter. Node's native WHATWG URL parser, used by fetch, und...
π https://www.thehackerwire.com/vulnerability/CVE-2026-16221/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-62386 - High (7.5)
The Grav API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query parameter on every API route (JwtAuthenticator::extractBearerToken fallback). Because tokens are embedded in URLs, they are lo...
π https://www.thehackerwire.com/vulnerability/CVE-2026-62386/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-62386 - High (7.5)
The Grav API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query parameter on every API route (JwtAuthenticator::extractBearerToken fallback). Because tokens are embedded in URLs, they are lo...
π https://www.thehackerwire.com/vulnerability/CVE-2026-62386/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π΄ CVE-2026-62241 - Critical (9.1)
clawvet self-hosted API server (apps/api) before 0.7.5 hard-codes a fallback JWT secret ('clawvet-dev-secret-change-me') in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId value...
π https://www.thehackerwire.com/vulnerability/CVE-2026-62241/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π΄ CVE-2026-62241 - Critical (9.1)
clawvet self-hosted API server (apps/api) before 0.7.5 hard-codes a fallback JWT secret ('clawvet-dev-secret-change-me') in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId value...
π https://www.thehackerwire.com/vulnerability/CVE-2026-62241/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-62234 - High (8.1)
Grav before 2.0.4 fails to restrict cURL protocols in webhook dispatch, allowing authenticated users with api.webhooks.write permission to create webhooks with file://, dict://, or gopher:// URLs. Attackers can trigger webhook events to read local...
π https://www.thehackerwire.com/vulnerability/CVE-2026-62234/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
π CVE-2026-62234 - High (8.1)
Grav before 2.0.4 fails to restrict cURL protocols in webhook dispatch, allowing authenticated users with api.webhooks.write permission to create webhooks with file://, dict://, or gopher:// URLs. Attackers can trigger webhook events to read local...
π https://www.thehackerwire.com/vulnerability/CVE-2026-62234/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
-
How close is each quantum modality to breaking RSA-2048? I built the CRQC Scorecard: three metrics (LQC, LOB, QOT), four modalities, measured in orders-of-magnitude gap to target.
Universal bottleneck: Logical Operations Budget: ~650,000Γ gap even for the best platforms.
https://postquantum.com/post-quantum/crqc-scorecard-how-close/
-
How close is each quantum modality to breaking RSA-2048? I built the CRQC Scorecard: three metrics (LQC, LOB, QOT), four modalities, measured in orders-of-magnitude gap to target.
Universal bottleneck: Logical Operations Budget: ~650,000Γ gap even for the best platforms.
https://postquantum.com/post-quantum/crqc-scorecard-how-close/
-
New by me: Security Signal Weekly: July 11-17, 2026
https://www.kylereddoch.me/blog/security-signal-weekly-july-11-17-2026/
-
New by me: Security Signal Weekly: July 11-17, 2026
https://www.kylereddoch.me/blog/security-signal-weekly-july-11-17-2026/
-
π¨ EUVD-2026-45503
π Score: n/a
π¦ Product: Linux, Linux, Linux (+24 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
virtiofs: fix UAF on submount umount
iput() called from fuse_release_end() can Oops if the super block has
already been destroyed. Normally this is prevented by waiting for
num_wait...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45503
-
π¨ EUVD-2026-45503
π Score: n/a
π¦ Product: Linux, Linux, Linux (+24 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
virtiofs: fix UAF on submount umount
iput() called from fuse_release_end() can Oops if the super block has
already been destroyed. Normally this is prevented by waiting for
num_wait...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45503
-
π¨ EUVD-2026-45504
π Score: n/a
π¦ Product: Linux, Linux, Linux (+17 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: fix NULL pointer dereference in vidtv_mux_push_si
syzbot reported a general protection fault in
vidtv_psi_ts_psi_write_into [1].vidtv_mux_get_pid_ctx() can return NUL...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45504
-
π¨ EUVD-2026-45504
π Score: n/a
π¦ Product: Linux, Linux, Linux (+17 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: fix NULL pointer dereference in vidtv_mux_push_si
syzbot reported a general protection fault in
vidtv_psi_ts_psi_write_into [1].vidtv_mux_get_pid_ctx() can return NUL...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45504
-
π¨ EUVD-2026-45503
π Score: n/a
π¦ Product: Linux, Linux, Linux (+24 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
virtiofs: fix UAF on submount umount
iput() called from fuse_release_end() can Oops if the super block has
already been destroyed. Normally this is prevented by waiting for
num_wait...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45503
-
π¨ EUVD-2026-45503
π Score: n/a
π¦ Product: Linux, Linux, Linux (+24 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
virtiofs: fix UAF on submount umount
iput() called from fuse_release_end() can Oops if the super block has
already been destroyed. Normally this is prevented by waiting for
num_wait...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45503
-
π¨ EUVD-2026-45504
π Score: n/a
π¦ Product: Linux, Linux, Linux (+17 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: fix NULL pointer dereference in vidtv_mux_push_si
syzbot reported a general protection fault in
vidtv_psi_ts_psi_write_into [1].vidtv_mux_get_pid_ctx() can return NUL...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45504
-
π¨ EUVD-2026-45504
π Score: n/a
π¦ Product: Linux, Linux, Linux (+17 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: fix NULL pointer dereference in vidtv_mux_push_si
syzbot reported a general protection fault in
vidtv_psi_ts_psi_write_into [1].vidtv_mux_get_pid_ctx() can return NUL...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45504
-
π¨ EUVD-2026-45505
π Score: n/a
π¦ Product: Linux, Linux, Linux (+19 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
ksmbd: reject non-VALID session in compound request branch
smb2_check_user_session() takes a shortcut for any operation that is not
the first in a COMPOUND request: it reuses work->s...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45505
-
π¨ EUVD-2026-45506
π Score: n/a
π¦ Product: Linux, Linux, Linux (+13 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
serial: 8250_dw: unregister 8250 port if clk_notifier_register() fails
dw8250_probe() registers the 8250 port via serial8250_register_8250_port()
and then, if the device has a clock,...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45506
-
π¨ EUVD-2026-45505
π Score: n/a
π¦ Product: Linux, Linux, Linux (+19 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
ksmbd: reject non-VALID session in compound request branch
smb2_check_user_session() takes a shortcut for any operation that is not
the first in a COMPOUND request: it reuses work->s...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45505
-
π¨ EUVD-2026-45506
π Score: n/a
π¦ Product: Linux, Linux, Linux (+13 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
serial: 8250_dw: unregister 8250 port if clk_notifier_register() fails
dw8250_probe() registers the 8250 port via serial8250_register_8250_port()
and then, if the device has a clock,...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45506
-
π¨ EUVD-2026-45507
π Score: n/a
π¦ Product: Linux, Linux, Linux (+28 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
vc_screen: fix null-ptr-deref in vcs_notifier() during concurrent vcs_write
A KASAN null-ptr-deref was observed in vcs_notifier():
BUG: KASAN: null-ptr-deref in vcs_notifier+0x98/0x...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45507
-
π¨ EUVD-2026-45507
π Score: n/a
π¦ Product: Linux, Linux, Linux (+28 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
vc_screen: fix null-ptr-deref in vcs_notifier() during concurrent vcs_write
A KASAN null-ptr-deref was observed in vcs_notifier():
BUG: KASAN: null-ptr-deref in vcs_notifier+0x98/0x...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45507
-
π¨ EUVD-2026-45508
π Score: n/a
π¦ Product: Linux, Linux, Linux (+11 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
iio: adc: ti-ads1298: add bounds check to pga_settings index
ads1298_pga_settings has 7 elements but ADS1298_MASK_CH_PGA can yield
values 0-7. If it yields a value >= 7, this causes ...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45508
-
π¨ EUVD-2026-45508
π Score: n/a
π¦ Product: Linux, Linux, Linux (+11 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
iio: adc: ti-ads1298: add bounds check to pga_settings index
ads1298_pga_settings has 7 elements but ADS1298_MASK_CH_PGA can yield
values 0-7. If it yields a value >= 7, this causes ...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45508
-
π¨ EUVD-2026-45503
π Score: n/a
π¦ Product: Linux, Linux, Linux (+24 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
virtiofs: fix UAF on submount umount
iput() called from fuse_release_end() can Oops if the super block has
already been destroyed. Normally this is prevented by waiting for
num_wait...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45503
-
π¨ EUVD-2026-45509
π Score: n/a
π¦ Product: Linux, Linux, Linux (+11 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
iio: light: veml6075: add bounds check to veml6075_it_ms index
veml6075_it_ms has 5 elements but VEML6075_CONF_IT can yield values 0-7.
If it returns a value >= 5, this causes an out...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45509
-
π¨ EUVD-2026-45503
π Score: n/a
π¦ Product: Linux, Linux, Linux (+24 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
virtiofs: fix UAF on submount umount
iput() called from fuse_release_end() can Oops if the super block has
already been destroyed. Normally this is prevented by waiting for
num_wait...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45503
-
π¨ EUVD-2026-45509
π Score: n/a
π¦ Product: Linux, Linux, Linux (+11 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
iio: light: veml6075: add bounds check to veml6075_it_ms index
veml6075_it_ms has 5 elements but VEML6075_CONF_IT can yield values 0-7.
If it returns a value >= 5, this causes an out...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45509
-
π¨ EUVD-2026-45504
π Score: n/a
π¦ Product: Linux, Linux, Linux (+17 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: fix NULL pointer dereference in vidtv_mux_push_si
syzbot reported a general protection fault in
vidtv_psi_ts_psi_write_into [1].vidtv_mux_get_pid_ctx() can return NUL...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45504
-
π¨ EUVD-2026-45504
π Score: n/a
π¦ Product: Linux, Linux, Linux (+17 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: fix NULL pointer dereference in vidtv_mux_push_si
syzbot reported a general protection fault in
vidtv_psi_ts_psi_write_into [1].vidtv_mux_get_pid_ctx() can return NUL...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45504
-
π¨ EUVD-2026-45510
π Score: n/a
π¦ Product: Linux, Linux, Linux (+15 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
fuse: re-lock request before replacing page cache folio
fuse_try_move_folio() unlocks the request on entry but does not
re-lock it on the success path. This means fuse_chan_abort() c...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45510
-
π¨ EUVD-2026-45510
π Score: n/a
π¦ Product: Linux, Linux, Linux (+15 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
fuse: re-lock request before replacing page cache folio
fuse_try_move_folio() unlocks the request on entry but does not
re-lock it on the success path. This means fuse_chan_abort() c...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45510
-
π¨ EUVD-2026-45511
π Score: n/a
π¦ Product: Linux, Linux, Linux (+7 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
net/tcp-ao: fix use-after-free of key in del_async path
In tcp_ao_delete_key(), the del_async path skips the current_key
and rnext_key validity checks present in the synchronous path,...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45511
-
π¨ EUVD-2026-45505
π Score: n/a
π¦ Product: Linux, Linux, Linux (+19 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
ksmbd: reject non-VALID session in compound request branch
smb2_check_user_session() takes a shortcut for any operation that is not
the first in a COMPOUND request: it reuses work->s...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45505
-
π¨ EUVD-2026-45511
π Score: n/a
π¦ Product: Linux, Linux, Linux (+7 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
net/tcp-ao: fix use-after-free of key in del_async path
In tcp_ao_delete_key(), the del_async path skips the current_key
and rnext_key validity checks present in the synchronous path,...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45511
-
π¨ EUVD-2026-45505
π Score: n/a
π¦ Product: Linux, Linux, Linux (+19 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
ksmbd: reject non-VALID session in compound request branch
smb2_check_user_session() takes a shortcut for any operation that is not
the first in a COMPOUND request: it reuses work->s...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45505
-
π¨ EUVD-2026-45512
π Score: n/a
π¦ Product: Linux, Linux, Linux (+19 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix out-of-bounds read in smb_check_perm_dacl()
The permission-check ACE walk in smb_check_perm_dacl() validates the ACE
header size and caps sid.num_subauth at SID_MAX_SUB_AU...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45512
-
π¨ EUVD-2026-45512
π Score: n/a
π¦ Product: Linux, Linux, Linux (+19 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix out-of-bounds read in smb_check_perm_dacl()
The permission-check ACE walk in smb_check_perm_dacl() validates the ACE
header size and caps sid.num_subauth at SID_MAX_SUB_AU...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45512
-
π¨ EUVD-2026-45513
π Score: n/a
π¦ Product: Linux, Linux, Linux (+13 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
NFSv4/pNFS: reject zero-length r_addr in nfs4_decode_mp_ds_addr
nfs4_decode_mp_ds_addr() decodes the r_netid and r_addr opaques of a
netaddr4 from a GETDEVICEINFO multipath-DS body, ...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45513
-
π¨ EUVD-2026-45506
π Score: n/a
π¦ Product: Linux, Linux, Linux (+13 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
serial: 8250_dw: unregister 8250 port if clk_notifier_register() fails
dw8250_probe() registers the 8250 port via serial8250_register_8250_port()
and then, if the device has a clock,...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45506
-
π¨ EUVD-2026-45506
π Score: n/a
π¦ Product: Linux, Linux, Linux (+13 more)
π’ Vendor: Linux
π Updated: 2026-07-19π In the Linux kernel, the following vulnerability has been resolved:
serial: 8250_dw: unregister 8250 port if clk_notifier_register() fails
dw8250_probe() registers the 8250 port via serial8250_register_8250_port()
and then, if the device has a clock,...π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-45506