#vuln — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #vuln, aggregated by home.social.
-
CVE-2026-49017: HIGH-severity in OpenStack Swift 2.36.0 & 2.37.0. Infinite loop in s3api lets authenticated attackers exhaust proxy workers → DoS risk. Patch to 2.36.2 or 2.37.2+ now! 🔄 https://radar.offseq.com/threat/cve-2026-49017-cwe-835-loop-with-unreachable-exit--0557d1bf #OffSeq #OpenStack #Vuln #DoS
-
CVE-2026-49017: HIGH-severity in OpenStack Swift 2.36.0 & 2.37.0. Infinite loop in s3api lets authenticated attackers exhaust proxy workers → DoS risk. Patch to 2.36.2 or 2.37.2+ now! 🔄 https://radar.offseq.com/threat/cve-2026-49017-cwe-835-loop-with-unreachable-exit--0557d1bf #OffSeq #OpenStack #Vuln #DoS
-
CVE-2026-49017: HIGH-severity in OpenStack Swift 2.36.0 & 2.37.0. Infinite loop in s3api lets authenticated attackers exhaust proxy workers → DoS risk. Patch to 2.36.2 or 2.37.2+ now! 🔄 https://radar.offseq.com/threat/cve-2026-49017-cwe-835-loop-with-unreachable-exit--0557d1bf #OffSeq #OpenStack #Vuln #DoS
-
CVE-2026-49017: HIGH-severity in OpenStack Swift 2.36.0 & 2.37.0. Infinite loop in s3api lets authenticated attackers exhaust proxy workers → DoS risk. Patch to 2.36.2 or 2.37.2+ now! 🔄 https://radar.offseq.com/threat/cve-2026-49017-cwe-835-loop-with-unreachable-exit--0557d1bf #OffSeq #OpenStack #Vuln #DoS
-
🚨 CRITICAL: CVE-2026-9312 (SSRF) in GitHub Enterprise Server 3.16.0 – 3.21.0 lets unauth attackers access internal services via crafted uploads. Patch to 3.16.20+ ASAP! Details: https://radar.offseq.com/threat/cve-2026-9312-cwe-918-server-side-request-forgery--b1f49fcb #OffSeq #SSRF #GitHub #Vuln
-
🚨 CRITICAL: CVE-2026-9312 (SSRF) in GitHub Enterprise Server 3.16.0 – 3.21.0 lets unauth attackers access internal services via crafted uploads. Patch to 3.16.20+ ASAP! Details: https://radar.offseq.com/threat/cve-2026-9312-cwe-918-server-side-request-forgery--b1f49fcb #OffSeq #SSRF #GitHub #Vuln
-
🚨 CRITICAL: CVE-2026-9312 (SSRF) in GitHub Enterprise Server 3.16.0 – 3.21.0 lets unauth attackers access internal services via crafted uploads. Patch to 3.16.20+ ASAP! Details: https://radar.offseq.com/threat/cve-2026-9312-cwe-918-server-side-request-forgery--b1f49fcb #OffSeq #SSRF #GitHub #Vuln
-
🚨 CRITICAL: CVE-2026-9312 (SSRF) in GitHub Enterprise Server 3.16.0 – 3.21.0 lets unauth attackers access internal services via crafted uploads. Patch to 3.16.20+ ASAP! Details: https://radar.offseq.com/threat/cve-2026-9312-cwe-918-server-side-request-forgery--b1f49fcb #OffSeq #SSRF #GitHub #Vuln
-
🚨 CRITICAL: CVE-2026-44895 in yoda-digital mcp-gitlab-server (<0.6.0) allows unauthenticated access to a mutation-capable RPC endpoint, risking full GitLab resource compromise. Upgrade to 0.6.0+ ASAP. https://radar.offseq.com/threat/cve-2026-44895-cwe-306-missing-authentication-for--bc836ac6 #OffSeq #Vuln #GitLab #CVE202644895
-
🚨 CRITICAL: CVE-2026-44895 in yoda-digital mcp-gitlab-server (<0.6.0) allows unauthenticated access to a mutation-capable RPC endpoint, risking full GitLab resource compromise. Upgrade to 0.6.0+ ASAP. https://radar.offseq.com/threat/cve-2026-44895-cwe-306-missing-authentication-for--bc836ac6 #OffSeq #Vuln #GitLab #CVE202644895
-
🚨 CRITICAL: CVE-2026-44895 in yoda-digital mcp-gitlab-server (<0.6.0) allows unauthenticated access to a mutation-capable RPC endpoint, risking full GitLab resource compromise. Upgrade to 0.6.0+ ASAP. https://radar.offseq.com/threat/cve-2026-44895-cwe-306-missing-authentication-for--bc836ac6 #OffSeq #Vuln #GitLab #CVE202644895
-
🚨 CRITICAL: CVE-2026-44895 in yoda-digital mcp-gitlab-server (<0.6.0) allows unauthenticated access to a mutation-capable RPC endpoint, risking full GitLab resource compromise. Upgrade to 0.6.0+ ASAP. https://radar.offseq.com/threat/cve-2026-44895-cwe-306-missing-authentication-for--bc836ac6 #OffSeq #Vuln #GitLab #CVE202644895
-
🚨 CRITICAL: CVE-2026-41090 in Microsoft 365 Copilot for iOS enables remote command injection (CVSS 9.3). Microsoft has patched server-side — verify your service is up to date. More info: https://radar.offseq.com/threat/cve-2026-41090-cwe-77-improper-neutralization-of-s-c8e983a4 #OffSeq #Microsoft #Vuln #InfoSec
-
STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ https://radar.offseq.com/threat/cve-2026-25606-cwe-89-improper-neutralization-of-s-41b4f04f #OffSeq #SQLInjection #Vuln #Infosec
-
STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ https://radar.offseq.com/threat/cve-2026-25606-cwe-89-improper-neutralization-of-s-41b4f04f #OffSeq #SQLInjection #Vuln #Infosec
-
STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ https://radar.offseq.com/threat/cve-2026-25606-cwe-89-improper-neutralization-of-s-41b4f04f #OffSeq #SQLInjection #Vuln #Infosec
-
STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ https://radar.offseq.com/threat/cve-2026-25606-cwe-89-improper-neutralization-of-s-41b4f04f #OffSeq #SQLInjection #Vuln #Infosec
-
🚨 CRITICAL: Cisco Secure Workload REST API flaw (no CVE) lets remote attackers gain Site Admin access on SaaS & on-prem. Update to 3.10.8.3/4.0.3.17 now. No active exploitation, but patch ASAP! https://radar.offseq.com/threat/cisco-patches-critical-vulnerability-in-secure-wor-43a12a98 #OffSeq #Cisco #Vuln #PatchManagement
-
🚨 CRITICAL: Cisco Secure Workload REST API flaw (no CVE) lets remote attackers gain Site Admin access on SaaS & on-prem. Update to 3.10.8.3/4.0.3.17 now. No active exploitation, but patch ASAP! https://radar.offseq.com/threat/cisco-patches-critical-vulnerability-in-secure-wor-43a12a98 #OffSeq #Cisco #Vuln #PatchManagement
-
🚨 CRITICAL: Cisco Secure Workload REST API flaw (no CVE) lets remote attackers gain Site Admin access on SaaS & on-prem. Update to 3.10.8.3/4.0.3.17 now. No active exploitation, but patch ASAP! https://radar.offseq.com/threat/cisco-patches-critical-vulnerability-in-secure-wor-43a12a98 #OffSeq #Cisco #Vuln #PatchManagement
-
🚨 CRITICAL: Cisco Secure Workload REST API flaw (no CVE) lets remote attackers gain Site Admin access on SaaS & on-prem. Update to 3.10.8.3/4.0.3.17 now. No active exploitation, but patch ASAP! https://radar.offseq.com/threat/cisco-patches-critical-vulnerability-in-secure-wor-43a12a98 #OffSeq #Cisco #Vuln #PatchManagement
-
🔥 CVE-2026-33278: Critical use-after-free in NLnet Labs Unbound (1.19.1 – 1.25.0). DNSSEC validator flaw can lead to DoS or RCE if attacker controls DNS zone. Patch: upgrade to 1.25.1. https://radar.offseq.com/threat/cve-2026-33278-cwe-416-use-after-free-in-nlnet-lab-c0de645d #OffSeq #DNSSEC #Vuln #Infosec
-
⚠️ CRITICAL: kitty terminal <0.47.0 vulnerable to integer overflow (CVE-2026-33642). Malicious escape sequences can cause heap memory corruption — no user action needed. Upgrade to 0.47.0+ now! https://radar.offseq.com/threat/cve-2026-33642-cwe-190-integer-overflow-or-wraparo-3fc58bfe #OffSeq #Vuln #KittyTerminal #Infosec
-
⚠️ CRITICAL: kitty terminal <0.47.0 vulnerable to integer overflow (CVE-2026-33642). Malicious escape sequences can cause heap memory corruption — no user action needed. Upgrade to 0.47.0+ now! https://radar.offseq.com/threat/cve-2026-33642-cwe-190-integer-overflow-or-wraparo-3fc58bfe #OffSeq #Vuln #KittyTerminal #Infosec
-
⚠️ CRITICAL: kitty terminal <0.47.0 vulnerable to integer overflow (CVE-2026-33642). Malicious escape sequences can cause heap memory corruption — no user action needed. Upgrade to 0.47.0+ now! https://radar.offseq.com/threat/cve-2026-33642-cwe-190-integer-overflow-or-wraparo-3fc58bfe #OffSeq #Vuln #KittyTerminal #Infosec
-
⚠️ CRITICAL: kitty terminal <0.47.0 vulnerable to integer overflow (CVE-2026-33642). Malicious escape sequences can cause heap memory corruption — no user action needed. Upgrade to 0.47.0+ now! https://radar.offseq.com/threat/cve-2026-33642-cwe-190-integer-overflow-or-wraparo-3fc58bfe #OffSeq #Vuln #KittyTerminal #Infosec
-
@angst_ridden Oh, I am full on (30 year career in infosec and infra), #terraform , #ansible, #argocd, #gha (unfortunately because I hate it), #python and #golang Staff CloudOps Engineer.
My OP was just me bitching about it.
My cool task today is setting up a #capev2 server for #vuln and #mal testing.
-
@angst_ridden Oh, I am full on (30 year career in infosec and infra), #terraform , #ansible, #argocd, #gha (unfortunately because I hate it), #python and #golang Staff CloudOps Engineer.
My OP was just me bitching about it.
My cool task today is setting up a #capev2 server for #vuln and #mal testing.
-
@angst_ridden Oh, I am full on (30 year career in infosec and infra), #terraform , #ansible, #argocd, #gha (unfortunately because I hate it), #python and #golang Staff CloudOps Engineer.
My OP was just me bitching about it.
My cool task today is setting up a #capev2 server for #vuln and #mal testing.
-
@angst_ridden Oh, I am full on (30 year career in infosec and infra), #terraform , #ansible, #argocd, #gha (unfortunately because I hate it), #python and #golang Staff CloudOps Engineer.
My OP was just me bitching about it.
My cool task today is setting up a #capev2 server for #vuln and #mal testing.
-
@angst_ridden Oh, I am full on (30 year career in infosec and infra), #terraform , #ansible, #argocd, #gha (unfortunately because I hate it), #python and #golang Staff CloudOps Engineer.
My OP was just me bitching about it.
My cool task today is setting up a #capev2 server for #vuln and #mal testing.
-
🚨 CVE-2026-8507 (HIGH): Out-of-bounds write in Crypt::OpenSSL::PKCS12 <=1.94 for Perl. Parsing PKCS12 files with >=1GiB OCTET/BIT STRING may lead to RCE. Patch available for cloud-hosted service — update ASAP. No known exploits. https://radar.offseq.com/threat/cve-2026-8507-cwe-787-out-of-bounds-write-in-jonas-652bf5a8 #OffSeq #Vuln #Perl
-
🛡️ CVE-2026-8725: SSRF in CoreWorxLab CAAL v1.0 – 1.6.0 (MEDIUM). Remote, unauthenticated attackers can trigger server requests. No patch; restrict outbound traffic & monitor logs. Exploit is public. https://radar.offseq.com/threat/cve-2026-8725-server-side-request-forgery-in-corew-ac445f41 #OffSeq #SSRF #Vuln #BlueTeam
-
🛡️ CVE-2026-8725: SSRF in CoreWorxLab CAAL v1.0 – 1.6.0 (MEDIUM). Remote, unauthenticated attackers can trigger server requests. No patch; restrict outbound traffic & monitor logs. Exploit is public. https://radar.offseq.com/threat/cve-2026-8725-server-side-request-forgery-in-corew-ac445f41 #OffSeq #SSRF #Vuln #BlueTeam
-
🛡️ CVE-2026-8725: SSRF in CoreWorxLab CAAL v1.0 – 1.6.0 (MEDIUM). Remote, unauthenticated attackers can trigger server requests. No patch; restrict outbound traffic & monitor logs. Exploit is public. https://radar.offseq.com/threat/cve-2026-8725-server-side-request-forgery-in-corew-ac445f41 #OffSeq #SSRF #Vuln #BlueTeam
-
🛡️ CVE-2026-8725: SSRF in CoreWorxLab CAAL v1.0 – 1.6.0 (MEDIUM). Remote, unauthenticated attackers can trigger server requests. No patch; restrict outbound traffic & monitor logs. Exploit is public. https://radar.offseq.com/threat/cve-2026-8725-server-side-request-forgery-in-corew-ac445f41 #OffSeq #SSRF #Vuln #BlueTeam
-
🚨 PoC code for CRITICAL NGINX vuln (CVE-2026-42945) now public! Heap buffer overflow in ngx_http_rewrite_module — can cause DoS or RCE if ASLR is disabled. Patch NGINX Plus/open source ASAP. https://radar.offseq.com/threat/poc-code-published-for-critical-nginx-vulnerabilit-3d78edaa #OffSeq #NGINX #Vuln #InfoSec
-
🚨 PoC code for CRITICAL NGINX vuln (CVE-2026-42945) now public! Heap buffer overflow in ngx_http_rewrite_module — can cause DoS or RCE if ASLR is disabled. Patch NGINX Plus/open source ASAP. https://radar.offseq.com/threat/poc-code-published-for-critical-nginx-vulnerabilit-3d78edaa #OffSeq #NGINX #Vuln #InfoSec
-
🚨 PoC code for CRITICAL NGINX vuln (CVE-2026-42945) now public! Heap buffer overflow in ngx_http_rewrite_module — can cause DoS or RCE if ASLR is disabled. Patch NGINX Plus/open source ASAP. https://radar.offseq.com/threat/poc-code-published-for-critical-nginx-vulnerabilit-3d78edaa #OffSeq #NGINX #Vuln #InfoSec
-
🚨 PoC code for CRITICAL NGINX vuln (CVE-2026-42945) now public! Heap buffer overflow in ngx_http_rewrite_module — can cause DoS or RCE if ASLR is disabled. Patch NGINX Plus/open source ASAP. https://radar.offseq.com/threat/poc-code-published-for-critical-nginx-vulnerabilit-3d78edaa #OffSeq #NGINX #Vuln #InfoSec
-
🚨 CVE-2026-45035 (CRITICAL, CVSS 9.4): Tabby < 1.0.233 exposes users to RCE via tabby:// links. Any click can run OS commands with user privileges. Patch to 1.0.233+ ASAP! https://radar.offseq.com/threat/cve-2026-45035-cwe-78-improper-neutralization-of-s-e1b4240b #OffSeq #RCE #Tabby #Vuln
-
🚨 CVE-2026-45035 (CRITICAL, CVSS 9.4): Tabby < 1.0.233 exposes users to RCE via tabby:// links. Any click can run OS commands with user privileges. Patch to 1.0.233+ ASAP! https://radar.offseq.com/threat/cve-2026-45035-cwe-78-improper-neutralization-of-s-e1b4240b #OffSeq #RCE #Tabby #Vuln
-
🚨 CVE-2026-45035 (CRITICAL, CVSS 9.4): Tabby < 1.0.233 exposes users to RCE via tabby:// links. Any click can run OS commands with user privileges. Patch to 1.0.233+ ASAP! https://radar.offseq.com/threat/cve-2026-45035-cwe-78-improper-neutralization-of-s-e1b4240b #OffSeq #RCE #Tabby #Vuln
-
🚨 CVE-2026-45035 (CRITICAL, CVSS 9.4): Tabby < 1.0.233 exposes users to RCE via tabby:// links. Any click can run OS commands with user privileges. Patch to 1.0.233+ ASAP! https://radar.offseq.com/threat/cve-2026-45035-cwe-78-improper-neutralization-of-s-e1b4240b #OffSeq #RCE #Tabby #Vuln
-
⚠️ HIGH severity: CVE-2026-28761 impacts Fujitsu Musetheque V4 for IPKNOWLEDGE (≤V4L1 rev2203.0). CSRF flaw allows unwanted actions if logged-in users visit malicious pages. Patch status unknown. https://radar.offseq.com/threat/cve-2026-28761-cross-site-request-forgery-csrf-in--3c8966ad #OffSeq #CSRF #Fujitsu #Vuln
-
⚠️ HIGH severity: CVE-2026-28761 impacts Fujitsu Musetheque V4 for IPKNOWLEDGE (≤V4L1 rev2203.0). CSRF flaw allows unwanted actions if logged-in users visit malicious pages. Patch status unknown. https://radar.offseq.com/threat/cve-2026-28761-cross-site-request-forgery-csrf-in--3c8966ad #OffSeq #CSRF #Fujitsu #Vuln
-
⚠️ HIGH severity: CVE-2026-28761 impacts Fujitsu Musetheque V4 for IPKNOWLEDGE (≤V4L1 rev2203.0). CSRF flaw allows unwanted actions if logged-in users visit malicious pages. Patch status unknown. https://radar.offseq.com/threat/cve-2026-28761-cross-site-request-forgery-csrf-in--3c8966ad #OffSeq #CSRF #Fujitsu #Vuln
-
⚠️ HIGH severity: CVE-2026-28761 impacts Fujitsu Musetheque V4 for IPKNOWLEDGE (≤V4L1 rev2203.0). CSRF flaw allows unwanted actions if logged-in users visit malicious pages. Patch status unknown. https://radar.offseq.com/threat/cve-2026-28761-cross-site-request-forgery-csrf-in--3c8966ad #OffSeq #CSRF #Fujitsu #Vuln
-
⚠️ CRITICAL: CVE-2026-0481 in AMD Instinct™ MI210 (ROCm). Unrestricted IP binding allows remote attackers to modify GPU configs — could cause availability loss. Awaiting mitigation. Details: https://radar.offseq.com/threat/cve-2026-0481-cwe-1327-binding-to-an-unrestricted--12062e2f #OffSeq #AMD #Vuln #ROCm #GPUsecurity
-
⚠️ CRITICAL: CVE-2026-0481 in AMD Instinct™ MI210 (ROCm). Unrestricted IP binding allows remote attackers to modify GPU configs — could cause availability loss. Awaiting mitigation. Details: https://radar.offseq.com/threat/cve-2026-0481-cwe-1327-binding-to-an-unrestricted--12062e2f #OffSeq #AMD #Vuln #ROCm #GPUsecurity