home.social

#vuln — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #vuln, aggregated by home.social.

  1. CVE-2026-49017: HIGH-severity in OpenStack Swift 2.36.0 & 2.37.0. Infinite loop in s3api lets authenticated attackers exhaust proxy workers → DoS risk. Patch to 2.36.2 or 2.37.2+ now! 🔄 radar.offseq.com/threat/cve-20 #OffSeq #OpenStack #Vuln #DoS

  2. CVE-2026-49017: HIGH-severity in OpenStack Swift 2.36.0 & 2.37.0. Infinite loop in s3api lets authenticated attackers exhaust proxy workers → DoS risk. Patch to 2.36.2 or 2.37.2+ now! 🔄 radar.offseq.com/threat/cve-20 #OffSeq #OpenStack #Vuln #DoS

  3. CVE-2026-49017: HIGH-severity in OpenStack Swift 2.36.0 & 2.37.0. Infinite loop in s3api lets authenticated attackers exhaust proxy workers → DoS risk. Patch to 2.36.2 or 2.37.2+ now! 🔄 radar.offseq.com/threat/cve-20 #OffSeq #OpenStack #Vuln #DoS

  4. CVE-2026-49017: HIGH-severity in OpenStack Swift 2.36.0 & 2.37.0. Infinite loop in s3api lets authenticated attackers exhaust proxy workers → DoS risk. Patch to 2.36.2 or 2.37.2+ now! 🔄 radar.offseq.com/threat/cve-20 #OffSeq #OpenStack #Vuln #DoS

  5. 🚨 CRITICAL: CVE-2026-9312 (SSRF) in GitHub Enterprise Server 3.16.0 – 3.21.0 lets unauth attackers access internal services via crafted uploads. Patch to 3.16.20+ ASAP! Details: radar.offseq.com/threat/cve-20 #OffSeq #SSRF #GitHub #Vuln

  6. 🚨 CRITICAL: CVE-2026-9312 (SSRF) in GitHub Enterprise Server 3.16.0 – 3.21.0 lets unauth attackers access internal services via crafted uploads. Patch to 3.16.20+ ASAP! Details: radar.offseq.com/threat/cve-20 #OffSeq #SSRF #GitHub #Vuln

  7. 🚨 CRITICAL: CVE-2026-9312 (SSRF) in GitHub Enterprise Server 3.16.0 – 3.21.0 lets unauth attackers access internal services via crafted uploads. Patch to 3.16.20+ ASAP! Details: radar.offseq.com/threat/cve-20 #OffSeq #SSRF #GitHub #Vuln

  8. 🚨 CRITICAL: CVE-2026-9312 (SSRF) in GitHub Enterprise Server 3.16.0 – 3.21.0 lets unauth attackers access internal services via crafted uploads. Patch to 3.16.20+ ASAP! Details: radar.offseq.com/threat/cve-20 #OffSeq #SSRF #GitHub #Vuln

  9. 🚨 CRITICAL: CVE-2026-44895 in yoda-digital mcp-gitlab-server (<0.6.0) allows unauthenticated access to a mutation-capable RPC endpoint, risking full GitLab resource compromise. Upgrade to 0.6.0+ ASAP. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #GitLab #CVE202644895

  10. 🚨 CRITICAL: CVE-2026-44895 in yoda-digital mcp-gitlab-server (<0.6.0) allows unauthenticated access to a mutation-capable RPC endpoint, risking full GitLab resource compromise. Upgrade to 0.6.0+ ASAP. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #GitLab #CVE202644895

  11. 🚨 CRITICAL: CVE-2026-44895 in yoda-digital mcp-gitlab-server (<0.6.0) allows unauthenticated access to a mutation-capable RPC endpoint, risking full GitLab resource compromise. Upgrade to 0.6.0+ ASAP. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #GitLab #CVE202644895

  12. 🚨 CRITICAL: CVE-2026-44895 in yoda-digital mcp-gitlab-server (<0.6.0) allows unauthenticated access to a mutation-capable RPC endpoint, risking full GitLab resource compromise. Upgrade to 0.6.0+ ASAP. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #GitLab #CVE202644895

  13. 🚨 CRITICAL: CVE-2026-41090 in Microsoft 365 Copilot for iOS enables remote command injection (CVSS 9.3). Microsoft has patched server-side — verify your service is up to date. More info: radar.offseq.com/threat/cve-20 #OffSeq #Microsoft #Vuln #InfoSec

  14. STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Vuln #Infosec

  15. STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Vuln #Infosec

  16. STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Vuln #Infosec

  17. STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #Vuln #Infosec

  18. 🚨 CRITICAL: Cisco Secure Workload REST API flaw (no CVE) lets remote attackers gain Site Admin access on SaaS & on-prem. Update to 3.10.8.3/4.0.3.17 now. No active exploitation, but patch ASAP! radar.offseq.com/threat/cisco- #OffSeq #Cisco #Vuln #PatchManagement

  19. 🚨 CRITICAL: Cisco Secure Workload REST API flaw (no CVE) lets remote attackers gain Site Admin access on SaaS & on-prem. Update to 3.10.8.3/4.0.3.17 now. No active exploitation, but patch ASAP! radar.offseq.com/threat/cisco- #OffSeq #Cisco #Vuln #PatchManagement

  20. 🚨 CRITICAL: Cisco Secure Workload REST API flaw (no CVE) lets remote attackers gain Site Admin access on SaaS & on-prem. Update to 3.10.8.3/4.0.3.17 now. No active exploitation, but patch ASAP! radar.offseq.com/threat/cisco- #OffSeq #Cisco #Vuln #PatchManagement

  21. 🚨 CRITICAL: Cisco Secure Workload REST API flaw (no CVE) lets remote attackers gain Site Admin access on SaaS & on-prem. Update to 3.10.8.3/4.0.3.17 now. No active exploitation, but patch ASAP! radar.offseq.com/threat/cisco- #OffSeq #Cisco #Vuln #PatchManagement

  22. 🔥 CVE-2026-33278: Critical use-after-free in NLnet Labs Unbound (1.19.1 – 1.25.0). DNSSEC validator flaw can lead to DoS or RCE if attacker controls DNS zone. Patch: upgrade to 1.25.1. radar.offseq.com/threat/cve-20 #OffSeq #DNSSEC #Vuln #Infosec

  23. ⚠️ CRITICAL: kitty terminal <0.47.0 vulnerable to integer overflow (CVE-2026-33642). Malicious escape sequences can cause heap memory corruption — no user action needed. Upgrade to 0.47.0+ now! radar.offseq.com/threat/cve-20 #OffSeq #Vuln #KittyTerminal #Infosec

  24. ⚠️ CRITICAL: kitty terminal <0.47.0 vulnerable to integer overflow (CVE-2026-33642). Malicious escape sequences can cause heap memory corruption — no user action needed. Upgrade to 0.47.0+ now! radar.offseq.com/threat/cve-20 #OffSeq #Vuln #KittyTerminal #Infosec

  25. ⚠️ CRITICAL: kitty terminal <0.47.0 vulnerable to integer overflow (CVE-2026-33642). Malicious escape sequences can cause heap memory corruption — no user action needed. Upgrade to 0.47.0+ now! radar.offseq.com/threat/cve-20 #OffSeq #Vuln #KittyTerminal #Infosec

  26. ⚠️ CRITICAL: kitty terminal <0.47.0 vulnerable to integer overflow (CVE-2026-33642). Malicious escape sequences can cause heap memory corruption — no user action needed. Upgrade to 0.47.0+ now! radar.offseq.com/threat/cve-20 #OffSeq #Vuln #KittyTerminal #Infosec

  27. @angst_ridden Oh, I am full on (30 year career in infosec and infra), #terraform , #ansible, #argocd, #gha (unfortunately because I hate it), #python and #golang Staff CloudOps Engineer.

    My OP was just me bitching about it.

    My cool task today is setting up a #capev2 server for #vuln and #mal testing.

  28. @angst_ridden Oh, I am full on (30 year career in infosec and infra), #terraform , #ansible, #argocd, #gha (unfortunately because I hate it), #python and #golang Staff CloudOps Engineer.

    My OP was just me bitching about it.

    My cool task today is setting up a #capev2 server for #vuln and #mal testing.

  29. @angst_ridden Oh, I am full on (30 year career in infosec and infra), #terraform , #ansible, #argocd, #gha (unfortunately because I hate it), #python and #golang Staff CloudOps Engineer.

    My OP was just me bitching about it.

    My cool task today is setting up a #capev2 server for #vuln and #mal testing.

  30. @angst_ridden Oh, I am full on (30 year career in infosec and infra), #terraform , #ansible, #argocd, #gha (unfortunately because I hate it), #python and #golang Staff CloudOps Engineer.

    My OP was just me bitching about it.

    My cool task today is setting up a #capev2 server for #vuln and #mal testing.

  31. @angst_ridden Oh, I am full on (30 year career in infosec and infra), #terraform , #ansible, #argocd, #gha (unfortunately because I hate it), #python and #golang Staff CloudOps Engineer.

    My OP was just me bitching about it.

    My cool task today is setting up a #capev2 server for #vuln and #mal testing.

  32. 🚨 CVE-2026-8507 (HIGH): Out-of-bounds write in Crypt::OpenSSL::PKCS12 <=1.94 for Perl. Parsing PKCS12 files with >=1GiB OCTET/BIT STRING may lead to RCE. Patch available for cloud-hosted service — update ASAP. No known exploits. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #Perl

  33. 🛡️ CVE-2026-8725: SSRF in CoreWorxLab CAAL v1.0 – 1.6.0 (MEDIUM). Remote, unauthenticated attackers can trigger server requests. No patch; restrict outbound traffic & monitor logs. Exploit is public. radar.offseq.com/threat/cve-20 #OffSeq #SSRF #Vuln #BlueTeam

  34. 🛡️ CVE-2026-8725: SSRF in CoreWorxLab CAAL v1.0 – 1.6.0 (MEDIUM). Remote, unauthenticated attackers can trigger server requests. No patch; restrict outbound traffic & monitor logs. Exploit is public. radar.offseq.com/threat/cve-20 #OffSeq #SSRF #Vuln #BlueTeam

  35. 🛡️ CVE-2026-8725: SSRF in CoreWorxLab CAAL v1.0 – 1.6.0 (MEDIUM). Remote, unauthenticated attackers can trigger server requests. No patch; restrict outbound traffic & monitor logs. Exploit is public. radar.offseq.com/threat/cve-20 #OffSeq #SSRF #Vuln #BlueTeam

  36. 🛡️ CVE-2026-8725: SSRF in CoreWorxLab CAAL v1.0 – 1.6.0 (MEDIUM). Remote, unauthenticated attackers can trigger server requests. No patch; restrict outbound traffic & monitor logs. Exploit is public. radar.offseq.com/threat/cve-20 #OffSeq #SSRF #Vuln #BlueTeam

  37. 🚨 PoC code for CRITICAL NGINX vuln (CVE-2026-42945) now public! Heap buffer overflow in ngx_http_rewrite_module — can cause DoS or RCE if ASLR is disabled. Patch NGINX Plus/open source ASAP. radar.offseq.com/threat/poc-co #OffSeq #NGINX #Vuln #InfoSec

  38. 🚨 PoC code for CRITICAL NGINX vuln (CVE-2026-42945) now public! Heap buffer overflow in ngx_http_rewrite_module — can cause DoS or RCE if ASLR is disabled. Patch NGINX Plus/open source ASAP. radar.offseq.com/threat/poc-co #OffSeq #NGINX #Vuln #InfoSec

  39. 🚨 PoC code for CRITICAL NGINX vuln (CVE-2026-42945) now public! Heap buffer overflow in ngx_http_rewrite_module — can cause DoS or RCE if ASLR is disabled. Patch NGINX Plus/open source ASAP. radar.offseq.com/threat/poc-co #OffSeq #NGINX #Vuln #InfoSec

  40. 🚨 PoC code for CRITICAL NGINX vuln (CVE-2026-42945) now public! Heap buffer overflow in ngx_http_rewrite_module — can cause DoS or RCE if ASLR is disabled. Patch NGINX Plus/open source ASAP. radar.offseq.com/threat/poc-co #OffSeq #NGINX #Vuln #InfoSec

  41. 🚨 CVE-2026-45035 (CRITICAL, CVSS 9.4): Tabby < 1.0.233 exposes users to RCE via tabby:// links. Any click can run OS commands with user privileges. Patch to 1.0.233+ ASAP! radar.offseq.com/threat/cve-20 #OffSeq #RCE #Tabby #Vuln

  42. 🚨 CVE-2026-45035 (CRITICAL, CVSS 9.4): Tabby < 1.0.233 exposes users to RCE via tabby:// links. Any click can run OS commands with user privileges. Patch to 1.0.233+ ASAP! radar.offseq.com/threat/cve-20 #OffSeq #RCE #Tabby #Vuln

  43. 🚨 CVE-2026-45035 (CRITICAL, CVSS 9.4): Tabby < 1.0.233 exposes users to RCE via tabby:// links. Any click can run OS commands with user privileges. Patch to 1.0.233+ ASAP! radar.offseq.com/threat/cve-20 #OffSeq #RCE #Tabby #Vuln

  44. 🚨 CVE-2026-45035 (CRITICAL, CVSS 9.4): Tabby < 1.0.233 exposes users to RCE via tabby:// links. Any click can run OS commands with user privileges. Patch to 1.0.233+ ASAP! radar.offseq.com/threat/cve-20 #OffSeq #RCE #Tabby #Vuln

  45. ⚠️ HIGH severity: CVE-2026-28761 impacts Fujitsu Musetheque V4 for IPKNOWLEDGE (≤V4L1 rev2203.0). CSRF flaw allows unwanted actions if logged-in users visit malicious pages. Patch status unknown. radar.offseq.com/threat/cve-20 #OffSeq #CSRF #Fujitsu #Vuln

  46. ⚠️ HIGH severity: CVE-2026-28761 impacts Fujitsu Musetheque V4 for IPKNOWLEDGE (≤V4L1 rev2203.0). CSRF flaw allows unwanted actions if logged-in users visit malicious pages. Patch status unknown. radar.offseq.com/threat/cve-20 #OffSeq #CSRF #Fujitsu #Vuln

  47. ⚠️ HIGH severity: CVE-2026-28761 impacts Fujitsu Musetheque V4 for IPKNOWLEDGE (≤V4L1 rev2203.0). CSRF flaw allows unwanted actions if logged-in users visit malicious pages. Patch status unknown. radar.offseq.com/threat/cve-20 #OffSeq #CSRF #Fujitsu #Vuln

  48. ⚠️ HIGH severity: CVE-2026-28761 impacts Fujitsu Musetheque V4 for IPKNOWLEDGE (≤V4L1 rev2203.0). CSRF flaw allows unwanted actions if logged-in users visit malicious pages. Patch status unknown. radar.offseq.com/threat/cve-20 #OffSeq #CSRF #Fujitsu #Vuln

  49. ⚠️ CRITICAL: CVE-2026-0481 in AMD Instinct™ MI210 (ROCm). Unrestricted IP binding allows remote attackers to modify GPU configs — could cause availability loss. Awaiting mitigation. Details: radar.offseq.com/threat/cve-20 #OffSeq #AMD #Vuln #ROCm #GPUsecurity

  50. ⚠️ CRITICAL: CVE-2026-0481 in AMD Instinct™ MI210 (ROCm). Unrestricted IP binding allows remote attackers to modify GPU configs — could cause availability loss. Awaiting mitigation. Details: radar.offseq.com/threat/cve-20 #OffSeq #AMD #Vuln #ROCm #GPUsecurity