Topics tagged under "cve"

The digital town square for the concert band community.

Connect with local ensembles, trade repertoire insights, and keep the pulse of the wind band world.

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

M

🔴 New security advisory:
Watching Ignoring Scheduled Pinned Locked Moved World cve zeroday threatintel
1

0 Votes

1 Posts

0 Views

M

New security advisory:CVE-2026-42208 affects Litellm.• Impact: Remote code execution or complete system compromise possible• Risk: Attackers can gain full control of affected systems• Mitigation: Patch immediately or isolate affected systemsFull breakdown:https://www.yazoul.net/advisory/cve/cve-2026-42208-litellm-sql-injection-exploited-in-wild#CVE #ZeroDay #ThreatIntel
S

🚨 [CISA-2026:0507] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0507)
Watching Ignoring Scheduled Pinned Locked Moved World secdb infosec cve cisakev cisa20260507
1

0 Votes

1 Posts

0 Views

S

[CISA-2026:0507] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0507)CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.️ CVE-2026-6973 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6973)- Name: Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Ivanti- Product: Endpoint Manager Mobile (EPMM)- Notes: https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-6973#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260507 #cisa20260507 #cve_2026_6973 #cve20266973
I

Another AI service that's dangerous when exposed to the internet?
Watching Ignoring Scheduled Pinned Locked Moved World cve threatintel threatintellige ifin
1

0 Votes

1 Posts

0 Views

I

Another AI service that's dangerous when exposed to the internet? Well I never!Anyway go check for exposed Ollama endpoints.https://discourse.ifin.network/t/unauthenticated-memory-leak-in-ollama-cve-2026-7482/389#CVE #ThreatIntel #ThreatIntelligence #IFIN
M

🚨 New security advisory:
Watching Ignoring Scheduled Pinned Locked Moved World cve patchnow infoseccommunit
1

0 Votes

1 Posts

0 Views

M

New security advisory:CVE-2026-26332 affects multiple systems.• Impact: Remote code execution or complete system compromise possible• Risk: Attackers can gain full control of affected systems• Mitigation: Patch immediately or isolate affected systemsFull breakdown:https://www.yazoul.net/advisory/cve/cve-2026-26332-vm2-sandbox-escape-rce#CVE #PatchNow #InfoSecCommunity
M

🚨 New security advisory:
Watching Ignoring Scheduled Pinned Locked Moved World cve vulnerabilityma cybersec
1

0 Votes

1 Posts

0 Views

M

New security advisory:CVE-2026-42779 affects Apache Mina.• Impact: Remote code execution or complete system compromise possible• Risk: Attackers can gain full control of affected systems• Mitigation: Patch immediately or isolate affected systemsFull breakdown:https://www.yazoul.net/advisory/cve/cve-2026-42779-mina-unauthenticated-rce-via-bad-fix#CVE #VulnerabilityManagement #CyberSec
S

🚨 [CISA-2026:0501] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0501)
Watching Ignoring Scheduled Pinned Locked Moved World secdb infosec cve cisakev cisa20260501
1

0 Votes

1 Posts

0 Views

S

[CISA-2026:0501] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0501)CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.️ CVE-2026-31431 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-31431)- Name: Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability- Action: "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Linux- Product: Kernel- Notes: https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/; https://xint.io/blog/copy-fail-linux-distributions#the-fix-6 ; https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/about/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-31431#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260501 #cisa20260501 #cve_2026_31431 #cve202631431
S

🚨 [CISA-2026:0428] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0428)
Watching Ignoring Scheduled Pinned Locked Moved World secdb infosec cve cisakev cisa20260428
1

0 Votes

1 Posts

0 Views

S

[CISA-2026:0428] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0428)CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.️ CVE-2024-1708 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-1708)- Name: ConnectWise ScreenConnect Path Traversal Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: ConnectWise- Product: ScreenConnect- Notes: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 ; https://nvd.nist.gov/vuln/detail/CVE-2024-1708️ CVE-2026-32202 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32202)- Name: Microsoft Windows Protection Mechanism Failure Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Microsoft- Product: Windows- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32202 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32202#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260428 #cisa20260428 #cve_2024_1708 #cve_2026_32202 #cve20241708 #cve202632202
C

OpenAI is now a CVE Numbering Authority assigning CVE IDs for vulnerabilities in OpenAI installed software including desktop apps, mobile apps, & SDKs only https://cve.org/Media/News/item/news/2026/04/28/OpenAI-Added-as-CNA #cve #cna #vulnerability #vulnerabilitymanagement #cybersecurity #ai
Watching Ignoring Scheduled Pinned Locked Moved World cve cna vulnerability vulnerabilityma cybersecurity
2

1

0 Votes

2 Posts

0 Views

A

@CVE_Program Who issues CVEs for OpenAI's SaaS offerings?
A

CVE-2026-3854: any authenticated GitHub user could RCE the backend with a git push.
Watching Ignoring Scheduled Pinned Locked Moved World infosec supplychain github cve
1

0 Votes

1 Posts

0 Views

A

CVE-2026-3854: any authenticated GitHub user could RCE the backend with a git push. Unsanitized semicolons in push options → X-Stat header injection → sandbox bypass → code execution.Same day, a survey of 18 months of supply chain attacks all tracing back to GitHub Actions.Same structural problem at two layers.New post: https://alexreed.srht.site/blog/github-rce-actions-weakest-link.html#infosec #supplychain #github #CVE
C

#OT #Advisory VDE-2026-040CODESYS EtherNetIP - Improper timeout handling
Watching Ignoring Scheduled Pinned Locked Moved World advisory cve ocsaf csaf
1

0 Votes

1 Posts

0 Views

C

#OT #Advisory VDE-2026-040CODESYS EtherNetIP - Improper timeout handlingCODESYS EtherNet/IP is an add‑on for the CODESYS Development System that provides a fully integrated EtherNet/IP protocol stack along with diagnostic capabilities. A flaw in the EtherNet/IP adapter protocol stack library results in a vulnerability within the generated application code. When an EtherNet/IP adapter is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.#CVE CVE-2026-35225https://certvde.com/en/advisories/vde-2026-040/#oCSAF#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-2026-040.json
C

#OT #Advisory VDE-2026-032Endress+Hauser: sudo vulnerability affects Endress+Hauser MCS200HW
Watching Ignoring Scheduled Pinned Locked Moved World advisory cve csaf
1

0 Votes

1 Posts

0 Views

C

#OT #Advisory VDE-2026-032Endress+Hauser: sudo vulnerability affects Endress+Hauser MCS200HWThe display unit of the Endress+Hauser MCS200HW is affected by a sudo chroot vulnerability.#CVE CVE-2025-32463https://certvde.com/en/advisories/vde-2026-032/#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-032.json