2026-01-27
2026-01-27 19:16Z
HIGH

CVE-2026-24882 — Gnupg Gnupg: In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24882

In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys. CVSSv3.1 8.4 (HIGH)

CWECWE 121VNDGnupgVNDGpg4winTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-01-27
2026-01-27 19:16Z
HIGH

CVE-2026-24881 — Gnupg Gnupg: In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution. CVSSv3.1 8.1 (HIGH)

CWECWE 121VNDGnupgVNDGpg4winTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-27
2026-01-27 16:16Z
HIGH

CVE-2026-24869 — Mozilla Firefox: Use-after-free in the Layout: Scrolling and Overflow component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24869

Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2. CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDMozillaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-01-27
2026-01-27 16:16Z
HIGH

CVE-2025-15467 — Openssl Openssl: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verif CVSSv3.1 8.8 (HIGH) · EPSS 76th percentile

CWECWE 787VNDOpensslTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-01-27
2026-01-27 15:02Z
HIGH

kernel-security-learning — Anything about kernel security. CTF kernel pwn, kernel exploit, kernel fuzz and kernel defense paper, kernel debugging

A comprehensive curated repository documenting Linux kernel security research, exploitation techniques, and defense mechanisms. Covers CTF kernel pwn challenges, kernel exploit writeups, fuzzing methodologies, and academic papers spanning 2011–2025 on kernel vulnerability detection, exploitation primitives, and hardening defenses.

SRFOsTACTA0004TACTA0005TYPResearchTYPToolTYPWriteupSTGPrivescSTGExecution
72
Edit Score
2026-01-27
2026-01-27 09:15Z
HIGH

CVE-2026-21721 — Grafana Grafana: This is an organization‑internal privilege escalation.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-21721

The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation. CVSSv3.1 8.1 (HIGH)

CWECWE 639CWECWE 863VNDApiVNDGrafanaTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-01-27
2026-01-27 01:16Z
HIGH

CVE-2026-24486 — Fastapiexpert Python-multipart: Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24486

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Users should upgrade to version 0.0.22 to receive a patch or, as a workaround, avoid using `UPLOAD_KEEP_FILENAME=True` in project configurations. CVSSv3.1 8.6 (HIGH)

CWECWE 22VNDFastapiexpertTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-01-26
2026-01-26 20:16Z
HIGH

CVE-2025-14459 — KubeVirt: This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-14459

A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism. CVSSv3.1 8.5 (HIGH)

CWECWE 639VNDKubevirtTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-01-26
2026-01-26 18:16Z
HIGH

CVE-2026-21509 — Microsoft 365_apps: Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-21509in the wild

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally. CVSSv3.1 7.8 (HIGH) · EPSS 99th percentile

CWECWE 807VNDMicrosoftVNDRelianceTYPVulnerabilitySTAitw exploited
7.8
CVSS v3.1
100
Edit Score
2026-01-26
2026-01-26 18:06Z
HIGH

awesome-edr-bypass — Awesome EDR Bypass Resources For Ethical Hacking

GitHub · EDR bypass / evasion·github.comGITHUB POC

A curated GitHub repository aggregating EDR bypass techniques, tools, and research including syscall hooking evasion (Hell's Gate, SysWhispers), kernel callback removal, WFP-based telemetry blocking, and BYOVD/retrosigned driver abuse. The collection spans PoCs, frameworks, workshops, and conference presentations documenting methods to evade modern endpoint detection systems.

SRFApplicationSRFOsTACTA0005TYPResearchTYPToolSTGDefense EvasionTECT1548TECT1036
72
Edit Score
2026-01-26
2026-01-26 13:00Z
HIGH

Nuclei Templates v10.3.8 – Release Notes

Nuclei Templates v10.3.8 adds 457 new detection templates covering 43 CVEs, including critical RCE vulnerabilities in n8n webhooks, SmarterMail admin reset, and pgAdmin unauthenticated access. The release includes significant bug fixes reducing false positives in regex-based detections and correcting path issues in existing templates.

SRFApplicationVNDProjectdiscoveryTYPToolTYPVulnerabilitySTGRecon
6.4
CVSS v3.1
72
Edit Score
2026-01-26
2026-01-26 08:00Z
HIGH

Bypassing Windows Administrator Protection

Project Zero·googleprojectzero.blogspot.com

Google Project Zero researcher disclosed nine separate vulnerabilities in Windows 11's new Administrator Protection feature (25H2), a replacement for UAC designed to create a secure boundary for privilege elevation. The most critical bypass exploits logon session handling in DOS device object directories, allowing a limited user to hijack administrator process file access through token manipulation and symbolic link injection. All nine issues were patched either before official release (KB5067036) or in subsequent security bulletins.

SRFOsTACTA0004TACTA0005VNDMicrosoftTYPResearchTYPVulnerabilitySTGDefense EvasionSTGPrivesc
82
Edit Score
2026-01-26
2026-01-26 00:00Z
HIGH

Pwn2Own: Researchers Earn $1 Million for 76 Zero-Days

Trend Micro Research·trendmicro.com0day

Pwn2Own Automotive 2026 in Tokyo disclosed 76 zero-day vulnerabilities across connected vehicles, EV chargers, and automotive infotainment systems, with researchers earning $1.047M in prizes. Notable exploits included NFC-based attacks on EV chargers, USB-based Tesla infotainment compromise, and signal manipulation attacks on charging infrastructure. TrendAI ZDI claims to protect customers from disclosed zero-days an average of 71 days ahead of industry disclosure.

SRFNetwork ApplianceVNDTeslaVNDAutelVNDChargepointVNDTrend MicroTYPResearchTYPThreat IntelSTGExecution
72
Edit Score
2026-01-26
2026-01-26 00:00Z
HIGH

PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups

Trend Micro Research·trendmicro.comCVE-2020-16040in the wild

Trend Micro disclosed PeckBirdy, a JScript-based C&C framework deployed by China-aligned APT groups since 2023 targeting gambling industries and Asian government entities. The framework executes across multiple environments (browsers, MSHTA, WScript, ASP, Node.js, .NET) via LOLBins, delivering modular backdoors HOLODONUT and MKDOOR. Two campaigns—SHADOW-VOID-044 and SHADOW-EARTH-045—demonstrate coordinated activity using stolen code-signing certificates, Cobalt Strike payloads, and CVE-2020-16040 exploitation.

SRFApplicationSRFOsTACTA0001TACTA0002SRFWebTACTA0011VNDTrend MicroTYPResearch
82
Edit Score
2026-01-25
2026-01-25 05:35Z
CRIT

eureka_panther-adreno-gpu-exploit-1 — Our first exploit: a memory corruption vulnerability in the Adreno GPU driver for Eureka/Panther (3/3s) devices, enablin

GitHub · LPE exploits·github.comGITHUB POCCVE-2025-21479

FreeXR released a full exploit chain for Meta Quest 3/3s devices (eureka/panther) targeting a memory corruption vulnerability in the Adreno GPU driver (/dev/kgsl-3d0). The exploit achieves arbitrary kernel memory read/write, SELinux disablement, and root privilege escalation. The vulnerability has existed since the device's public release and was disclosed responsibly to Meta after they failed to act.

TACTA0004SRFFirmwareSRFHardwareVNDQualcommVNDMetaTYPWriteupTYPExploitSTGPrivesc
82
Edit Score
2026-01-24
2026-01-24 01:15Z
CRIT

CVE-2026-22586 — Salesforce Marketing_cloud_engagement: Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22586

Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026. CVSSv3.1 9.8 (CRITICAL) · EPSS 6th percentile

CWECWE 321VNDSalesforceVNDHardTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-01-23
2026-01-23 21:15Z
CRIT

CVE-2025-52025 — Aptsys Gemscms_backend: An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52025

An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows an attacker to inject and execute arbitrary SQL code by submitting crafted input in the id parameter, leading to unauthorized data access or modification. CVSSv3.1 9.4 (CRITICAL) · EPSS 25th percentile

CWECWE 89VNDAptsysTYPVulnerability
9.4
CVSS v3.1
97
Edit Score
2026-01-23
2026-01-23 21:15Z
CRIT

CVE-2025-52024 — Aptsys Gemscms_backend: A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services, each with an HTML form for submitting test input. These panels are intended for developer use, but are accessible in production environments with no authentication or session validati CVSSv3.1 9.4 (CRITICAL) · EPSS 33th percentile

CWECWE 862CWECWE 306CWECWE 425VNDAptsysTYPVulnerability
9.4
CVSS v3.1
97
Edit Score
2026-01-23
2026-01-23 17:47Z
HIGH

Hacking Humans: Social Engineering and the Psychology

SpecterOps·specterops.io

SpecterOps consultant John Wotton details social engineering methodology for physical access, emphasizing OSINT collection, environmental pattern recognition, and exploitation of human cognitive biases (automation bias, routine, authority, avoidance). The article maps psychological vulnerabilities—including the Swiss Cheese Model—that defenders can exploit to improve security posture through training rather than technology alone.

TACTA0001TACTA0002TYPResearchTYPTechniqueSTGInitial AccessSTGRecon
72
Edit Score
2026-01-23
2026-01-23 16:15Z
CRIT

CVE-2026-22984 — Linux Linux_kernel: In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22984

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout. [ idryomov: changelog ] CVSSv3.1 9.8 (CRITICAL) · EPSS 1th percentile

CWECWE 125TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-01-23
2026-01-23 15:16Z
HIGH

CVE-2026-24572 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-24572

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Content: from n/a through <= 4.2.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-01-23
2026-01-23 13:15Z
CRIT

CVE-2025-4320 — Authentication: Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-4320

Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation. This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 10.0 (CRITICAL) · EPSS 11th percentile

CWECWE 640CWECWE 305TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-01-23
2026-01-23 13:15Z
CRIT

CVE-2025-4319 — Restriction: Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-4319

Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation. This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. CVSSv3.1 9.4 (CRITICAL) · EPSS 10th percentile

CWECWE 640CWECWE 307TYPVulnerability
9.4
CVSS v3.1
97
Edit Score
2026-01-23
2026-01-23 10:19Z
CRIT

Nuclei Templates v10.3.7 – Release Notes

Nuclei Templates v10.3.7 release adds 102 new detection templates covering 42 CVEs, including critical RCE and authentication bypass vulnerabilities across SmarterMail, Langflow AI, RustFS, SolarWinds Web Help Desk, and legacy systems. The release includes templates for recent 2025 vulnerabilities alongside historical CVEs with public exploits, enabling rapid vulnerability scanning across enterprise infrastructure.

SRFApplicationTACTA0004TACTA0001TACTA0002SRFWebTACTA0003VNDProjectdiscoveryTYPTool
7.3
CVSS v3.1
62
Edit Score
2026-01-23
2026-01-23 07:15Z
HIGH

CVE-2026-0603 — Hibernate: A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-0603

A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service. CVSSv3.1 8.3 (HIGH)

CWECWE 89VNDHibernateTYPVulnerability
8.3
CVSS v3.1
92
Edit Score