CVE | THREATINT

Welcome

This is a free service provided by THREATINT. It is hosted in Europe

It contains information on publicly disclosed cyber security vulnerabilities based on data from the CVE® Program, please see the official CVE website and CVE List V5 on GitHub. Whenever applicable we also show information from the Known Exploited Vulnerabilities Catalog provided by US CISA as the authoritative source of vulnerabilities that have been exploited in the wild.

New

CVE-2026-29113: Craft has a potential information disclosure vulnerability in preview tokens: Craft is a content management system (CMS). Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an attacker can force a l...

CVE-2025-48611: In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-28495: GetSimple CMS has CSRF to Remote Code Execution via Arbitrary PHP Write in gsconfig.php: GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling a remote...

CVE-2026-26330: Envoy global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly: Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if the response phase limit with apply_on_stream_done in the rate limit configuration is enabled and the response phase limit request fails dire...

CVE-2026-26311: Envoy HTTP: filter chain execution on reset streams causing UAF crash: Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager (FilterManager) that allows for Zombie Stream Filter Execution. This issue creates a "Use-After-Free" (UAF) or state-corruption window where filter callbacks are invoke...

Updated

CVE-2025-70251: Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanGuestSetup.

CVE-2026-26106: Microsoft SharePoint Server Remote Code Execution Vulnerability: Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVE-2026-26141: Hybrid Worker Extension (Arc‑enabled Windows VMs) Elevation of Privilege Vulnerability: Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.

CVE-2025-70247: Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard1.

CVE-2026-26311: Envoy HTTP: filter chain execution on reset streams causing UAF crash: Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager (FilterManager) that allows for Zombie Stream Filter Execution. This issue creates a "Use-After-Free" (UAF) or state-corruption window where filter callbacks are invoke...

CISA Known Exploited Vulnerabilities

CVE-2021-22054 Omnissa Workspace One UEM: Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.

CVE-2026-1603 Ivanti Endpoint Manager (EPM): Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data.

CVE-2025-26399 SolarWinds Web Help Desk: SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine.

CVE-2023-41974 Apple iOS and iPadOS: Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.

CVE-2021-30952 Apple Multiple Products: Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution.

Additional information

EUVD (European Union Vulnerability Database) is maintained by ENISA (European Union Agency for Cybersecurity), under the European Union’s regulatory umbrella, serving as a centralized platform for vulnerability reporting specifically aligned with the EU’s legal frameworks such as NIS2 and the Cyber Resilience Act (CRA)

EUVD complements the CVE system by aggregating CVE data, but also assigns its own EUVD IDs to vulnerabilities, offers enriched metadata tailored for EU policies and compliance, and may highlight vulnerabilities particularly relevant to the European market.

Most vulnerabilities catalogued in EUVD will have both a CVE-ID and an EUVD-ID, acting as cross-references.

euvd.enisa.europa.eu

Source: media.ccc.de/v/eh22-138-panic-at-the-cve-o-theque.

A big "thank you" goes to @pennylane.

help @ threatint.eu