CVE-2026-21893

creationtimestamp| type| source ---|---|--- 2026-02-04 18:10:06+00:00| seen| https://gist.github.com/alon710/ddae9ab548d2b495189eb4cf224eaa37...

RHEL 10 : kernel (RHSA-2025:9079)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:9079 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ndisc: use RCU protection in...

Amazon Linux 2023 : bpftool, kernel6.12, kernel6.12-modules-extra (ALAS2023-2025-935)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-935 advisory. In the Linux kernel, the following vulnerability has been resolved: nfsd: fix legacy client tracking initialization CVE-2024-58092 In the Linux kernel, the following vulnerability has been...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nfsd: fix legacy client tracking initialization CVE-2024-58092 In the Linux kernel, the following vulnerability has been resolved: keys: Fix UAF in keyput CVE-2025-21893 In the Linux kernel, the following...

CVE-2025-21893

In the Linux kernel, the following vulnerability has been resolved: keys: Fix UAF in keyput Once a key's reference count has been reduced to 0, the garbage collector thread may destroy it at any time and so keyput is not allowed to touch the key after that point. The most keyput is normally allow...

CVE-2025-21893 keys: Fix UAF in key_put()

In the Linux kernel, the following vulnerability has been resolved: keys: Fix UAF in keyput Once a key's reference count has been reduced to 0, the garbage collector thread may destroy it at any time and so keyput is not allowed to touch the key after that point. The most keyput is normally allow...

PT-2024-25995 · W3C · Xml Signature Syntax/Processing

The W3C XML Signature Syntax and Processing XMLDsig specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or certificate information" statement and no accompanying information about SSRF risks, and this may have...

Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTE...

Ivanti Connect Secure Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Connect Secure Unauthenticated Remote Code Execution', 'Description' = %q This module chains a server side request forgery SSRF...

Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit

This Metasploit module chains a server side request forgery SSRF vulnerability CVE-2024-21893 and a command injection vulnerability CVE-2024-21887 to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All current...

Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries

A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains. Eclypsiusm, which acquired firmware version 9.1.18.2-24467.1 as part of the process, said the base operating...

Chained Exploits, Stolen VPN Access: Hackers Target Ivanti Users Despite Patches

By Deeba Ahmed Zero-Day Nightmare: CVE-2024-21893 Exploits Surge in Attacks on Ivanti Products. This is a post from HackRead.com Read the original post: Chained Exploits, Stolen VPN Access: Hackers Target Ivanti Users Despite Patches...

Attacks, Vulnerabilities and Actors 29 January to 4 February 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of seven executed attacks, two instances of adversary activity, and six exploited...

Ivanti Policy Secure 9.x / 22.x SSRF-RCE Chain (CVE-2024-21893)

Binary data ivantipsssrfrceCVE-2024-21893.nbin...

Ivanti Policy Secure 9.x / 22.x SSRF (CVE-2024-21893)

Binary data ivantipsCVE-2024-21893.nbin...

Ivanti Connect Secure 9.x / 22.x SSRF (CVE-2024-21893)

Binary data ivanticsCVE-2024-21893.nbin...

Ivanti Connect Secure 9.x / 22.x SSRF-RCE Chain (CVE-2024-21893)

Binary data ivanticsssrfrceCVE-2024-21893.nbin...

CVE-2021-21893

creationtimestamp| type| source ---|---|--- 2024-02-03 18:24:47+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3935...

CISA: Disconnect vulnerable Ivanti products TODAY

In an emergency directive, the Cybersecurity and Infrastructure Security Agency CISA has ordered all federal agencies to disconnect all instances of Ivanti Connect Secure and Policy Secure solution products from agency networks no later than 11:59PM on Friday February 2, 2024. Besides the Ivanti...

CVE-2024-21893

Technical details about CVE-2024-21893 are not provided in the connected documents. The initial description notes an SSRF vulnerability in Ivanti products, but there are no product/version specifics or remediation details here. Monitor for updates.