¡Ya disponible! Investigación de Telegram 2025 — los principales insights del año 
CVE Notify
Ir al canal en Telegram
📈 Análisis del canal de Telegram CVE Notify
El canal CVE Notify (@cvenotify) en el segmento lingüístico de Inglés es un actor destacado. Actualmente la comunidad reúne a 18 867 suscriptores, ocupando la posición 7 133 en la categoría Tecnologías y Aplicaciones y el puesto 2 092 en la región EEUU.
📊 Métricas de audiencia y dinámica
Desde su creación el невідомо, el proyecto ha mostrado un crecimiento acelerado, reuniendo a 18 867 suscriptores.
Según los últimos datos del 09 junio, 2026, el canal mantiene una actividad estable. En los últimos 30 días la variación de miembros fue de 442, y en las últimas 24 horas de 18, conservando un alto alcance.
- Estado de verificación: No verificado
- Tasa de interacción (ER): El promedio de interacción de la audiencia es 0.53%. Durante las primeras 24 horas tras publicar, el contenido suele obtener 0.39% de reacciones respecto al total de suscriptores.
- Alcance de las publicaciones: Cada publicación recibe en promedio 100 visualizaciones. En el primer día suele acumular 74 visualizaciones.
- Reacciones e interacción: La audiencia responde de forma activa: el promedio de reacciones por publicación es 1.
- Intereses temáticos: El contenido se centra en temas clave como cve-2026, attack, input, validation, manipulation.
📝 Descripción y política de contenido
El autor describe el recurso como un espacio para expresar opiniones subjetivas:
“Alert on the latest CVEs
Partner channel: @malwr”
Gracias a la alta frecuencia de actualizaciones (últimos datos recibidos el 10 junio, 2026), el canal mantiene la vigencia y un amplio alcance. La analítica demuestra que la audiencia interactúa activamente con el contenido, lo que lo convierte en un punto de referencia dentro de la categoría Tecnologías y Aplicaciones.
18 867
Suscriptores
+1824 horas
+1267 días
+44230 días
Carga de datos en curso...
Canales Similares
Nube de Etiquetas
Menciones Entrantes y Salientes
---
---
---
---
---
---
Atraer Suscriptores
junio '26
junio '26
+155
en 0 canales
mayo '26
+531
en 2 canales
Get PRO
abril '26
+278
en 1 canales
Get PRO
marzo '26
+266
en 2 canales
Get PRO
febrero '26
+423
en 1 canales
Get PRO
enero '26
+436
en 1 canales
Get PRO
diciembre '25
+713
en 3 canales
Get PRO
noviembre '25
+453
en 1 canales
Get PRO
octubre '25
+320
en 1 canales
Get PRO
septiembre '25
+190
en 0 canales
Get PRO
agosto '25
+198
en 0 canales
Get PRO
julio '25
+280
en 0 canales
Get PRO
junio '25
+178
en 0 canales
Get PRO
mayo '25
+207
en 0 canales
Get PRO
abril '25
+262
en 0 canales
Get PRO
marzo '25
+207
en 0 canales
Get PRO
febrero '25
+179
en 0 canales
Get PRO
enero '25
+214
en 3 canales
Get PRO
diciembre '24
+299
en 0 canales
Get PRO
noviembre '24
+831
en 1 canales
Get PRO
octubre '24
+997
en 2 canales
Get PRO
septiembre '24
+1 432
en 1 canales
Get PRO
agosto '24
+1 728
en 3 canales
Get PRO
julio '24
+1 253
en 2 canales
Get PRO
junio '24
+1 168
en 2 canales
Get PRO
mayo '24
+1 342
en 0 canales
Get PRO
abril '24
+1 457
en 1 canales
Get PRO
marzo '24
+1 255
en 2 canales
Get PRO
febrero '24
+845
en 1 canales
Get PRO
enero '24
+462
en 1 canales
Get PRO
diciembre '23
+451
en 1 canales
Get PRO
noviembre '23
+140
en 1 canales
Get PRO
octubre '23
+194
en 0 canales
Get PRO
septiembre '23
+174
en 0 canales
Get PRO
agosto '23
+179
en 0 canales
Get PRO
julio '23
+114
en 0 canales
Get PRO
junio '23
+136
en 0 canales
Get PRO
mayo '23
+108
en 0 canales
Get PRO
abril '23
+147
en 0 canales
Get PRO
marzo '23
+174
en 0 canales
Get PRO
febrero '23
+108
en 0 canales
Get PRO
enero '23
+107
en 0 canales
Get PRO
diciembre '22
+102
en 0 canales
Get PRO
noviembre '22
+152
en 0 canales
Get PRO
octubre '22
+74
en 0 canales
Get PRO
septiembre '22
+97
en 0 canales
Get PRO
agosto '22
+142
en 0 canales
Get PRO
julio '22
+93
en 0 canales
Get PRO
junio '22
+109
en 0 canales
Get PRO
mayo '22
+194
en 0 canales
Get PRO
abril '22
+94
en 0 canales
Get PRO
marzo '22
+153
en 0 canales
Get PRO
febrero '22
+155
en 0 canales
Get PRO
enero '22
+160
en 0 canales
Get PRO
diciembre '21
+203
en 0 canales
Get PRO
noviembre '21
+47
en 0 canales
Get PRO
octubre '21
+76
en 0 canales
Get PRO
septiembre '21
+88
en 0 canales
Get PRO
agosto '21
+339
en 0 canales
Get PRO
julio '21
+92
en 0 canales
Get PRO
junio '21
+5
en 0 canales
Get PRO
mayo '21
+24
en 0 canales
Get PRO
abril '21
+18
en 0 canales
Get PRO
marzo '21
+37
en 0 canales
Get PRO
febrero '21
+101
en 0 canales
Get PRO
enero '21
+324
en 0 canales
| Fecha | Crecimiento de Suscriptores | Menciones | Canales | |
| 10 junio | +11 | |||
| 09 junio | +18 | |||
| 08 junio | +23 | |||
| 07 junio | +15 | |||
| 06 junio | +6 | |||
| 05 junio | +15 | |||
| 04 junio | +35 | |||
| 03 junio | +14 | |||
| 02 junio | +7 | |||
| 01 junio | +11 |
Publicaciones del Canal
🚨 CVE-2026-46149
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
target_tg_pt_gp_members_show() formats LUN paths with snprintf() into a
256-byte stack buffer, then will memcpy() cur_len bytes from that
buffer. snprintf() returns the length the output would have had, which
can exceed the buffer size when the fabric WWN is long because iSCSI IQN
names can be up to 223 bytes. The check at the memcpy() site only
guards the destination page write, not the source read, so memcpy() will
read past the stack buffer and copy adjacent stack contents to the sysfs
reader, which when CONFIG_FORTIFY_SOURCE is enabled, fortify_panic()
will be triggered.
Commit 27e06650a5ea ("scsi: target: target_core_configfs: Add length
check to avoid buffer overflow") added the same bound to the
target_lu_gp_members_show() but the tg_pt_gp variant was missed so
resolve that here.
🎖@cveNotify
| 2 | 🚨 CVE-2026-46148
In the Linux kernel, the following vulnerability has been resolved:
spi: microchip-core-qspi: control built-in cs manually
The coreQSPI IP supports only a single chip select, which is
automagically operated by the hardware - set low when the transmit
buffer first gets written to and set high when the number of bytes
written to the TOTALBYTES field of the FRAMES register have been sent on
the bus. Additional devices must use GPIOs for their chip selects.
It was reported to me that if there are two devices attached to this
QSPI controller that the in-built chip select is set low while linux
tries to access the device attached to the GPIO.
This went undetected as the boards that connected multiple devices to
the SPI controller all exclusively used GPIOs for chip selects, not
relying on the built-in chip select at all. It turns out that this was
because the built-in chip select, when controlled automagically, is set
low when active and high when inactive, thereby ruling out its use for
active-high devices or devices that need to transmit with the chip
select disabled.
Modify the driver so that it controls chip select directly, retaining
the behaviour for mem_ops of setting the chip select active for the
entire duration of the transfer in the exec_op callback. For regular
transfers, implement the set_cs callback for the core to use.
As part of this, the existing setup callback, mchp_coreqspi_setup_op(),
is removed. Modifying the CLKIDLE field is not safe to do during
operation when there are multiple devices, so this code is removed
entirely. Setting the MASTER and ENABLE fields is something that can be
done once at probe, it doesn't need to be re-run for each device.
Instead the new setup callback sets the built-in chip select to its
inactive state for active-low devices, as the reset value of the chip
select in software controlled mode is low.
🎖@cveNotify | 11 |
| 3 | 🚨 CVE-2026-46147
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()
Two bugs exist in the vCPU initialisation path:
1. If a check fails after hyp_pin_shared_mem() succeeds, the cleanup
path jumps to 'unlock' without calling unpin_host_vcpu() or
unpin_host_sve_state(), permanently leaking pin references on the
host vCPU and SVE state pages.
Extract a register_hyp_vcpu() helper that performs the checks and
the store. When register_hyp_vcpu() returns an error, call
unpin_host_vcpu() and unpin_host_sve_state() inline before falling
through to the existing 'unlock' label.
2. register_hyp_vcpu() publishes the new vCPU pointer into
'hyp_vm->vcpus[]' with a bare store, allowing a concurrent caller
of pkvm_load_hyp_vcpu() to observe a partially initialised vCPU
object.
Ensure the store uses smp_store_release() and the load uses
smp_load_acquire(). While 'vm_table_lock' currently serialises the
store and the load, these barriers ensure the reader sees the fully
initialised 'hyp_vcpu' object even if there were a lockless path or
if the lock's own ordering guarantees were insufficient for nested
object initialization.
🎖@cveNotify | 8 |
| 4 | 🚨 CVE-2026-46146
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()
The convert_chmap_v3() has a loop with its increment size of
cs_desc->wLength, but we forgot to validate cs_desc->wLength itself,
which may lead to potential endless loop by a malformed descriptor.
Add a proper size check to abort the loop for plugging the hole.
🎖@cveNotify | 9 |
| 5 | 🚨 CVE-2026-46145
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mana: Validate rx_hash_key_len
Sashiko points out that rx_hash_key_len comes from a uAPI structure and is
blindly passed to memcpy, allowing the userspace to trash kernel
memory. Bounds check it so the memcpy cannot overflow.
🎖@cveNotify | 8 |
| 6 | 🚨 CVE-2026-46144
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()
Sashiko points out that mana_ib_cfg_vport_steering() is leaked, the normal
destroy path cleans it up.
🎖@cveNotify | 8 |
| 7 | 🚨 CVE-2026-44505
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/src/swarm.rs). Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record via dht_verifier.verify(&record.record). On verifier error, handle_dht_get logs and returns early without completing the oneshot used by Network::dht_get, and without cleaning up per-query bookkeeping. Later query progress can hit the "DHT inconsistent state" path and also return without cleanup. Because Network::dht_get awaits the oneshot without a timeout, the caller future can hang indefinitely. This issue has been patched in version 1.4.0.
🎖@cveNotify | 31 |
| 8 | 🚨 CVE-2026-44963
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
🎖@cveNotify | 26 |
| 9 | 🚨 CVE-2026-47636
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
🎖@cveNotify | 20 |
| 10 | 🚨 CVE-2026-47634
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
🎖@cveNotify | 21 |
| 11 | 🚨 CVE-2026-47291
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
🎖@cveNotify | 16 |
| 12 | 🚨 CVE-2026-47288
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.
🎖@cveNotify | 14 |
| 13 | 🚨 CVE-2026-45658
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
🎖@cveNotify | 11 |
| 14 | 🚨 CVE-2026-45657
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
🎖@cveNotify | 10 |
| 15 | 🚨 CVE-2026-45656
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
🎖@cveNotify | 9 |
| 16 | 🚨 CVE-2026-45779
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying database. All deployments of Open XDMoD prior to 10.0.3 are impacted. This issue was discovered on 2023-08-03 and patched on 2023-08-04. At this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 10.0.3 on 2023-08-04. As a workaround, apply the patch manually.
🎖@cveNotify | 9 |
| 17 | 🚨 CVE-2026-45778
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visited by the victim, reflects and executes the unsanitized payload in the victim's browser, potentially leading to credential capture and Open XDMoD account takeover. All deployments of Open XDMoD prior to 11.0.3 are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually.
🎖@cveNotify | 7 |
| 18 | 🚨 CVE-2026-45777
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system configuration, or disrupt service availability. All deployments of Open XDMoD versions 9.5.0 through 11.0.2 (inclusive) are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually.
🎖@cveNotify | 10 |
| 19 | 🚨 CVE-2026-46241
In the Linux kernel, the following vulnerability has been resolved:
spi: mpc52xx: fix use-after-free on registration failure
Make sure to disable and free the interrupts in case controller
registration fails to avoid a potential use-after-free and resource
leak.
This issue was flagged by Sashiko when reviewing a controller
deregistration fix.
🎖@cveNotify | 8 |
| 20 | 🚨 CVE-2026-46240
In the Linux kernel, the following vulnerability has been resolved:
media: iris: Fix use-after-free in iris_release_internal_buffers()
The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy
internal buffers after FW releases") introduced a regression where
session_release_buf() may free the buffer. The caller,
iris_release_internal_buffers(), continued to access `buffer` after the
call, leading to a potential use-after-free.
Fix this by setting BUF_ATTR_PENDING_RELEASE before calling
session_release_buf(), and reverting the flag if the call fails. This
ensures no dereference occurs after potential freeing.
🎖@cveNotify | 10 |
