| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27751 | 9.8 | 0.04% | 1 | 0 | 2026-03-04T02:08:00.523000 | SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default cre | |
| CVE-2026-3224 | 0 | 0.00% | 2 | 0 | 2026-03-03T22:16:29.523000 | Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode i | |
| CVE-2026-28518 | 7.8 | 0.00% | 2 | 0 | 2026-03-03T22:16:28.993000 | OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path tra | |
| CVE-2026-3485 | 9.8 | 0.00% | 2 | 0 | 2026-03-03T21:52:29.877000 | A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1 | |
| CVE-2025-59059 | 9.8 | 0.09% | 4 | 0 | 2026-03-03T21:52:29.877000 | Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in | |
| CVE-2025-12345 | 8.8 | 0.06% | 2 | 0 | 2026-03-03T21:52:29.877000 | A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a | |
| CVE-2026-3336 | 7.5 | 0.02% | 2 | 0 | 2026-03-03T21:52:29.877000 | Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenti | |
| CVE-2026-0032 | 7.8 | 0.01% | 4 | 0 | 2026-03-03T21:32:19 | In multiple functions of mem_protect.c, there is a possible out-of-bounds write | |
| CVE-2026-3400 | 8.8 | 0.05% | 2 | 0 | 2026-03-03T21:31:12 | A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by | |
| CVE-2026-24114 | 9.8 | 0.02% | 2 | 0 | 2026-03-03T20:16:47.607000 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pP | |
| CVE-2026-24112 | 9.8 | 0.02% | 2 | 0 | 2026-03-03T20:16:47.360000 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t | |
| CVE-2026-22719 | 8.1 | 0.47% | 6 | 0 | 2026-03-03T20:16:47.160000 | VMware Aria Operations contains a command injection vulnerability. A malicious u | |
| CVE-2026-21385 | 7.8 | 0.01% | 15 | 1 | 2026-03-03T20:16:46.140000 | Memory corruption while using alignments for memory allocation. | |
| CVE-2026-24101 | 9.8 | 0.29% | 2 | 0 | 2026-03-03T19:44:19.120000 | An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_mul | |
| CVE-2025-48582 | 8.4 | 0.00% | 2 | 0 | 2026-03-03T19:25:48.063000 | In multiple locations, there is a possible way to delete media without the MANAG | |
| CVE-2025-48602 | 8.4 | 0.01% | 2 | 0 | 2026-03-03T19:25:08.307000 | In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.jav | |
| CVE-2025-48645 | 7.8 | 0.01% | 2 | 0 | 2026-03-03T19:23:29.340000 | In loadDescription of DeviceAdminInfo.java, there is a possible persistent packa | |
| CVE-2025-48653 | 7.8 | 0.01% | 2 | 0 | 2026-03-03T19:23:05.510000 | In loadDataAndPostValue of multiple files, there is a possible way to obscure pe | |
| CVE-2025-52482 | 8.3 | 0.04% | 1 | 0 | 2026-03-03T19:13:35.437000 | Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS | |
| CVE-2025-50187 | 9.8 | 0.29% | 2 | 0 | 2026-03-03T19:12:14.917000 | Chamilo is a learning management system. Prior to version 1.11.28, parameter fro | |
| CVE-2026-0021 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T18:42:10.833000 | In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible | |
| CVE-2026-0011 | 8.4 | 0.01% | 2 | 0 | 2026-03-03T18:41:55.677000 | In enableSystemPackageLPw of Settings.java, there is a possible way to prevent l | |
| CVE-2026-0017 | 7.7 | 0.01% | 2 | 0 | 2026-03-03T18:40:59.027000 | In onChange of BiometricService.java, there is a possible way to enable fingerpr | |
| CVE-2025-48605 | 8.4 | 0.01% | 2 | 0 | 2026-03-03T18:32:35 | In multiple functions of KeyguardViewMediator.java, there is a possible lockscre | |
| CVE-2025-48619 | 8.4 | 0.01% | 2 | 0 | 2026-03-03T18:32:35 | In multiple functions of ContentProvider.java, there is a possible way for an ap | |
| CVE-2025-52365 | 7.8 | 0.00% | 2 | 0 | 2026-03-03T18:32:35 | A command injection vulnerability in the szc script of the ccurtsinger/stabilize | |
| CVE-2026-25673 | 7.5 | 0.00% | 2 | 0 | 2026-03-03T18:32:35 | An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4 | |
| CVE-2025-48654 | 7.8 | 0.01% | 2 | 0 | 2026-03-03T18:32:35 | In onStart of CompanionDeviceManagerService.java, there is a possible confused d | |
| CVE-2025-48635 | 7.7 | 0.01% | 2 | 0 | 2026-03-03T18:32:34 | In multiple functions of TaskFragmentOrganizerController.java, there is a possib | |
| CVE-2026-20777 | 8.1 | 0.00% | 2 | 0 | 2026-03-03T18:31:33 | A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing fun | |
| CVE-2025-48613 | 7.8 | 0.01% | 2 | 0 | 2026-03-03T18:31:32 | In VBMeta, there is a possible way to modify and resign VBMeta using a test key, | |
| CVE-2025-48609 | 9.1 | 0.01% | 2 | 0 | 2026-03-03T18:31:32 | In multiple functions of MmsProvider.java, there is a possible way to arbitraril | |
| CVE-2026-22891 | 9.8 | 0.00% | 2 | 0 | 2026-03-03T18:31:32 | A heap-based buffer overflow vulnerability exists in the Intan CLP parsing funct | |
| CVE-2026-24115 | 9.8 | 0.02% | 2 | 0 | 2026-03-03T18:31:31 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the | |
| CVE-2026-24113 | 9.8 | 0.02% | 2 | 0 | 2026-03-03T18:31:30 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t | |
| CVE-2026-24111 | 9.8 | 0.02% | 2 | 0 | 2026-03-03T18:31:29 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t | |
| CVE-2026-24109 | 9.8 | 0.02% | 2 | 0 | 2026-03-03T18:31:29 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t | |
| CVE-2025-52998 | 9.8 | 0.04% | 2 | 0 | 2026-03-03T18:21:38.663000 | Chamilo is a learning management system. Prior to version 1.11.30, in the applic | |
| CVE-2026-3376 | 8.8 | 0.05% | 2 | 0 | 2026-03-03T17:35:16.400000 | A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by th | |
| CVE-2026-3379 | 8.8 | 0.05% | 2 | 0 | 2026-03-03T17:33:26.577000 | A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerability affects | |
| CVE-2026-3398 | 8.8 | 0.05% | 2 | 0 | 2026-03-03T17:32:11.063000 | A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function f | |
| CVE-2025-48579 | 8.4 | 0.00% | 2 | 0 | 2026-03-03T17:04:04.223000 | In multiple functions of MediaProvider.java, there is a possible external storag | |
| CVE-2026-26710 | 9.8 | 0.03% | 1 | 0 | 2026-03-03T16:16:21.417000 | code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /f | |
| CVE-2026-24108 | 9.8 | 0.04% | 2 | 0 | 2026-03-03T15:54:49.147000 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit t | |
| CVE-2026-0007 | 8.6 | 0.01% | 2 | 0 | 2026-03-03T15:32:43 | In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into | |
| CVE-2026-0023 | 8.4 | 0.01% | 2 | 0 | 2026-03-03T15:32:43 | In createSessionInternal of PackageInstallerService.java, there is a possible wa | |
| CVE-2026-0025 | 7.8 | 0.01% | 4 | 0 | 2026-03-03T15:31:40 | In hasImage of Notification.java, there is a possible way to reveal information | |
| CVE-2026-0029 | 9.8 | 0.01% | 2 | 0 | 2026-03-03T15:31:40 | In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logi | |
| CVE-2026-0010 | 8.4 | 0.01% | 2 | 0 | 2026-03-03T15:31:40 | In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write | |
| CVE-2026-0037 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T15:31:40 | In multiple functions of ffa.c, there is a possible memory corruption due to a l | |
| CVE-2026-24105 | 9.8 | 0.15% | 2 | 0 | 2026-03-03T15:31:37 | An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.1 | |
| CVE-2026-20423 | 7.1 | 0.01% | 2 | 0 | 2026-03-03T15:31:36 | In wlan STA driver, there is a possible out of bounds write due to a missing bou | |
| CVE-2026-0038 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T15:31:35.410000 | In multiple functions of mem_protect.c, there is a possible way to execute arbit | |
| CVE-2026-0031 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T15:26:21.807000 | In multiple functions of mem_protect.c, there is a possible out of bounds write | |
| CVE-2026-21902 | 9.8 | 0.33% | 8 | 1 | 2026-03-03T15:16:18.363000 | An Incorrect Permission Assignment for Critical Resource vulnerability in the On | |
| CVE-2026-0026 | 7.8 | 0.01% | 2 | 0 | 2026-03-03T13:22:41.723000 | In removePermission of PermissionManagerServiceImpl.java, there is a possible wa | |
| CVE-2026-0008 | 8.4 | 0.01% | 2 | 0 | 2026-03-03T13:20:00.050000 | In multiple locations, there is a possible privilege escalation due to a confus | |
| CVE-2025-48650 | 8.4 | 0.01% | 2 | 0 | 2026-03-03T13:17:13.197000 | In multiple locations, there is a possible information disclosure due to SQL inj | |
| CVE-2026-22886 | 9.8 | 0.16% | 4 | 0 | 2026-03-03T12:31:32 | OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requi | |
| CVE-2026-1874 | None | 0.15% | 2 | 0 | 2026-03-03T09:30:54 | Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electri | |
| CVE-2026-1875 | None | 0.15% | 2 | 0 | 2026-03-03T09:30:54 | Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corpo | |
| CVE-2026-1492 | 9.8 | 0.07% | 4 | 0 | 2026-03-03T06:31:14 | The User Registration & Membership – Custom Registration Form Builder, Custom Lo | |
| CVE-2026-24107 | 9.8 | 0.29% | 2 | 0 | 2026-03-03T03:33:44 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the | |
| CVE-2026-2448 | 8.8 | 0.10% | 6 | 0 | 2026-03-03T03:32:48 | The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File | |
| CVE-2026-2628 | 9.8 | 0.25% | 3 | 1 | 2026-03-03T03:32:48 | The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPres | |
| CVE-2025-48567 | 7.8 | 0.01% | 2 | 0 | 2026-03-03T00:32:12 | In multiple locations, there is a possible bypass of a file path filter designed | |
| CVE-2026-1566 | 8.8 | 0.04% | 3 | 0 | 2026-03-03T00:31:17 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for W | |
| CVE-2026-0020 | 8.4 | 0.01% | 1 | 0 | 2026-03-03T00:31:11 | In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way t | |
| CVE-2026-0006 | 9.8 | 0.09% | 5 | 1 | 2026-03-03T00:31:10 | In multiple locations, there is a possible out of bounds read and write due to a | |
| CVE-2025-48646 | 7.8 | 0.01% | 2 | 0 | 2026-03-03T00:31:10 | In executeRequest of ActivityStarter.java, there is a possible launch anywhere d | |
| CVE-2026-0013 | 8.4 | 0.01% | 2 | 0 | 2026-03-03T00:31:10 | In setupLayout of PickActivity.java, there is a possible way to start any activi | |
| CVE-2025-48578 | 7.8 | 0.01% | 2 | 0 | 2026-03-03T00:31:09 | In multiple functions of MediaProvider.java, there is a possible way to bypass t | |
| CVE-2025-48574 | 8.4 | 0.00% | 2 | 0 | 2026-03-03T00:31:09 | In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an | |
| CVE-2026-20430 | 8.8 | 0.02% | 1 | 0 | 2026-03-02T22:05:08.293000 | In wlan AP FW, there is a possible out of bounds write due to an incorrect bound | |
| CVE-2026-20434 | 7.5 | 0.05% | 1 | 0 | 2026-03-02T22:04:18.130000 | In Modem, there is a possible out of bounds write due to a missing bounds check. | |
| CVE-2026-0035 | 8.4 | 0.01% | 1 | 0 | 2026-03-02T21:31:51 | In createRequest of MediaProvider.java, there is a possible way for an app to ga | |
| CVE-2026-0028 | 8.4 | 0.01% | 1 | 0 | 2026-03-02T21:31:51 | In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds w | |
| CVE-2026-0047 | 8.4 | 0.01% | 1 | 0 | 2026-03-02T21:31:44 | In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for | |
| CVE-2026-0030 | 8.4 | 0.01% | 1 | 0 | 2026-03-02T21:31:43 | In __host_check_page_state_range of mem_protect.c, there is a possible out of bo | |
| CVE-2026-0034 | 8.4 | 0.01% | 1 | 0 | 2026-03-02T21:31:42 | In setPackageOrComponentEnabled of ManagedServices.java, there is a possible not | |
| CVE-2025-48636 | 8.4 | 0.01% | 2 | 0 | 2026-03-02T21:31:42 | In openFile of BugreportContentProvider.java, there is a possible way to read an | |
| CVE-2025-32313 | 8.4 | 0.01% | 1 | 0 | 2026-03-02T21:31:38 | In UsageEvents of UsageEvents.java, there is a possible out of bounds write due | |
| CVE-2026-3010 | 0 | 0.05% | 1 | 0 | 2026-03-02T20:30:10.923000 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site | |
| CVE-2026-2749 | 9.9 | 0.03% | 1 | 1 | 2026-03-02T20:30:10.923000 | Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Cent | |
| CVE-2026-21882 | 8.4 | 0.01% | 1 | 0 | 2026-03-02T20:29:29.330000 | theshit is a command-line utility that automatically detects and fixes common mi | |
| CVE-2025-58107 | 7.5 | 0.02% | 1 | 1 | 2026-03-02T20:29:29.330000 | In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on | |
| CVE-2026-3132 | 8.8 | 0.22% | 1 | 0 | 2026-03-02T20:29:29.330000 | The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Re | |
| CVE-2025-47373 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T20:29:29.330000 | Memory Corruption when accessing buffers with invalid length during TA invocatio | |
| CVE-2025-47376 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T20:29:29.330000 | Memory Corruption when concurrent access to shared buffer occurs during IOCTL ca | |
| CVE-2025-47381 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T20:29:29.330000 | Memory Corruption while processing IOCTL calls when concurrent access to shared | |
| CVE-2025-59603 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T20:29:29.330000 | Memory Corruption when processing invalid user address with nonstandard buffer a | |
| CVE-2026-3180 | 7.5 | 0.08% | 1 | 0 | 2026-03-02T18:31:52 | The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plu | |
| CVE-2026-26720 | 9.8 | 0.25% | 2 | 1 | 2026-03-02T18:31:51 | An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute ar | |
| CVE-2025-47377 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T18:31:51 | Memory Corruption when accessing a buffer after it has been freed while processi | |
| CVE-2025-47386 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T18:31:51 | Memory Corruption while invoking IOCTL calls when concurrent access to shared bu | |
| CVE-2025-59600 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T18:31:51 | Memory Corruption when adding user-supplied data without checking available buff | |
| CVE-2026-24110 | 9.8 | 0.04% | 2 | 0 | 2026-03-02T18:31:45 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send over | |
| CVE-2025-47375 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T18:31:45 | Memory corruption while handling different IOCTL calls from the user-space simul | |
| CVE-2025-47379 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T18:31:45 | Memory Corruption when concurrent access to shared buffer occurs due to improper | |
| CVE-2025-47385 | 7.8 | 0.01% | 1 | 0 | 2026-03-02T18:31:45 | Memory Corruption when accessing trusted execution environment without proper pr | |
| CVE-2026-21658 | 9.8 | 0.21% | 2 | 0 | 2026-03-02T18:31:41 | Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code | |
| CVE-2026-21657 | 9.8 | 0.08% | 1 | 0 | 2026-03-02T18:31:41 | Improper Control of Generation of Code ('Code Injection') vulnerability in Johns | |
| CVE-2026-21656 | 9.8 | 0.08% | 1 | 0 | 2026-03-02T18:31:41 | Improper Control of Generation of Code ('Code Injection') vulnerability in Johns | |
| CVE-2026-21654 | 9.8 | 0.12% | 1 | 0 | 2026-03-02T18:31:41 | Improper Neutralization of Special Elements used in an OS Command ('OS Command I | |
| CVE-2026-21659 | 9.8 | 0.21% | 1 | 0 | 2026-03-02T18:31:41 | Unauthenticated Remote Code Execution and Information Disclosure due to Local Fi | |
| CVE-2026-21660 | 9.8 | 0.03% | 1 | 0 | 2026-03-02T18:23:05.353000 | Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext S | |
| CVE-2026-22206 | 8.8 | 0.14% | 1 | 0 | 2026-03-02T15:58:07 | SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows | |
| CVE-2026-3432 | None | 0.09% | 1 | 0 | 2026-03-02T15:31:31 | On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint conta | |
| CVE-2026-3431 | 9.8 | 0.07% | 2 | 0 | 2026-03-02T15:31:31 | On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrar | |
| CVE-2026-27942 | 7.5 | 0.04% | 1 | 0 | 2026-03-02T14:54:48.080000 | fast-xml-parser allows users to validate XML, parse XML to JS object, or build X | |
| CVE-2026-2999 | 9.8 | 0.10% | 1 | 0 | 2026-03-02T09:30:38 | IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution v | |
| CVE-2026-3000 | 9.8 | 0.10% | 3 | 0 | 2026-03-02T09:30:37 | IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution v | |
| CVE-2026-2584 | None | 0.30% | 1 | 0 | 2026-03-02T09:30:37 | A critical SQL Injection (SQLi) vulnerability has been identified in the authent | |
| CVE-2026-3422 | 9.8 | 0.40% | 2 | 0 | 2026-03-02T09:30:31 | U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerab | |
| CVE-2026-3412 | 4.3 | 0.03% | 1 | 0 | 2026-03-02T06:32:05 | A vulnerability was detected in itsourcecode University Management System 1.0. T | |
| CVE-2026-3408 | 4.3 | 0.04% | 1 | 0 | 2026-03-02T06:32:05 | A vulnerability was identified in Open Babel up to 3.1.1. This impacts the funct | |
| CVE-2026-3399 | 8.8 | 0.05% | 2 | 0 | 2026-03-02T00:30:29 | A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerabi | |
| CVE-2026-3380 | 8.8 | 0.05% | 2 | 0 | 2026-03-01T06:31:35 | A vulnerability was found in Tenda F453 1.0.0.3. This issue affects the function | |
| CVE-2026-3378 | 8.8 | 0.05% | 2 | 0 | 2026-03-01T03:30:24 | A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromqosse | |
| CVE-2026-27167 | None | 0.04% | 1 | 0 | 2026-03-01T01:00:34 | ## Summary Gradio applications running outside of Hugging Face Spaces automatic | |
| CVE-2026-28562 | 8.2 | 0.01% | 2 | 0 | 2026-03-01T00:30:19 | wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics: | |
| CVE-2026-3377 | 8.8 | 0.05% | 2 | 0 | 2026-03-01T00:30:19 | A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is th | |
| CVE-2026-2844 | None | 0.07% | 1 | 0 | 2026-02-28T12:30:25 | Missing Authentication for Critical Function vulnerability in Microchip TimePict | |
| CVE-2025-13673 | 7.5 | 0.06% | 1 | 0 | 2026-02-28T09:30:14 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vul | |
| CVE-2026-27630 | 7.5 | 0.12% | 1 | 0 | 2026-02-28T01:01:22.727000 | TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prio | |
| CVE-2026-27498 | 8.6 | 0.66% | 1 | 0 | 2026-02-27T21:51:40 | ## Impact An authenticated user with permission to create or modify workflows co | |
| CVE-2025-40932 | 8.2 | 0.03% | 1 | 0 | 2026-02-27T21:32:27 | Apache::SessionX versions through 2.01 for Perl create insecure session id. Apa | |
| CVE-2026-2597 | 7.5 | 0.04% | 1 | 0 | 2026-02-27T21:32:27 | Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buff | |
| CVE-2026-27141 | 7.5 | 0.05% | 1 | 0 | 2026-02-27T21:32:22 | Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running s | |
| CVE-2026-22207 | 9.8 | 0.17% | 1 | 0 | 2026-02-27T21:31:21 | OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken ac | |
| CVE-2026-22205 | 7.5 | 0.24% | 1 | 0 | 2026-02-27T21:31:21 | SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability cau | |
| CVE-2026-26222 | 9.8 | 1.02% | 1 | 0 | 2026-02-27T21:31:19 | Altec DocLink (now maintained by Beyond Limits Inc.) version 4.0.336.0 exposes i | |
| CVE-2026-27510 | 9.6 | 0.08% | 2 | 0 | 2026-02-27T19:16:08.767000 | Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree G | |
| CVE-2026-27509 | 8.0 | 0.03% | 2 | 0 | 2026-02-27T19:16:08.547000 | Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not imp | |
| CVE-2026-26986 | 7.5 | 0.07% | 1 | 0 | 2026-02-27T19:11:09.313000 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio | |
| CVE-2026-27449 | 7.5 | 0.05% | 1 | 0 | 2026-02-27T18:35:58 | ### Description A vulnerability has been identified in Umbraco Engage where cert | |
| CVE-2026-3301 | 9.8 | 2.90% | 1 | 0 | 2026-02-27T18:31:05 | A security flaw has been discovered in Totolink N300RH 6.1c.1353_B20190305. Affe | |
| CVE-2026-27969 | None | 0.04% | 1 | 0 | 2026-02-27T16:03:55 | ### Impact Anyone with read/write access to the backup storage location (e.g. a | |
| CVE-2026-28215 | 9.1 | 0.06% | 1 | 0 | 2026-02-27T15:53:07.053000 | hoppscotch is an open source API development ecosystem. Prior to version 2026.2. | |
| CVE-2026-23750 | 8.1 | 0.01% | 1 | 0 | 2026-02-27T15:34:18 | Golioth Pouch version 0.1.0 prior to [INSERT FIXED VERSION], fixed in commit 1b2 | |
| CVE-2026-25954 | 7.5 | 0.06% | 1 | 0 | 2026-02-27T14:56:16.663000 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio | |
| CVE-2026-25942 | 7.5 | 0.07% | 1 | 0 | 2026-02-27T14:54:06.747000 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to versio | |
| CVE-2026-23627 | 8.8 | 0.01% | 1 | 0 | 2026-02-27T14:51:47.317000 | OpenEMR is a free and open source electronic health records and medical practice | |
| CVE-2026-24663 | 9.0 | 1.35% | 1 | 0 | 2026-02-27T14:06:37.987000 | An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and pri | |
| CVE-2025-50857 | 9.8 | 0.58% | 1 | 0 | 2026-02-27T14:06:37.987000 | ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /mod | |
| CVE-2026-1565 | 8.8 | 0.28% | 1 | 0 | 2026-02-27T14:06:37.987000 | The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Members | |
| CVE-2026-0980 | 8.3 | 0.22% | 1 | 0 | 2026-02-27T14:06:37.987000 | A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller | |
| CVE-2026-26682 | 7.8 | 0.02% | 1 | 0 | 2026-02-26T21:32:35 | An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary | |
| CVE-2026-28136 | 7.6 | 0.03% | 1 | 0 | 2026-02-26T21:32:34 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-26938 | 8.6 | 0.04% | 1 | 0 | 2026-02-26T21:31:39 | Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) | |
| CVE-2025-71057 | 8.2 | 0.01% | 1 | 0 | 2026-02-26T21:31:30 | Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 | |
| CVE-2026-27888 | None | 0.04% | 1 | 0 | 2026-02-26T19:55:35 | ### Impact An attacker who uses this vulnerability can craft a PDF which leads t | |
| CVE-2026-27849 | 9.8 | 0.06% | 1 | 0 | 2026-02-26T18:32:43 | Due to missing neutralization of special elements, OS commands can be injected v | |
| CVE-2026-20127 | 10.0 | 2.60% | 5 | 3 | 2026-02-26T16:20:02.187000 | A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controlle | |
| CVE-2026-27636 | 8.8 | 0.34% | 1 | 0 | 2026-02-26T16:07:11.047000 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor | |
| CVE-2026-3201 | 4.7 | 0.02% | 1 | 0 | 2026-02-26T14:49:01.050000 | USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4 | |
| CVE-2025-70328 | 8.8 | 2.94% | 1 | 0 | 2026-02-26T03:31:18 | TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnera | |
| CVE-2025-70327 | 9.8 | 2.05% | 1 | 0 | 2026-02-26T03:06:04.013000 | TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerabi | |
| CVE-2026-26331 | 8.8 | 0.70% | 1 | 1 | 2026-02-25T19:32:30.417000 | yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 | |
| CVE-2026-3202 | 4.7 | 0.02% | 1 | 0 | 2026-02-25T15:31:53 | NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of ser | |
| CVE-2026-3203 | 5.5 | 0.02% | 1 | 0 | 2026-02-25T15:31:43 | RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to | |
| CVE-2026-20841 | 7.8 | 0.10% | 1 | 12 | 2026-02-25T14:32:14.467000 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-25108 | 8.8 | 18.59% | 1 | 0 | 2026-02-24T21:38:18.607000 | FileZen contains an OS command injection vulnerability. When FileZen Antivirus C | |
| CVE-2026-22553 | 9.8 | 1.26% | 1 | 0 | 2026-02-24T21:31:51 | All versions of InSAT MasterSCADA BUK-TS are susceptible to OS command injection | |
| CVE-2025-64328 | 7.2 | 24.83% | 1 | 1 | 2026-02-24T19:30:59.130000 | FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX | |
| CVE-2026-2033 | 8.1 | 15.58% | 1 | 0 | 2026-02-23T18:14:13.887000 | MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Executio | |
| CVE-2026-2329 | 9.8 | 41.14% | 1 | 0 | 2026-02-20T20:57:50.360000 | An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP | |
| CVE-2025-68615 | 9.8 | 0.05% | 1 | 1 | 2026-02-19T16:09:15.480000 | net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9. | |
| CVE-2026-0714 | 6.8 | 0.01% | 4 | 0 | 2026-02-18T18:31:27 | A physical attack vulnerability exists in certain Moxa industrial computers usin | |
| CVE-2026-22769 | 10.0 | 34.16% | 1 | 0 | 2026-02-18T18:30:35 | Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a | |
| CVE-2026-1731 | 9.8 | 60.92% | 1 | 5 | template | 2026-02-17T15:31:33 | BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote |
| CVE-2023-4911 | 7.8 | 57.16% | 1 | 18 | template | 2026-02-13T21:25:07.227000 | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so whi |
| CVE-2026-24061 | 9.8 | 77.92% | 4 | 63 | template | 2026-02-11T15:40:42.937000 | telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a " |
| CVE-2026-21513 | 8.8 | 4.76% | 2 | 0 | 2026-02-10T21:31:29 | Protection mechanism failure in MSHTML Framework allows an unauthorized attacker | |
| CVE-2026-1603 | 8.6 | 11.74% | 1 | 0 | template | 2026-02-10T18:30:49 | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allo |
| CVE-2026-1687 | 7.3 | 5.29% | 1 | 0 | 2026-02-10T15:14:03.207000 | A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon | |
| CVE-2020-37123 | 9.8 | 12.89% | 1 | 0 | template | 2026-02-05T18:30:36 | Pinger 1.0 contains a remote code execution vulnerability that allows attackers |
| CVE-2020-37088 | 7.5 | 4.95% | 1 | 0 | 2026-02-04T00:30:40 | School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthen | |
| CVE-2026-1207 | None | 7.39% | 1 | 0 | template | 2026-02-03T19:32:57 | An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4 |
| CVE-2025-13348 | None | 0.01% | 1 | 0 | 2026-02-02T03:31:18 | An improper access control vulnerability exists in ASUS Secure Delete Driver of | |
| CVE-2026-1281 | 9.8 | 64.79% | 2 | 2 | 2026-01-30T13:28:18.610000 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2026-21852 | None | 0.02% | 2 | 2 | 2026-01-21T21:40:20 | A vulnerability in Claude Code's project-load flow allowed malicious repositorie | |
| CVE-2026-21859 | 5.8 | 1.13% | 2 | 0 | template | 2026-01-20T19:03:30 | ## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in Mailpit |
| CVE-2026-0628 | 8.8 | 0.04% | 5 | 2 | 2026-01-12T16:48:33.560000 | Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7 | |
| CVE-2025-38617 | 4.7 | 0.00% | 2 | 0 | 2026-01-07T16:57:56.077000 | In the Linux kernel, the following vulnerability has been resolved: net/packet: | |
| CVE-2025-23299 | 6.7 | 0.02% | 2 | 0 | 2025-10-22T21:12:32.330000 | NVIDIA Bluefield and ConnectX contain a vulnerability in the management interfac | |
| CVE-2025-62360 | 8.8 | 0.05% | 1 | 0 | 2025-10-20T16:04:04.377000 | WeGIA is an open source Web Manager for Institutions with a focus on Portuguese | |
| CVE-2025-11462 | 7.8 | 0.04% | 1 | 0 | 2025-10-14T18:31:29 | Improper Link Resolution Before File Access in the AWS VPN Client for macOS vers | |
| CVE-2025-59536 | None | 0.04% | 2 | 0 | 2025-10-03T14:16:36 | Due to a bug in the startup trust dialog implementation, Claude Code could be tr | |
| CVE-2017-13089 | 8.8 | 51.23% | 1 | 2 | 2025-04-20T01:37:25.860000 | The http.c:skip_short_body() function is called in some circumstances, such as w | |
| CVE-2023-6553 | 9.8 | 93.15% | 1 | 4 | template | 2024-11-21T08:44:05.137000 | The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution |
| CVE-2023-41772 | 7.8 | 19.53% | 1 | 1 | 2024-04-04T08:32:52 | Win32k Elevation of Privilege Vulnerability | |
| CVE-2023-3643 | 7.3 | 10.14% | 1 | 0 | 2023-11-07T05:05:15 | A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified | |
| CVE-2023-4116 | 4.3 | 25.35% | 1 | 0 | template | 2023-11-07T05:01:24 | A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking |
| CVE-2026-27825 | 0 | 0.00% | 2 | 1 | N/A | ||
| CVE-2026-27826 | 0 | 0.00% | 2 | 1 | N/A | ||
| CVE-2025-62507 | 0 | 0.12% | 2 | 1 | N/A | ||
| CVE-2025-25198 | 0 | 0.12% | 1 | 2 | N/A | ||
| CVE-2026-3337 | 0 | 0.08% | 1 | 0 | N/A | ||
| CVE-2026-3338 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-21853 | 0 | 0.16% | 1 | 0 | N/A | ||
| CVE-2026-28286 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2025-52468 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-28403 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-25955 | 0 | 0.07% | 1 | 0 | N/A | ||
| CVE-2026-25953 | 0 | 0.09% | 1 | 0 | N/A | ||
| CVE-2026-25952 | 0 | 0.09% | 1 | 0 | N/A | ||
| CVE-2026-25997 | 0 | 0.09% | 1 | 0 | N/A | ||
| CVE-2026-25959 | 0 | 0.08% | 1 | 0 | N/A | ||
| CVE-2026-27950 | 0 | 0.10% | 1 | 0 | N/A | ||
| CVE-2026-24680 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-27633 | 0 | 0.12% | 1 | 0 | N/A | ||
| CVE-2026-28213 | 0 | 0.04% | 1 | 0 | N/A |
updated 2026-03-04T02:08:00.523000
1 posts
🔐 CVE-2026-27751 (CRITICAL): SODOLA SL902-SWTGW124AS gateways (≤200.1.20) use default creds, enabling remote admin takeover. Change all passwords or restrict access ASAP! No patch yet. https://radar.offseq.com/threat/cve-2026-27751-cwe-1392-use-of-default-credentials-706a3fb0 #OffSeq #Vuln #IoTSecurity #NetworkSecurity
##updated 2026-03-03T22:16:29.523000
2 posts
🚨 CVE-2026-3224: CRITICAL auth bypass in Devolutions Server <=2025.3.15.0 using Microsoft Entra ID. Attackers can forge JWTs for full access. No known exploits, but patch ASAP & tighten token validation. https://radar.offseq.com/threat/cve-2026-3224-cwe-287-improper-authentication-cwe--6697497e #OffSeq #Vuln #CyberSecurity #JWT
##🚨 CVE-2026-3224: CRITICAL auth bypass in Devolutions Server <=2025.3.15.0 using Microsoft Entra ID. Attackers can forge JWTs for full access. No known exploits, but patch ASAP & tighten token validation. https://radar.offseq.com/threat/cve-2026-3224-cwe-287-improper-authentication-cwe--6697497e #OffSeq #Vuln #CyberSecurity #JWT
##updated 2026-03-03T22:16:28.993000
2 posts
🟠 CVE-2026-28518 - High (7.8)
OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP arch...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28518/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28518 - High (7.8)
OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP arch...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28518/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T21:52:29.877000
2 posts
⚠️ CRITICAL: CVE-2026-3485 enables remote OS command injection in D-Link DIR-868L (110b03) via SSDP (UPnP). Exploit is public, no patch. Replace or isolate device ASAP — block SSDP, monitor traffic. https://radar.offseq.com/threat/cve-2026-3485-os-command-injection-in-d-link-dir-8-905d15ee #OffSeq #CVE20263485 #RouterSecurity #Vuln
##⚠️ CRITICAL: CVE-2026-3485 enables remote OS command injection in D-Link DIR-868L (110b03) via SSDP (UPnP). Exploit is public, no patch. Replace or isolate device ASAP — block SSDP, monitor traffic. https://radar.offseq.com/threat/cve-2026-3485-os-command-injection-in-d-link-dir-8-905d15ee #OffSeq #CVE20263485 #RouterSecurity #Vuln
##updated 2026-03-03T21:52:29.877000
4 posts
🔴 CVE-2025-59059 - Critical (9.8)
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0.
Users are recommended to upgrade to version 2.8.0, which fixes this issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-59059 - Critical (9.8)
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0.
Users are recommended to upgrade to version 2.8.0, which fixes this issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-59059 - Critical (9.8)
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0.
Users are recommended to upgrade to version 2.8.0, which fixes this issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-59059 - Critical (9.8)
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0.
Users are recommended to upgrade to version 2.8.0, which fixes this issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T21:52:29.877000
2 posts
🟠 CVE-2025-12345 - High (8.8)
A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent Deployment. Such manipulation leads to buffer ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12345/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-12345 - High (8.8)
A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent Deployment. Such manipulation leads to buffer ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12345/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T21:52:29.877000
2 posts
Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338)
Bulletin ID: 2026-005-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/03/02 14:30 PM PST
Description:
AWS-LC is an open-source, general-purpose cryptographic library. We identified three distin...
https://aws.amazon.com/security/security-bulletins/rss/2026-005-aws/
##🟠 CVE-2026-3336 - High (7.5)
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer.
Customers of AWS services do not nee...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3336/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T21:32:19
4 posts
🟠 CVE-2026-0032 - High (7.8)
In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0032/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0032 - High (7.8)
In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0032/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0032 - High (7.8)
In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0032/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0032 - High (7.8)
In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0032/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T21:31:12
2 posts
🟠 CVE-2026-3400 - High (8.8)
A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3400/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛡️ CVE-2026-3400 (HIGH, CVSS 8.7): Stack-based buffer overflow in Tenda AC15 routers (≤v15.13.07.13) allows unauthenticated remote code execution. PoC code is public. Restrict access & monitor for patches! https://radar.offseq.com/threat/cve-2026-3400-stack-based-buffer-overflow-in-tenda-c665b93a #OffSeq #Infosec #CVE #Vulnerability
##updated 2026-03-03T20:16:47.607000
2 posts
🔴 CVE-2026-24114 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24114/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24114 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24114/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T20:16:47.360000
2 posts
🔴 CVE-2026-24112 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24112 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T20:16:47.160000
6 posts
🚨 [CISA-2026:0303] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0303)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21385 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21385)
- Name: Qualcomm Multiple Chipsets Memory Corruption Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Qualcomm
- Product: Multiple Chipsets
- Notes: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385
⚠️ CVE-2026-22719 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22719)
- Name: Broadcom VMware Aria Operations Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Broadcom
- Product: VMware Aria Operations
- Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260303 #cisa20260303 #cve_2026_21385 #cve_2026_22719 #cve202621385 #cve202622719
##CISA flags VMware Aria Operations RCE flaw as exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its...
🔗️ [Bleepingcomputer] https://link.is.it/bR3nUY
##CVE ID: CVE-2026-22719
Vendor: Broadcom
Product: VMware Aria Operations
Date Added: 2026-03-03
Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-22719
🚨 [CISA-2026:0303] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0303)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21385 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21385)
- Name: Qualcomm Multiple Chipsets Memory Corruption Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Qualcomm
- Product: Multiple Chipsets
- Notes: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385
⚠️ CVE-2026-22719 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22719)
- Name: Broadcom VMware Aria Operations Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Broadcom
- Product: VMware Aria Operations
- Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260303 #cisa20260303 #cve_2026_21385 #cve_2026_22719 #cve202621385 #cve202622719
##CISA flags VMware Aria Operations RCE flaw as exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its...
🔗️ [Bleepingcomputer] https://link.is.it/bR3nUY
##CVE ID: CVE-2026-22719
Vendor: Broadcom
Product: VMware Aria Operations
Date Added: 2026-03-03
Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-22719
updated 2026-03-03T20:16:46.140000
15 posts
1 repos
🚨 [CISA-2026:0303] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0303)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21385 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21385)
- Name: Qualcomm Multiple Chipsets Memory Corruption Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Qualcomm
- Product: Multiple Chipsets
- Notes: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385
⚠️ CVE-2026-22719 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22719)
- Name: Broadcom VMware Aria Operations Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Broadcom
- Product: VMware Aria Operations
- Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260303 #cisa20260303 #cve_2026_21385 #cve_2026_22719 #cve202621385 #cve202622719
##Qualcomm Zero-Day CVE-2026-21385 Exploited in Targeted Android Attacks as Spyware Suspicions Rise
A High-Severity Android Vulnerability Sparks Quiet Alarm Across the Security Industry A newly disclosed zero-day vulnerability in Qualcomm chipsets is drawing serious attention after evidence emerged that it has already been exploited in limited and targeted attacks. The flaw, tracked as CVE-2026-21385, affects Android devices powered by a broad range of Qualcomm…
##CVE ID: CVE-2026-21385
Vendor: Qualcomm
Product: Multiple Chipsets
Date Added: 2026-03-03
Notes: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21385
Aggiornamenti Android marzo 2026, corretta una zero-day già sfruttata: cosa fare subito
Google ha rilasciato l’Android Security Bulletin di marzo 2026, il più corposo dell’anno: 129 vulnerabilità corrette di cui una, la CVE-2026-21385...
🔗️ [Cybersecurity360] https://link.is.it/AC1JZ9
##Google confirms that the Qualcomm Android vulnerability CVE-2026-21385 was exploited in real-world attacks.
#CVE_2026_21385
https://securityaffairs.com/188823/security/android-devices-hit-by-exploited-qualcomm-flaw-cve-2026-21385.html
Google Android March 2026 Security Bulletin Patches 129 Vulnerabilities, One Actively Exploited Qualcomm Flaw
Google's March 2026 Android Security Bulletin patches 129 vulnerabilities, including a critical RCE flaw (CVE-2026-0006) requiring no user interaction and multiple CVSS 9.0 privilege escalation bugs in the kernel virtualization layer. A Qualcomm Display component vulnerability (CVE-2026-21385) is already being actively exploited in targeted attacks in the wild.
**An critical update for Android, with actively exploited flaw patched. Most users can't rush the patch because their vendors may not have released an updated version of Android for their devices. Do not delay the update to your Android when the you see the alert that an update is available. Your device may be targeted via the Qualcomm flaw.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/march-2026-android-security-bulletin-patches-129-vulnerabilities-one-actively-exploited-qualcomm-flaw-s-u-0-2-i/gD2P6Ple2L
⚠️ THREAT INTELLIGENCE
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Vulnerability | HIGH
CVEs: CVE-2026-0628, CVE-2026-21385
Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm...
Full analysis:
https://yazoul.net/news/news/new-chrome-vulnerability-let-malicious-extensions-escalate-privileges-via-gemini
The exploited flaw, tracked as CVE-2026-21385 (CVSS score of 7.8) and impacting the graphics component of over 200 Qualcomm chipsets, is described as an integer overflow or wraparound issue leading to memory corruption while using alignments for memory allocation. https://www.securityweek.com/android-update-patches-exploited-qualcomm-zero-day/
##🚨 [CISA-2026:0303] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0303)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-21385 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21385)
- Name: Qualcomm Multiple Chipsets Memory Corruption Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Qualcomm
- Product: Multiple Chipsets
- Notes: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385
⚠️ CVE-2026-22719 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22719)
- Name: Broadcom VMware Aria Operations Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Broadcom
- Product: VMware Aria Operations
- Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260303 #cisa20260303 #cve_2026_21385 #cve_2026_22719 #cve202621385 #cve202622719
##CVE ID: CVE-2026-21385
Vendor: Qualcomm
Product: Multiple Chipsets
Date Added: 2026-03-03
Notes: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21385
Aggiornamenti Android marzo 2026, corretta una zero-day già sfruttata: cosa fare subito
Google ha rilasciato l’Android Security Bulletin di marzo 2026, il più corposo dell’anno: 129 vulnerabilità corrette di cui una, la CVE-2026-21385...
🔗️ [Cybersecurity360] https://link.is.it/AC1JZ9
##Google confirms that the Qualcomm Android vulnerability CVE-2026-21385 was exploited in real-world attacks.
#CVE_2026_21385
https://securityaffairs.com/188823/security/android-devices-hit-by-exploited-qualcomm-flaw-cve-2026-21385.html
Google Android March 2026 Security Bulletin Patches 129 Vulnerabilities, One Actively Exploited Qualcomm Flaw
Google's March 2026 Android Security Bulletin patches 129 vulnerabilities, including a critical RCE flaw (CVE-2026-0006) requiring no user interaction and multiple CVSS 9.0 privilege escalation bugs in the kernel virtualization layer. A Qualcomm Display component vulnerability (CVE-2026-21385) is already being actively exploited in targeted attacks in the wild.
**An critical update for Android, with actively exploited flaw patched. Most users can't rush the patch because their vendors may not have released an updated version of Android for their devices. Do not delay the update to your Android when the you see the alert that an update is available. Your device may be targeted via the Qualcomm flaw.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/march-2026-android-security-bulletin-patches-129-vulnerabilities-one-actively-exploited-qualcomm-flaw-s-u-0-2-i/gD2P6Ple2L
The exploited flaw, tracked as CVE-2026-21385 (CVSS score of 7.8) and impacting the graphics component of over 200 Qualcomm chipsets, is described as an integer overflow or wraparound issue leading to memory corruption while using alignments for memory allocation. https://www.securityweek.com/android-update-patches-exploited-qualcomm-zero-day/
##🟠 CVE-2026-21385 - High (7.8)
Memory corruption while using alignments for memory allocation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21385/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T19:44:19.120000
2 posts
🔴 CVE-2026-24101 - Critical (9.8)
An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 is not validated, potentially leading to a comm...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24101 - Critical (9.8)
An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 is not validated, potentially leading to a comm...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T19:25:48.063000
2 posts
🟠 CVE-2025-48582 - High (8.4)
In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interact...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48582/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48582 - High (8.4)
In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interact...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48582/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T19:25:08.307000
2 posts
🟠 CVE-2025-48602 - High (8.4)
In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges nee...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48602/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48602 - High (8.4)
In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges nee...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48602/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T19:23:29.340000
2 posts
🟠 CVE-2025-48645 - High (7.8)
In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48645/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48645 - High (7.8)
In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48645/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T19:23:05.510000
2 posts
🟠 CVE-2025-48653 - High (7.8)
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48653/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48653 - High (7.8)
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48653/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T19:13:35.437000
1 posts
🟠 CVE-2025-52482 - High (8.3)
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52482/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T19:12:14.917000
2 posts
🔴 CVE-2025-50187 - Critical (9.8)
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50187/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-50187 - Critical (9.8)
Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50187/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:42:10.833000
1 posts
🟠 CVE-2026-0021 - High (8.4)
In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0021/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:41:55.677000
2 posts
🟠 CVE-2026-0011 - High (8.4)
In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User int...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0011/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0011 - High (8.4)
In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User int...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0011/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:40:59.027000
2 posts
🟠 CVE-2026-0017 - High (7.7)
In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0017/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0017 - High (7.7)
In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0017/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:32:35
2 posts
🟠 CVE-2025-48605 - High (8.4)
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48605/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48605 - High (8.4)
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48605/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:32:35
2 posts
🟠 CVE-2025-48619 - High (8.4)
In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges ne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48619/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48619 - High (8.4)
In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges ne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48619/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:32:35
2 posts
🟠 CVE-2025-52365 - High (7.8)
A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). The vulnerability arises from improper inpu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52365/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-52365 - High (7.8)
A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). The vulnerability arises from improper inpu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52365/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:32:35
2 posts
🟠 CVE-2026-25673 - High (7.5)
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29.
`URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows that is disproportionately slow for certain Unico...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25673 - High (7.5)
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29.
`URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows that is disproportionately slow for certain Unico...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:32:35
2 posts
🟠 CVE-2025-48654 - High (7.8)
In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48654/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48654 - High (7.8)
In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48654/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:32:34
2 posts
🟠 CVE-2025-48635 - High (7.7)
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interact...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48635/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48635 - High (7.7)
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interact...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48635/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:33
2 posts
🟠 CVE-2026-20777 - High (8.1)
A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can prov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20777/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20777 - High (8.1)
A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can prov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20777/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:32
2 posts
🟠 CVE-2025-48613 - High (7.8)
In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48613/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48613 - High (7.8)
In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48613/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:32
2 posts
🔴 CVE-2025-48609 - Critical (9.1)
In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execut...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48609/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-48609 - Critical (9.1)
In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execut...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48609/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:32
2 posts
🔴 CVE-2026-22891 - Critical (9.8)
A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-22891 - Critical (9.8)
A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:31
2 posts
🔴 CVE-2026-24115 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24115/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24115 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24115/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:30
2 posts
🔴 CVE-2026-24113 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size va...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24113/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24113 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size va...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24113/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:29
2 posts
🔴 CVE-2026-24111 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and processed by `sscanf` without size validation, it...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24111/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24111 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and processed by `sscanf` without size validation, it...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24111/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:31:29
2 posts
🔴 CVE-2026-24109 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vuln...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24109/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24109 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vuln...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24109/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T18:21:38.663000
2 posts
🔴 CVE-2025-52998 - Critical (9.8)
Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52998/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-52998 - Critical (9.8)
Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classes, as well as fully control their properties, a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52998/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T17:35:16.400000
2 posts
🔒 CVE-2026-3376: HIGH severity buffer overflow in Tenda F453 v1.0.0.3 (/goform/SafeMacFilter). Public exploit enables remote code execution — no auth needed. Isolate devices & restrict access until patched. https://radar.offseq.com/threat/cve-2026-3376-buffer-overflow-in-tenda-f453-d5150655 #OffSeq #RouterVuln #InfoSec
##🟠 CVE-2026-3376 - High (8.8)
A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromSafeMacFilter of the file /goform/SafeMacFilter. Such manipulation of the argument page leads to buffer overflow. It is possible t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3376/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T17:33:26.577000
2 posts
🟠 CVE-2026-3379 - High (8.8)
A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3379/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 HIGH severity: Tenda F453 v1.0.0.3 has a buffer overflow (CVE-2026-3379) in /goform/SetIpBind. Remotely exploitable with no auth. Restrict access, monitor for exploit attempts, and patch ASAP. https://radar.offseq.com/threat/cve-2026-3379-buffer-overflow-in-tenda-f453-63a79945 #OffSeq #Cybersecurity #Vulnerability #CVE20263379
##updated 2026-03-03T17:32:11.063000
2 posts
🔎 HIGH severity: Tenda F453 v1.0.0.3 vulnerable to remote buffer overflow (CVE-2026-3398) via /goform/AdvSetWan. Exploit public, RCE possible with no auth. Disable remote admin & monitor for exploits. Patch ASAP. https://radar.offseq.com/threat/cve-2026-3398-buffer-overflow-in-tenda-f453-735bc013 #OffSeq #Vuln #RouterSec
##🟠 CVE-2026-3398 - High (8.8)
A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Executing a manipulation of the argument wanmode/PPPOEPassword can lead to buffer overflow. The atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3398/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T17:04:04.223000
2 posts
🟠 CVE-2025-48579 - High (8.4)
In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48579/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48579 - High (8.4)
In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48579/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T16:16:21.417000
1 posts
⛔ New security advisory:
CVE-2026-26710 affects Carmelo Simple Food Order System.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://yazoul.net/advisory/cve/cve-2026-26710
updated 2026-03-03T15:54:49.147000
2 posts
🔴 CVE-2026-24108 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size va...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24108/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24108 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size va...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24108/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:32:43
2 posts
🟠 CVE-2026-0007 - High (8.6)
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User inter...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0007/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0007 - High (8.6)
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User inter...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0007/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:32:43
2 posts
🟠 CVE-2026-0023 - High (8.4)
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0023/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0023 - High (8.4)
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0023/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:31:40
4 posts
🟠 CVE-2026-0025 - High (7.8)
In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0025 - High (7.8)
In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0025 - High (7.8)
In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0025 - High (7.8)
In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:31:40
2 posts
🔴 CVE-2026-0029 - Critical (9.8)
In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0029/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-0029 - Critical (9.8)
In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0029/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:31:40
2 posts
🟠 CVE-2026-0010 - High (8.4)
In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0010/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0010 - High (8.4)
In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0010/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:31:40
1 posts
🟠 CVE-2026-0037 - High (8.4)
In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0037/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:31:37
2 posts
🔴 CVE-2026-24105 - Critical (9.8)
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24105/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24105 - Critical (9.8)
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24105/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:31:36
2 posts
🟠 CVE-2026-20423 - High (7.8)
In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR0046...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20423/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20423 - High (7.8)
In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR0046...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20423/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:31:35.410000
1 posts
🟠 CVE-2026-0038 - High (8.4)
In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0038/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:26:21.807000
1 posts
🟠 CVE-2026-0031 - High (8.4)
In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0031/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T15:16:18.363000
8 posts
1 repos
https://github.com/watchtowrlabs/watchTowr-vs-JunosEvolved-CVE-2026-21902
New.
WatchTower: Sometimes, You Can Just Feel The Security In The Design (Juniper Junos Evolved CVE-2026-21902 Pre-Auth RCE) https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/ #infosec #threatresearch
##Sometimes, You Can Just Feel The Security In The Design (Junos OS Evolved CVE-2026-21902 RCE)
#CVE_2026_21902
https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/
Sometimes, You Can Just Feel The Security In The Design (Junos OS Evolved CVE-2026-21902 RCE) https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/
##Sometimes, You Can Just Feel The Security In The Design (Junos OS Evolved CVE-2026-21902 RCE) - watchTowr Labs https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/
##New.
WatchTower: Sometimes, You Can Just Feel The Security In The Design (Juniper Junos Evolved CVE-2026-21902 Pre-Auth RCE) https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/ #infosec #threatresearch
##Sometimes, You Can Just Feel The Security In The Design (Junos OS Evolved CVE-2026-21902 RCE)
#CVE_2026_21902
https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/
Sometimes, You Can Just Feel The Security In The Design (Junos OS Evolved CVE-2026-21902 RCE) - watchTowr Labs https://labs.watchtowr.com/sometimes-you-can-just-feel-the-security-in-the-design-junos-os-evolved-cve-2026-21902-rce/
##CVE-2026-21902 represents a high-impact infrastructure exposure.
Affected platform: Junos OS Evolved on PTX series routers.
Attack vector: Unauthenticated network access.
Privilege level: Root execution.
Service: On-Box Anomaly Detection, enabled by default.
Strategic risk:
• Traffic interception capability
• Policy manipulation
• Controller redirection
• Lateral pivoting
• Long-term foothold persistence
Although no exploitation has been observed, historically, high-performance routing infrastructure is a prime target due to its control-plane visibility and network centrality.
Recommended actions:
– Immediate patch validation
– Control-plane traffic monitoring
– Service exposure review
– Network segmentation validation
– Threat hunting for anomalous routing behavior
Are infrastructure devices integrated into your continuous detection engineering pipeline?
Source: https://www.securityweek.com/juniper-networks-ptx-routers-affected-by-critical-vulnerability/
Engage below.
Follow TechNadu for high-signal vulnerability intelligence.
Repost to strengthen security awareness.
#Infosec #CVE2026 #Juniper #RouterSecurity #CriticalInfrastructure #ThreatModeling #DetectionEngineering #NetworkDefense #ZeroTrustArchitecture #CyberRisk #SecurityOperations #VulnerabilityManagement
##updated 2026-03-03T13:22:41.723000
2 posts
🟠 CVE-2026-0026 - High (7.8)
In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0026/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0026 - High (7.8)
In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0026/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T13:20:00.050000
2 posts
🟠 CVE-2026-0008 - High (8.4)
In multiple locations, there is a possible privilege escalation due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0008/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0008 - High (8.4)
In multiple locations, there is a possible privilege escalation due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0008/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T13:17:13.197000
2 posts
🟠 CVE-2025-48650 - High (8.4)
In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48650/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48650 - High (8.4)
In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48650/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T12:31:32
4 posts
🔴 CVE-2026-22886 - Critical (9.8)
OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires
authentication. However, the product ships with a default administrative account (admin/
admin) and does not enforce a mandatory password change on first use. Afte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛑 CRITICAL: CVE-2026-22886 in Eclipse OpenMQ lets remote attackers fully compromise brokers via default admin/admin creds if mgmt service is open. Disable unneeded services & update passwords now! https://radar.offseq.com/threat/cve-2026-22886-cwe-1392-use-of-default-credentials-68ab8e2b #OffSeq #CVE202622886 #EclipseOpenMQ #infosec
##🔴 CVE-2026-22886 - Critical (9.8)
OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires
authentication. However, the product ships with a default administrative account (admin/
admin) and does not enforce a mandatory password change on first use. Afte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛑 CRITICAL: CVE-2026-22886 in Eclipse OpenMQ lets remote attackers fully compromise brokers via default admin/admin creds if mgmt service is open. Disable unneeded services & update passwords now! https://radar.offseq.com/threat/cve-2026-22886-cwe-1392-use-of-default-credentials-68ab8e2b #OffSeq #CVE202622886 #EclipseOpenMQ #infosec
##updated 2026-03-03T09:30:54
2 posts
⚠️ CVE-2026-1874 (HIGH): Mitsubishi MELSEC iQ-F FX5-ENET/IP modules ≤1.106 vulnerable to unauthenticated UDP-based DoS. No patch yet. Segment networks & monitor UDP traffic. Reset needed to recover. https://radar.offseq.com/threat/cve-2026-1874-cwe-670-always-incorrect-control-flo-ab07aefb #OffSeq #ICS #Infosec #Vulnerability
##⚠️ CVE-2026-1874 (HIGH): Mitsubishi MELSEC iQ-F FX5-ENET/IP modules ≤1.106 vulnerable to unauthenticated UDP-based DoS. No patch yet. Segment networks & monitor UDP traffic. Reset needed to recover. https://radar.offseq.com/threat/cve-2026-1874-cwe-670-always-incorrect-control-flo-ab07aefb #OffSeq #ICS #Infosec #Vulnerability
##updated 2026-03-03T09:30:54
2 posts
🔎 CVE-2026-1875 (HIGH, CVSS 8.7) hits all Mitsubishi MELSEC iQ-F FX5-EIP modules. Remote UDP floods cause DoS — no auth needed. Segment networks & monitor UDP traffic. No known exploits, patch when available. https://radar.offseq.com/threat/cve-2026-1875-cwe-404-improper-resource-shutdown-o-290a0193 #OffSeq #ICS #CVE20261875 #OTSecurity
##🔎 CVE-2026-1875 (HIGH, CVSS 8.7) hits all Mitsubishi MELSEC iQ-F FX5-EIP modules. Remote UDP floods cause DoS — no auth needed. Segment networks & monitor UDP traffic. No known exploits, patch when available. https://radar.offseq.com/threat/cve-2026-1875-cwe-404-improper-resource-shutdown-o-290a0193 #OffSeq #ICS #CVE20261875 #OTSecurity
##updated 2026-03-03T06:31:14
4 posts
🔴 CVE-2026-1492 - Critical (9.8)
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and includ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1492/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-1492 (CRITICAL, CVSS 9.8): wpeverest User Registration plugin ≤5.1.2 lets unauthenticated attackers register admin accounts via improper privilege checks. Disable registrations & audit users urgently! https://radar.offseq.com/threat/cve-2026-1492-cwe-269-improper-privilege-managemen-edd7f3b1 #OffSeq #WordPress #Infosec #Vuln
##🔴 CVE-2026-1492 - Critical (9.8)
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and includ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1492/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-1492 (CRITICAL, CVSS 9.8): wpeverest User Registration plugin ≤5.1.2 lets unauthenticated attackers register admin accounts via improper privilege checks. Disable registrations & audit users urgently! https://radar.offseq.com/threat/cve-2026-1492-cwe-269-improper-privilege-managemen-edd7f3b1 #OffSeq #WordPress #Infosec #Vuln
##updated 2026-03-03T03:33:44
2 posts
🔴 CVE-2026-24107 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24107/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24107 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24107/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T03:32:48
6 posts
🟠 CVE-2026-2448 - High (8.8)
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate_template() function. This makes it possible for authenticated attackers, with Contributor-level a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2448/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2448 - High (8.8)
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate_template() function. This makes it possible for authenticated attackers, with Contributor-level a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2448/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-2448: HIGH severity path traversal in Page Builder by SiteOrigin (all versions). Contributor+ authentication enables LFI, risking server takeover. No patch yet — restrict permissions, monitor activity, and use a WAF. https://radar.offseq.com/threat/cve-2026-2448-cwe-22-improper-limitation-of-a-path-365740f6 #OffSeq #WordPress #Vuln
##🟠 CVE-2026-2448 - High (8.8)
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate_template() function. This makes it possible for authenticated attackers, with Contributor-level a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2448/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2448 - High (8.8)
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate_template() function. This makes it possible for authenticated attackers, with Contributor-level a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2448/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-2448: HIGH severity path traversal in Page Builder by SiteOrigin (all versions). Contributor+ authentication enables LFI, risking server takeover. No patch yet — restrict permissions, monitor activity, and use a WAF. https://radar.offseq.com/threat/cve-2026-2448-cwe-22-improper-limitation-of-a-path-365740f6 #OffSeq #WordPress #Vuln
##updated 2026-03-03T03:32:48
3 posts
1 repos
🔴 CVE-2026-2628 - Critical (9.8)
The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2628/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2628 - Critical (9.8)
The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2628/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-2628: CRITICAL auth bypass in All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin (≤2.2.5). Attackers can access WP admin accounts with no credentials. Disable plugin or restrict logins until patched! https://radar.offseq.com/threat/cve-2026-2628-cwe-288-authentication-bypass-using--3ce6682b #OffSeq #WordPress #AzureAD
##updated 2026-03-03T00:32:12
2 posts
🟠 CVE-2025-48567 - High (7.8)
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution priv...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48567/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48567 - High (7.8)
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution priv...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48567/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T00:31:17
3 posts
🟠 CVE-2026-1566 - High (8.8)
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1566/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1566 - High (8.8)
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5.2.7. This is due to the plugin allowing users with a LatePo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1566/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚩 CVE-2026-1566 (HIGH): LatePoint WordPress plugin lets Agent users reset admin passwords — leads to full privilege escalation. All versions up to 5.2.7 affected. Restrict Agent roles & monitor now. https://radar.offseq.com/threat/cve-2026-1566-cwe-269-improper-privilege-managemen-02d5d7d7 #OffSeq #WordPress #Vuln #Infosec
##updated 2026-03-03T00:31:11
1 posts
🟠 CVE-2026-0020 - High (8.4)
In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0020/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T00:31:10
5 posts
1 repos
Google Android March 2026 Security Bulletin Patches 129 Vulnerabilities, One Actively Exploited Qualcomm Flaw
Google's March 2026 Android Security Bulletin patches 129 vulnerabilities, including a critical RCE flaw (CVE-2026-0006) requiring no user interaction and multiple CVSS 9.0 privilege escalation bugs in the kernel virtualization layer. A Qualcomm Display component vulnerability (CVE-2026-21385) is already being actively exploited in targeted attacks in the wild.
**An critical update for Android, with actively exploited flaw patched. Most users can't rush the patch because their vendors may not have released an updated version of Android for their devices. Do not delay the update to your Android when the you see the alert that an update is available. Your device may be targeted via the Qualcomm flaw.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/march-2026-android-security-bulletin-patches-129-vulnerabilities-one-actively-exploited-qualcomm-flaw-s-u-0-2-i/gD2P6Ple2L
🔴 CVE-2026-0006 - Critical (9.8)
In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0006/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Google Android March 2026 Security Bulletin Patches 129 Vulnerabilities, One Actively Exploited Qualcomm Flaw
Google's March 2026 Android Security Bulletin patches 129 vulnerabilities, including a critical RCE flaw (CVE-2026-0006) requiring no user interaction and multiple CVSS 9.0 privilege escalation bugs in the kernel virtualization layer. A Qualcomm Display component vulnerability (CVE-2026-21385) is already being actively exploited in targeted attacks in the wild.
**An critical update for Android, with actively exploited flaw patched. Most users can't rush the patch because their vendors may not have released an updated version of Android for their devices. Do not delay the update to your Android when the you see the alert that an update is available. Your device may be targeted via the Qualcomm flaw.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/march-2026-android-security-bulletin-patches-129-vulnerabilities-one-actively-exploited-qualcomm-flaw-s-u-0-2-i/gD2P6Ple2L
🔴 CVE-2026-0006 - Critical (9.8)
In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0006/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-0006: CRITICAL RCE in Android 16 via heap buffer overflows. No user action or privileges needed — remote attackers can fully compromise devices. Patch urgently when available! https://radar.offseq.com/threat/cve-2026-0006-remote-code-execution-in-google-andr-79236030 #OffSeq #Android #RCE #Vulnerability
##updated 2026-03-03T00:31:10
2 posts
🟠 CVE-2025-48646 - High (7.8)
In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48646/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48646 - High (7.8)
In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48646/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T00:31:10
2 posts
🟠 CVE-2026-0013 - High (8.4)
In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0013/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0013 - High (8.4)
In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0013/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T00:31:09
2 posts
🟠 CVE-2025-48578 - High (7.8)
In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48578/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48578 - High (7.8)
In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48578/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-03T00:31:09
2 posts
🟠 CVE-2025-48574 - High (8.4)
In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges neede...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48574/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48574 - High (8.4)
In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges neede...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48574/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T22:05:08.293000
1 posts
🟠 CVE-2026-20430 - High (8.8)
In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for explo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20430/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T22:04:18.130000
1 posts
🟠 CVE-2026-20434 - High (7.5)
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20434/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T21:31:51
1 posts
🟠 CVE-2026-0035 - High (8.4)
In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0035/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T21:31:51
1 posts
🟠 CVE-2026-0028 - High (8.4)
In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0028/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T21:31:44
1 posts
🟠 CVE-2026-0047 - High (8.4)
In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0047/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T21:31:43
1 posts
🟠 CVE-2026-0030 - High (8.4)
In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0030/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T21:31:42
1 posts
🟠 CVE-2026-0034 - High (8.4)
In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0034/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T21:31:42
2 posts
🟠 CVE-2025-48636 - High (8.4)
In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48636/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48636 - High (8.4)
In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48636/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T21:31:38
1 posts
🟠 CVE-2025-32313 - High (8.4)
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for explo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-32313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T20:30:10.923000
1 posts
🚨 CVE-2026-3010: CRITICAL XSS in Microchip TimePictra v11.0 – 11.3 SP2. Remote, unauthenticated attackers can inject scripts via web UI. Restrict access, enable WAF, monitor logs. Patch awaited. Full info: https://radar.offseq.com/threat/cve-2026-3010-cwe-79-improper-neutralization-of-in-f593f595 #OffSeq #XSS #ICS #Vuln
##updated 2026-03-02T20:30:10.923000
1 posts
1 repos
🚨 CRITICAL: CVE-2026-2749 hits Centreon Open Tickets (Linux Central Server). All before v25.10.3/24.10.8/24.04.7 at risk — remote exploit, full compromise possible. Restrict access & monitor systems! https://radar.offseq.com/threat/cve-2026-2749-e23f9297 #OffSeq #Centreon #Vuln
##updated 2026-03-02T20:29:29.330000
1 posts
🟠 CVE-2026-21882 - High (8.4)
theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21882/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T20:29:29.330000
1 posts
1 repos
🟠 CVE-2025-58107 - High (7.5)
In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base6...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-58107/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T20:29:29.330000
1 posts
🟠 CVE-2026-3132 - High (8.8)
The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.1.3 via the 'JLTMA_Widget_Admin::render_preview'. This is due to missing capability check. This makes it po...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3132/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T20:29:29.330000
1 posts
🟠 CVE-2025-47373 - High (7.8)
Memory Corruption when accessing buffers with invalid length during TA invocation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47373/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T20:29:29.330000
1 posts
🟠 CVE-2025-47376 - High (7.8)
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47376/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T20:29:29.330000
1 posts
🟠 CVE-2025-47381 - High (7.8)
Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47381/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T20:29:29.330000
1 posts
🟠 CVE-2025-59603 - High (7.8)
Memory Corruption when processing invalid user address with nonstandard buffer address.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59603/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:52
1 posts
🟠 CVE-2026-3180 - High (7.5)
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cgl_mail’ parameter in all versions up to, and including, 28.1....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3180/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:51
2 posts
1 repos
🔴 CVE-2026-26720 - Critical (9.8)
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26720/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26720 - Critical (9.8)
An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26720/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:51
1 posts
🟠 CVE-2025-47377 - High (7.8)
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47377/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:51
1 posts
🟠 CVE-2025-47386 - High (7.8)
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47386/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:51
1 posts
🟠 CVE-2025-59600 - High (7.8)
Memory Corruption when adding user-supplied data without checking available buffer space.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-59600/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:45
2 posts
🔴 CVE-2026-24110 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n\r\t]", &dhcpsIndex, dhcpsI...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24110/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24110 - Critical (9.8)
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n\r\t]", &dhcpsIndex, dhcpsI...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24110/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:45
1 posts
🟠 CVE-2025-47375 - High (7.8)
Memory corruption while handling different IOCTL calls from the user-space simultaneously.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47375/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:45
1 posts
🟠 CVE-2025-47379 - High (7.8)
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47379/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:45
1 posts
🟠 CVE-2025-47385 - High (7.8)
Memory Corruption when accessing trusted execution environment without proper privilege check.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-47385/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:41
2 posts
🔴 CVE-2026-21658 - Critical (9.8)
Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21658/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##📈 CVE Published in last 7 days (2026-02-23 - 2026-03-02)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 974
Severity:
- Critical: 145
- High: 315
- Medium: 431
- Low: 49
- None: 34
Status:
- : 10
- Analyzed: 435
- Awaiting Analysis: 257
- Modified: 60
- Received: 119
- Rejected: 17
- Undergoing Analysis: 76
Top CNAs:
- GitHub, Inc.: 354
- VulDB: 131
- VulnCheck: 70
- Mozilla Corporation: 52
- ICS-CERT: 51
- MITRE: 34
- Wordfence: 34
- Red Hat, Inc.: 15
- Cisco Systems, Inc.: 15
- GitLab Inc.: 13
Top Affected Products:
- UNKNOWN: 459
- Mozilla Firefox: 52
- Mozilla Thunderbird: 50
- Imagemagick: 34
- Open-emr Openemr: 25
- Copeland Xweb 300d Pro Firmware: 15
- Freerdp: 15
- Copeland Xweb 500b Pro Firmware: 15
- Copeland Xweb 500d Pro Firmware: 15
- Tenda F453 Firmware: 10
Top EPSS Score:
- CVE-2026-3301 - 2.90 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3301)
- CVE-2025-70328 - 2.51 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70328)
- CVE-2026-20127 - 2.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20127)
- CVE-2025-70327 - 1.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70327)
- CVE-2026-24663 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24663)
- CVE-2026-22553 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22553)
- CVE-2026-26222 - 0.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26222)
- CVE-2026-26331 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26331)
- CVE-2026-27498 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27498)
- CVE-2026-21658 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21658)
updated 2026-03-02T18:31:41
1 posts
🔴 CVE-2026-21657 - Critical (9.8)
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21657/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:41
1 posts
🔴 CVE-2026-21656 - Critical (9.8)
Improper Control of Generation of Code ('Code Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21656/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:41
1 posts
🔴 CVE-2026-21654 - Critical (9.8)
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21654/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:31:41
1 posts
🔴 CVE-2026-21659 - Critical (9.8)
Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to
execute arbitrary code on the affected device, lea...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21659/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T18:23:05.353000
1 posts
🔴 CVE-2026-21660 - Critical (9.8)
Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: Plaintext Storage of a Password) vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21660/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T15:58:07
1 posts
🟠 CVE-2026-22206 - High (8.8)
SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw comb...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22206/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T15:31:31
1 posts
New.
Tenable has added three vulnerabilities to its threat advisories:
- Critical: CVE-2026-3432: Sim Studio AI - Unauthenticated OAuth Token Theft https://www.tenable.com/security/research/tra-2026-13
- Critical: CVE-2026-3431: Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion https://www.tenable.com/security/research/tra-2026-12
- Medium: CVE-2026-27167: Gradio - Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret https://www.tenable.com/security/research/tra-2026-11 @tenable #vulnerability #infosec
##updated 2026-03-02T15:31:31
2 posts
New.
Tenable has added three vulnerabilities to its threat advisories:
- Critical: CVE-2026-3432: Sim Studio AI - Unauthenticated OAuth Token Theft https://www.tenable.com/security/research/tra-2026-13
- Critical: CVE-2026-3431: Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion https://www.tenable.com/security/research/tra-2026-12
- Medium: CVE-2026-27167: Gradio - Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret https://www.tenable.com/security/research/tra-2026-11 @tenable #vulnerability #infosec
##🔴 CVE-2026-3431 - Critical (9.8)
On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB insta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3431/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T14:54:48.080000
1 posts
🟠 CVE-2026-27942 - High (7.5)
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `pr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27942/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T09:30:38
1 posts
🔴 CVE-2026-2999 - Critical (9.8)
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2999/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T09:30:37
3 posts
⛔ New security advisory:
CVE-2026-3000 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://yazoul.net/advisory/cve/cve-2026-3000
🚨 CVE-2026-3000 (CRITICAL): IDExpert Windows Logon Agent v2.7.3.230719 allows unauthenticated remote code execution via malicious DLL download. Disable agent, monitor for unusual activity, restrict outbound traffic. https://radar.offseq.com/threat/cve-2026-3000-cwe-494-download-of-code-without-int-6f96a540 #OffSeq #Cybersecurity #RCE #CVE
##🔴 CVE-2026-3000 - Critical (9.8)
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3000/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T09:30:37
1 posts
🚨 CRITICAL: CVE-2026-2584 in Ciser CSIP firmware 3.0 – 5.1 enables unauthenticated SQL injection via login interface. Config data at risk — patch not yet released. Restrict access & monitor now. https://radar.offseq.com/threat/cve-2026-2584-cwe-89-improper-neutralization-of-sp-3951e11b #OffSeq #CVE20262584 #SQLi #FirmwareSecurity
##updated 2026-03-02T09:30:31
2 posts
🚨 CRITICAL: CVE-2026-3422 in e-Excellence U-Office Force enables unauthenticated remote code execution via insecure deserialization (CWE-502). No patch — restrict access, monitor traffic, use WAF/RASP. https://radar.offseq.com/threat/cve-2026-3422-cwe-502-deserialization-of-untrusted-c53bebca #OffSeq #Vulnerability #Infosec #CVE20263422
##🔴 CVE-2026-3422 - Critical (9.8)
U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted serialized content.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-02T06:32:05
1 posts
CVE-2026-3412: Medium XSS in itsourcecode University Management System v1.0. 'dt' param in /att_single_view.php is vulnerable. Public exploit available — patch or mitigate to prevent session hijack & data theft. Details: https://radar.offseq.com/threat/cve-2026-3412-cross-site-scripting-in-itsourcecode-e5baf82a #OffSeq #XSS #Vuln
##updated 2026-03-02T06:32:05
1 posts
🔎 CVE-2026-3408 (MEDIUM): Open Babel 3.1.0/3.1.1 vulnerable to DoS via null pointer dereference in CDXML handler. Exploit public, patch available (commit e23a224b8fd9…). Update now to prevent app crashes! https://radar.offseq.com/threat/cve-2026-3408-null-pointer-dereference-in-open-bab-da0da361 #OffSeq #OpenBabel #VulnAlert
##updated 2026-03-02T00:30:29
2 posts
🚨 HIGH severity: CVE-2026-3399 impacts Tenda F453 (v1.0.0.3) via buffer overflow in httpd's fromGstDhcpSetSer. Remotely exploitable, public exploit available. Patch or mitigate now to prevent device takeover! https://radar.offseq.com/threat/cve-2026-3399-buffer-overflow-in-tenda-f453-2372f90c #OffSeq #Vuln #Infosec #Router
##🟠 CVE-2026-3399 - High (8.8)
A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The at...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3399/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-01T06:31:35
2 posts
🚨 CVE-2026-3380: HIGH-severity buffer overflow in Tenda F453 (v1.0.0.3). Remotely exploitable, no auth needed — PoC public. Isolate devices, restrict WAN, monitor for /goform/L7Im traffic. Patch pending. https://radar.offseq.com/threat/cve-2026-3380-buffer-overflow-in-tenda-f453-54481f34 #OffSeq #Vulnerability #Tenda #InfoSec
##🟠 CVE-2026-3380 - High (8.8)
A vulnerability was found in Tenda F453 1.0.0.3. This issue affects the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page results in buffer overflow. The attack may be launched remotely. The exploit has been made...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3380/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-01T03:30:24
2 posts
🔥 CVE-2026-3378 (HIGH, CVSS 8.7): Buffer overflow in Tenda F453 (FW 1.0.0.3) lets remote attackers execute code or cause DoS — no authentication needed. PoC exploit published. Patch or restrict access now! https://radar.offseq.com/threat/cve-2026-3378-buffer-overflow-in-tenda-f453-0b5023a3 #OffSeq #Vulnerability #Tenda #RouterSecurity
##🟠 CVE-2026-3378 - High (8.8)
A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromqossetting of the file /goform/qossetting. Executing a manipulation of the argument qos can lead to buffer overflow. The attack can be launched remotely. The exploit has be...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3378/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-01T01:00:34
1 posts
New.
Tenable has added three vulnerabilities to its threat advisories:
- Critical: CVE-2026-3432: Sim Studio AI - Unauthenticated OAuth Token Theft https://www.tenable.com/security/research/tra-2026-13
- Critical: CVE-2026-3431: Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion https://www.tenable.com/security/research/tra-2026-12
- Medium: CVE-2026-27167: Gradio - Mocked OAuth Login Exposes Server Credentials and Uses Hardcoded Session Secret https://www.tenable.com/security/research/tra-2026-11 @tenable #vulnerability #infosec
##updated 2026-03-01T00:30:19
2 posts
🛡️ HIGH severity: CVE-2026-28562 in wpForo Forum 2.4.14 (WordPress) — unauthenticated SQL injection via wpfob, enabling blind credential extraction. Apply WAF rules & monitor logs until a fix is released. https://radar.offseq.com/threat/cve-2026-28562-improper-neutralization-of-special--22c35314 #OffSeq #WordPress #SQLInjection #Infosec
##🟠 CVE-2026-28562 - High (8.2)
wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::get_topics() where the ORDER BY clause relies on ineffective esc_sql() sanitization on unquoted identifiers. Attackers exploit the wpfob parameter with CASE WHEN payl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28562/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-01T00:30:19
2 posts
⚠️ CVE-2026-3377 (HIGH): Buffer overflow in Tenda F453 v1.0.0.3 via /goform/SafeUrlFilter. Public exploit available, no patch yet. Restrict device access & monitor traffic. Details: https://radar.offseq.com/threat/cve-2026-3377-buffer-overflow-in-tenda-f453-c140c206 #OffSeq #Vulnerability #Tenda #Infosec
##🟠 CVE-2026-3377 - High (8.8)
A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3377/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-28T12:30:25
1 posts
⚠️ CRITICAL vuln in Microchip TimePictra (11.0 – 11.3 SP2): CVE-2026-2844 lets remote, unauthenticated attackers manipulate configs. No patch yet — restrict access & monitor logs! https://radar.offseq.com/threat/cve-2026-2844-cwe-306-missing-authentication-for-c-aa868998 #OffSeq #TimePictra #Vulnerability #OTSecurity
##updated 2026-02-28T09:30:14
1 posts
🟠 CVE-2025-13673 - High (7.5)
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'coupon_code' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-28T01:01:22.727000
1 posts
🟠 CVE-2026-27630 - High (7.5)
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service (DoS) attack known as Slowloris. The server spawns a new OS thread for every incoming connection without enforc...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27630/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T21:51:40
1 posts
📈 CVE Published in last 7 days (2026-02-23 - 2026-03-02)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 974
Severity:
- Critical: 145
- High: 315
- Medium: 431
- Low: 49
- None: 34
Status:
- : 10
- Analyzed: 435
- Awaiting Analysis: 257
- Modified: 60
- Received: 119
- Rejected: 17
- Undergoing Analysis: 76
Top CNAs:
- GitHub, Inc.: 354
- VulDB: 131
- VulnCheck: 70
- Mozilla Corporation: 52
- ICS-CERT: 51
- MITRE: 34
- Wordfence: 34
- Red Hat, Inc.: 15
- Cisco Systems, Inc.: 15
- GitLab Inc.: 13
Top Affected Products:
- UNKNOWN: 459
- Mozilla Firefox: 52
- Mozilla Thunderbird: 50
- Imagemagick: 34
- Open-emr Openemr: 25
- Copeland Xweb 300d Pro Firmware: 15
- Freerdp: 15
- Copeland Xweb 500b Pro Firmware: 15
- Copeland Xweb 500d Pro Firmware: 15
- Tenda F453 Firmware: 10
Top EPSS Score:
- CVE-2026-3301 - 2.90 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3301)
- CVE-2025-70328 - 2.51 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70328)
- CVE-2026-20127 - 2.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20127)
- CVE-2025-70327 - 1.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70327)
- CVE-2026-24663 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24663)
- CVE-2026-22553 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22553)
- CVE-2026-26222 - 0.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26222)
- CVE-2026-26331 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26331)
- CVE-2026-27498 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27498)
- CVE-2026-21658 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21658)
updated 2026-02-27T21:32:27
1 posts
🟠 CVE-2025-40932 - High (8.2)
Apache::SessionX versions through 2.01 for Perl create insecure session id.
Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40932/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T21:32:27
1 posts
🟠 CVE-2026-2597 - High (7.5)
Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function random_bytes().
The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2597/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T21:32:22
1 posts
🟠 CVE-2026-27141 - High (7.5)
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27141/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T21:31:21
1 posts
🔴 CVE-2026-22207 - Critical (9.8)
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the root_api_key configuration is omitted. Attackers can send requests ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22207/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T21:31:21
1 posts
🟠 CVE-2026-22205 - High (7.5)
SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22205/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T21:31:19
1 posts
📈 CVE Published in last 7 days (2026-02-23 - 2026-03-02)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 974
Severity:
- Critical: 145
- High: 315
- Medium: 431
- Low: 49
- None: 34
Status:
- : 10
- Analyzed: 435
- Awaiting Analysis: 257
- Modified: 60
- Received: 119
- Rejected: 17
- Undergoing Analysis: 76
Top CNAs:
- GitHub, Inc.: 354
- VulDB: 131
- VulnCheck: 70
- Mozilla Corporation: 52
- ICS-CERT: 51
- MITRE: 34
- Wordfence: 34
- Red Hat, Inc.: 15
- Cisco Systems, Inc.: 15
- GitLab Inc.: 13
Top Affected Products:
- UNKNOWN: 459
- Mozilla Firefox: 52
- Mozilla Thunderbird: 50
- Imagemagick: 34
- Open-emr Openemr: 25
- Copeland Xweb 300d Pro Firmware: 15
- Freerdp: 15
- Copeland Xweb 500b Pro Firmware: 15
- Copeland Xweb 500d Pro Firmware: 15
- Tenda F453 Firmware: 10
Top EPSS Score:
- CVE-2026-3301 - 2.90 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3301)
- CVE-2025-70328 - 2.51 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70328)
- CVE-2026-20127 - 2.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20127)
- CVE-2025-70327 - 1.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70327)
- CVE-2026-24663 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24663)
- CVE-2026-22553 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22553)
- CVE-2026-26222 - 0.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26222)
- CVE-2026-26331 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26331)
- CVE-2026-27498 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27498)
- CVE-2026-21658 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21658)
updated 2026-02-27T19:16:08.767000
2 posts
From DDS Packets to Robot Shells: Two RCEs in Unitree Robots (CVE-2026-27509 & CVE-2026-27510) https://boschko.ca/unitree-go2-rce/
##🔴 CVE-2026-27510 - Critical (9.6)
Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.doggo2), are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27510/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T19:16:08.547000
2 posts
From DDS Packets to Robot Shells: Two RCEs in Unitree Robots (CVE-2026-27509 & CVE-2026-27510) https://boschko.ca/unitree-go2-rce/
##🟠 CVE-2026-27509 - High (8)
Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programming_actuator/request handled by actuator_manager.py. A network-adjacent, una...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27509/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T19:11:09.313000
1 posts
🟠 CVE-2026-26986 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `rail_window_free` dereferences a freed `xfAppWindow` pointer during `HashTable_Free` cleanup because `xf_rail_window_common` calls `free(appWindow)` on titl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26986/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T18:35:58
1 posts
🟠 CVE-2026-27449 - High (7.5)
Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco Engage prior to versions 16.2.1 and 17.1.1 where certain API endpoints are exposed without enforcing authentication or authorization checks. The aff...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27449/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T18:31:05
1 posts
📈 CVE Published in last 7 days (2026-02-23 - 2026-03-02)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 974
Severity:
- Critical: 145
- High: 315
- Medium: 431
- Low: 49
- None: 34
Status:
- : 10
- Analyzed: 435
- Awaiting Analysis: 257
- Modified: 60
- Received: 119
- Rejected: 17
- Undergoing Analysis: 76
Top CNAs:
- GitHub, Inc.: 354
- VulDB: 131
- VulnCheck: 70
- Mozilla Corporation: 52
- ICS-CERT: 51
- MITRE: 34
- Wordfence: 34
- Red Hat, Inc.: 15
- Cisco Systems, Inc.: 15
- GitLab Inc.: 13
Top Affected Products:
- UNKNOWN: 459
- Mozilla Firefox: 52
- Mozilla Thunderbird: 50
- Imagemagick: 34
- Open-emr Openemr: 25
- Copeland Xweb 300d Pro Firmware: 15
- Freerdp: 15
- Copeland Xweb 500b Pro Firmware: 15
- Copeland Xweb 500d Pro Firmware: 15
- Tenda F453 Firmware: 10
Top EPSS Score:
- CVE-2026-3301 - 2.90 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3301)
- CVE-2025-70328 - 2.51 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70328)
- CVE-2026-20127 - 2.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20127)
- CVE-2025-70327 - 1.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70327)
- CVE-2026-24663 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24663)
- CVE-2026-22553 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22553)
- CVE-2026-26222 - 0.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26222)
- CVE-2026-26331 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26331)
- CVE-2026-27498 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27498)
- CVE-2026-21658 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21658)
updated 2026-02-27T16:03:55
1 posts
🟠 CVE-2026-27969 - High (8.8)
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that files in the...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T15:53:07.053000
1 posts
🔴 CVE-2026-28215 - Critical (9.1)
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticated attacker can overwrite the entire infrastructure configuration of a self-hosted Hoppscotch instance including OAuth provider credentials and SMTP...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28215/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T15:34:18
1 posts
🟠 CVE-2026-23750 - High (8.1)
Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. server_cert_write() allocates a heap buffer of size CONFIG_POUCH_SERVER_CERT_MAX_LEN when receiving the first fra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23750/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T14:56:16.663000
1 posts
🟠 CVE-2026-25954 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_local_move_size` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` returns an unprotected pointer from the `railWindows...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25954/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T14:54:06.747000
1 posts
🟠 CVE-2026-25942 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_execute_result` indexes the global `error_code_names[]` array (7 elements, indices 0–6) with an unchecked `execResult->execResult` value re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25942/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T14:51:47.317000
1 posts
🟠 CVE-2026-23627 - High (8.8)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queri...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23627/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T14:06:37.987000
1 posts
📈 CVE Published in last 7 days (2026-02-23 - 2026-03-02)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 974
Severity:
- Critical: 145
- High: 315
- Medium: 431
- Low: 49
- None: 34
Status:
- : 10
- Analyzed: 435
- Awaiting Analysis: 257
- Modified: 60
- Received: 119
- Rejected: 17
- Undergoing Analysis: 76
Top CNAs:
- GitHub, Inc.: 354
- VulDB: 131
- VulnCheck: 70
- Mozilla Corporation: 52
- ICS-CERT: 51
- MITRE: 34
- Wordfence: 34
- Red Hat, Inc.: 15
- Cisco Systems, Inc.: 15
- GitLab Inc.: 13
Top Affected Products:
- UNKNOWN: 459
- Mozilla Firefox: 52
- Mozilla Thunderbird: 50
- Imagemagick: 34
- Open-emr Openemr: 25
- Copeland Xweb 300d Pro Firmware: 15
- Freerdp: 15
- Copeland Xweb 500b Pro Firmware: 15
- Copeland Xweb 500d Pro Firmware: 15
- Tenda F453 Firmware: 10
Top EPSS Score:
- CVE-2026-3301 - 2.90 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3301)
- CVE-2025-70328 - 2.51 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70328)
- CVE-2026-20127 - 2.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20127)
- CVE-2025-70327 - 1.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70327)
- CVE-2026-24663 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24663)
- CVE-2026-22553 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22553)
- CVE-2026-26222 - 0.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26222)
- CVE-2026-26331 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26331)
- CVE-2026-27498 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27498)
- CVE-2026-21658 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21658)
updated 2026-02-27T14:06:37.987000
1 posts
🔴 CVE-2025-50857 - Critical (9.8)
ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50857/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T14:06:37.987000
1 posts
🟠 CVE-2026-1565 - High (8.8)
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WPUF_Admin_Settings::check_filetype_...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1565/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T14:06:37.987000
1 posts
🟠 CVE-2026-0980 - High (8.3)
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious usern...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0980/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-26T21:32:35
1 posts
🟠 CVE-2026-26682 - High (7.8)
An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26682/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-26T21:32:34
1 posts
🟠 CVE-2026-28136 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through <= 6.9.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28136/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-26T21:31:39
1 posts
🟠 CVE-2026-26938 - High (8.6)
Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery (SSRF) ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26938/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-26T21:31:30
1 posts
🟠 CVE-2025-71057 - High (8.2)
Improper session management in D-Link Wireless N 300 ADSL2+ Modem Router DSL-124 ME_1.00 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71057/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-26T19:55:35
1 posts
🟠 CVE-2026-27888 - High (7.5)
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corre...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27888/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-26T18:32:43
1 posts
🔴 CVE-2026-27849 - Critical (9.8)
Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network.
This issue affects MR9600: 1.0.4.205530; M...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27849/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-26T16:20:02.187000
5 posts
3 repos
https://github.com/zerozenxlabs/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE
Broadcom has an updated advisory for a low-severity vulnerability: Datacom SQL Performance Analyzer 1.2 - Vulnerabilities in Third Party Dependencies https://support.broadcom.com/web/ecx/security-advisory
Updated advisory from Cisco:
Critical: CVE-2026-20127-CWE-287: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk
Also from Cisco: VTK tagged for a zero-day report https://talosintelligence.com/vulnerability_info @TalosSecurity #Cisco #Broadcom #infosec #vulnerability #zeroday
##The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind. https://www.darkreading.com/vulnerabilities-threats/cisco-sd-wan-zero-day-exploitation-3-years
##Broadcom has an updated advisory for a low-severity vulnerability: Datacom SQL Performance Analyzer 1.2 - Vulnerabilities in Third Party Dependencies https://support.broadcom.com/web/ecx/security-advisory
Updated advisory from Cisco:
Critical: CVE-2026-20127-CWE-287: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk
Also from Cisco: VTK tagged for a zero-day report https://talosintelligence.com/vulnerability_info @TalosSecurity #Cisco #Broadcom #infosec #vulnerability #zeroday
##The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind. https://www.darkreading.com/vulnerabilities-threats/cisco-sd-wan-zero-day-exploitation-3-years
##📈 CVE Published in last 7 days (2026-02-23 - 2026-03-02)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 974
Severity:
- Critical: 145
- High: 315
- Medium: 431
- Low: 49
- None: 34
Status:
- : 10
- Analyzed: 435
- Awaiting Analysis: 257
- Modified: 60
- Received: 119
- Rejected: 17
- Undergoing Analysis: 76
Top CNAs:
- GitHub, Inc.: 354
- VulDB: 131
- VulnCheck: 70
- Mozilla Corporation: 52
- ICS-CERT: 51
- MITRE: 34
- Wordfence: 34
- Red Hat, Inc.: 15
- Cisco Systems, Inc.: 15
- GitLab Inc.: 13
Top Affected Products:
- UNKNOWN: 459
- Mozilla Firefox: 52
- Mozilla Thunderbird: 50
- Imagemagick: 34
- Open-emr Openemr: 25
- Copeland Xweb 300d Pro Firmware: 15
- Freerdp: 15
- Copeland Xweb 500b Pro Firmware: 15
- Copeland Xweb 500d Pro Firmware: 15
- Tenda F453 Firmware: 10
Top EPSS Score:
- CVE-2026-3301 - 2.90 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3301)
- CVE-2025-70328 - 2.51 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70328)
- CVE-2026-20127 - 2.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20127)
- CVE-2025-70327 - 1.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70327)
- CVE-2026-24663 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24663)
- CVE-2026-22553 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22553)
- CVE-2026-26222 - 0.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26222)
- CVE-2026-26331 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26331)
- CVE-2026-27498 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27498)
- CVE-2026-21658 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21658)
updated 2026-02-26T16:07:11.047000
1 posts
🚨 EUVD-2026-9347
📊 Score: 10.0/10 (CVSS v3.1)
📦 Product: freescout
🏢 Vendor: freescout-help-desk
📅 Updated: 2026-03-03
📝 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated user with file upload permissions to achieve Remote Code...
##updated 2026-02-26T14:49:01.050000
1 posts
RE: https://infosec.exchange/@geraldcombs/116133603929246605
#Wireshark 4.6.4 resolves 3 denial of service vulnerabilities in the following protocol dissectors:
The new release also includes a bug fix for #JA4 fingerprints of TLS handshakes with odd ALPN values as well as an important update of the #SOCKS parser, which now enables more reliable extraction of data from within SOCKS tunnels.
##updated 2026-02-26T03:31:18
1 posts
📈 CVE Published in last 7 days (2026-02-23 - 2026-03-02)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 974
Severity:
- Critical: 145
- High: 315
- Medium: 431
- Low: 49
- None: 34
Status:
- : 10
- Analyzed: 435
- Awaiting Analysis: 257
- Modified: 60
- Received: 119
- Rejected: 17
- Undergoing Analysis: 76
Top CNAs:
- GitHub, Inc.: 354
- VulDB: 131
- VulnCheck: 70
- Mozilla Corporation: 52
- ICS-CERT: 51
- MITRE: 34
- Wordfence: 34
- Red Hat, Inc.: 15
- Cisco Systems, Inc.: 15
- GitLab Inc.: 13
Top Affected Products:
- UNKNOWN: 459
- Mozilla Firefox: 52
- Mozilla Thunderbird: 50
- Imagemagick: 34
- Open-emr Openemr: 25
- Copeland Xweb 300d Pro Firmware: 15
- Freerdp: 15
- Copeland Xweb 500b Pro Firmware: 15
- Copeland Xweb 500d Pro Firmware: 15
- Tenda F453 Firmware: 10
Top EPSS Score:
- CVE-2026-3301 - 2.90 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3301)
- CVE-2025-70328 - 2.51 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70328)
- CVE-2026-20127 - 2.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20127)
- CVE-2025-70327 - 1.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70327)
- CVE-2026-24663 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24663)
- CVE-2026-22553 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22553)
- CVE-2026-26222 - 0.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26222)
- CVE-2026-26331 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26331)
- CVE-2026-27498 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27498)
- CVE-2026-21658 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21658)
updated 2026-02-26T03:06:04.013000
1 posts
📈 CVE Published in last 7 days (2026-02-23 - 2026-03-02)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 974
Severity:
- Critical: 145
- High: 315
- Medium: 431
- Low: 49
- None: 34
Status:
- : 10
- Analyzed: 435
- Awaiting Analysis: 257
- Modified: 60
- Received: 119
- Rejected: 17
- Undergoing Analysis: 76
Top CNAs:
- GitHub, Inc.: 354
- VulDB: 131
- VulnCheck: 70
- Mozilla Corporation: 52
- ICS-CERT: 51
- MITRE: 34
- Wordfence: 34
- Red Hat, Inc.: 15
- Cisco Systems, Inc.: 15
- GitLab Inc.: 13
Top Affected Products:
- UNKNOWN: 459
- Mozilla Firefox: 52
- Mozilla Thunderbird: 50
- Imagemagick: 34
- Open-emr Openemr: 25
- Copeland Xweb 300d Pro Firmware: 15
- Freerdp: 15
- Copeland Xweb 500b Pro Firmware: 15
- Copeland Xweb 500d Pro Firmware: 15
- Tenda F453 Firmware: 10
Top EPSS Score:
- CVE-2026-3301 - 2.90 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3301)
- CVE-2025-70328 - 2.51 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70328)
- CVE-2026-20127 - 2.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20127)
- CVE-2025-70327 - 1.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70327)
- CVE-2026-24663 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24663)
- CVE-2026-22553 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22553)
- CVE-2026-26222 - 0.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26222)
- CVE-2026-26331 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26331)
- CVE-2026-27498 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27498)
- CVE-2026-21658 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21658)
updated 2026-02-25T19:32:30.417000
1 posts
1 repos
📈 CVE Published in last 7 days (2026-02-23 - 2026-03-02)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 974
Severity:
- Critical: 145
- High: 315
- Medium: 431
- Low: 49
- None: 34
Status:
- : 10
- Analyzed: 435
- Awaiting Analysis: 257
- Modified: 60
- Received: 119
- Rejected: 17
- Undergoing Analysis: 76
Top CNAs:
- GitHub, Inc.: 354
- VulDB: 131
- VulnCheck: 70
- Mozilla Corporation: 52
- ICS-CERT: 51
- MITRE: 34
- Wordfence: 34
- Red Hat, Inc.: 15
- Cisco Systems, Inc.: 15
- GitLab Inc.: 13
Top Affected Products:
- UNKNOWN: 459
- Mozilla Firefox: 52
- Mozilla Thunderbird: 50
- Imagemagick: 34
- Open-emr Openemr: 25
- Copeland Xweb 300d Pro Firmware: 15
- Freerdp: 15
- Copeland Xweb 500b Pro Firmware: 15
- Copeland Xweb 500d Pro Firmware: 15
- Tenda F453 Firmware: 10
Top EPSS Score:
- CVE-2026-3301 - 2.90 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3301)
- CVE-2025-70328 - 2.51 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70328)
- CVE-2026-20127 - 2.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20127)
- CVE-2025-70327 - 1.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70327)
- CVE-2026-24663 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24663)
- CVE-2026-22553 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22553)
- CVE-2026-26222 - 0.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26222)
- CVE-2026-26331 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26331)
- CVE-2026-27498 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27498)
- CVE-2026-21658 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21658)
updated 2026-02-25T15:31:53
1 posts
RE: https://infosec.exchange/@geraldcombs/116133603929246605
#Wireshark 4.6.4 resolves 3 denial of service vulnerabilities in the following protocol dissectors:
The new release also includes a bug fix for #JA4 fingerprints of TLS handshakes with odd ALPN values as well as an important update of the #SOCKS parser, which now enables more reliable extraction of data from within SOCKS tunnels.
##updated 2026-02-25T15:31:43
1 posts
RE: https://infosec.exchange/@geraldcombs/116133603929246605
#Wireshark 4.6.4 resolves 3 denial of service vulnerabilities in the following protocol dissectors:
The new release also includes a bug fix for #JA4 fingerprints of TLS handshakes with odd ALPN values as well as an important update of the #SOCKS parser, which now enables more reliable extraction of data from within SOCKS tunnels.
##updated 2026-02-25T14:32:14.467000
1 posts
12 repos
https://github.com/hamzamalik3461/CVE-2026-20841
https://github.com/atiilla/CVE-2026-20841
https://github.com/RajaUzairAbdullah/CVE-2026-20841
https://github.com/404godd/CVE-2026-20841-PoC
https://github.com/hackfaiz/CVE-2026-20841-PoC
https://github.com/uky007/CVE-2026-20841_notepad_analysis
https://github.com/patchpoint/CVE-2026-20841
https://github.com/dogukankurnaz/CVE-2026-20841-PoC
https://github.com/tangent65536/CVE-2026-20841
https://github.com/BTtea/CVE-2026-20841-PoC
📢 CVE-2026-20841 : exécution de code via liens Markdown dans le Bloc-notes Windows (corrigée)
📝 Selon TrendAI Research Team (extrait d’un rapport TrendAI Research Services), u...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-02-cve-2026-20841-execution-de-code-via-liens-markdown-dans-le-bloc-notes-windows-corrigee/
🌐 source : https://www.zerodayinitiative.com/blog/2026/2/19/cve-2026-20841-arbitrary-code-execution-in-the-windows-notepad
#CVE_2026_20841 #IOC #Cyberveille
updated 2026-02-24T21:38:18.607000
1 posts
📈 CVE Published in last 30 days (2026-01-30 - 2026-03-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 5003
Severity:
- Critical: 448
- High: 1563
- Medium: 2229
- Low: 226
- None: 537
Status:
- : 33
- Analyzed: 2258
- Awaiting Analysis: 2188
- Modified: 155
- Received: 89
- Rejected: 197
- Undergoing Analysis: 83
Top CNAs:
- GitHub, Inc.: 907
- VulnCheck: 572
- VulDB: 519
- Patchstack: 385
- Wordfence: 361
- kernel.org: 259
- MITRE: 217
- Fortinet, Inc.: 102
- Intel Corporation: 84
- Apple Inc.: 76
Top Affected Products:
- UNKNOWN: 2529
- Apple Macos: 64
- Mozilla Firefox: 54
- Mozilla Thunderbird: 51
- Apple Iphone Os: 49
- Apple Ipados: 49
- Openclaw: 35
- Imagemagick: 34
- Microsoft Windows Server 2025: 29
- Comodo Dome Firewall: 29
Top EPSS Score:
- CVE-2026-1731 - 61.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1731)
- CVE-2026-2329 - 41.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2329)
- CVE-2026-22769 - 34.16 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-25108 - 18.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25108)
- CVE-2026-2033 - 15.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2020-37123 - 12.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37123)
- CVE-2026-1603 - 11.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- CVE-2026-1687 - 5.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1687)
- CVE-2020-37088 - 4.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37088)
- CVE-2026-1207 - 4.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1207)
updated 2026-02-24T21:31:51
1 posts
📈 CVE Published in last 7 days (2026-02-23 - 2026-03-02)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 974
Severity:
- Critical: 145
- High: 315
- Medium: 431
- Low: 49
- None: 34
Status:
- : 10
- Analyzed: 435
- Awaiting Analysis: 257
- Modified: 60
- Received: 119
- Rejected: 17
- Undergoing Analysis: 76
Top CNAs:
- GitHub, Inc.: 354
- VulDB: 131
- VulnCheck: 70
- Mozilla Corporation: 52
- ICS-CERT: 51
- MITRE: 34
- Wordfence: 34
- Red Hat, Inc.: 15
- Cisco Systems, Inc.: 15
- GitLab Inc.: 13
Top Affected Products:
- UNKNOWN: 459
- Mozilla Firefox: 52
- Mozilla Thunderbird: 50
- Imagemagick: 34
- Open-emr Openemr: 25
- Copeland Xweb 300d Pro Firmware: 15
- Freerdp: 15
- Copeland Xweb 500b Pro Firmware: 15
- Copeland Xweb 500d Pro Firmware: 15
- Tenda F453 Firmware: 10
Top EPSS Score:
- CVE-2026-3301 - 2.90 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3301)
- CVE-2025-70328 - 2.51 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70328)
- CVE-2026-20127 - 2.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20127)
- CVE-2025-70327 - 1.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-70327)
- CVE-2026-24663 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24663)
- CVE-2026-22553 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22553)
- CVE-2026-26222 - 0.85 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26222)
- CVE-2026-26331 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26331)
- CVE-2026-27498 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27498)
- CVE-2026-21658 - 0.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21658)
updated 2026-02-24T19:30:59.130000
1 posts
1 repos
https://github.com/mcorybillington/CVE-2025-64328_FreePBX-framework-Command-Injection
Over 900 Sangoma FreePBX Instances Compromised via Command Injection Flaw
Sangoma FreePBX is under active attack via CVE-2025-64328. Over 900 instances compromised with installed web shells are detected online.
**If you use FreePBX, plan a very quick update to version 17.0.3 and make sure your admin panel is isolated from the internet. Your FreePBX is already attacked.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/over-900-sangoma-freepbx-instances-compromised-via-command-injection-flaw-i-p-n-q-0/gD2P6Ple2L
updated 2026-02-23T18:14:13.887000
1 posts
📈 CVE Published in last 30 days (2026-01-30 - 2026-03-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 5003
Severity:
- Critical: 448
- High: 1563
- Medium: 2229
- Low: 226
- None: 537
Status:
- : 33
- Analyzed: 2258
- Awaiting Analysis: 2188
- Modified: 155
- Received: 89
- Rejected: 197
- Undergoing Analysis: 83
Top CNAs:
- GitHub, Inc.: 907
- VulnCheck: 572
- VulDB: 519
- Patchstack: 385
- Wordfence: 361
- kernel.org: 259
- MITRE: 217
- Fortinet, Inc.: 102
- Intel Corporation: 84
- Apple Inc.: 76
Top Affected Products:
- UNKNOWN: 2529
- Apple Macos: 64
- Mozilla Firefox: 54
- Mozilla Thunderbird: 51
- Apple Iphone Os: 49
- Apple Ipados: 49
- Openclaw: 35
- Imagemagick: 34
- Microsoft Windows Server 2025: 29
- Comodo Dome Firewall: 29
Top EPSS Score:
- CVE-2026-1731 - 61.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1731)
- CVE-2026-2329 - 41.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2329)
- CVE-2026-22769 - 34.16 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-25108 - 18.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25108)
- CVE-2026-2033 - 15.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2020-37123 - 12.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37123)
- CVE-2026-1603 - 11.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- CVE-2026-1687 - 5.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1687)
- CVE-2020-37088 - 4.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37088)
- CVE-2026-1207 - 4.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1207)
updated 2026-02-20T20:57:50.360000
1 posts
📈 CVE Published in last 30 days (2026-01-30 - 2026-03-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 5003
Severity:
- Critical: 448
- High: 1563
- Medium: 2229
- Low: 226
- None: 537
Status:
- : 33
- Analyzed: 2258
- Awaiting Analysis: 2188
- Modified: 155
- Received: 89
- Rejected: 197
- Undergoing Analysis: 83
Top CNAs:
- GitHub, Inc.: 907
- VulnCheck: 572
- VulDB: 519
- Patchstack: 385
- Wordfence: 361
- kernel.org: 259
- MITRE: 217
- Fortinet, Inc.: 102
- Intel Corporation: 84
- Apple Inc.: 76
Top Affected Products:
- UNKNOWN: 2529
- Apple Macos: 64
- Mozilla Firefox: 54
- Mozilla Thunderbird: 51
- Apple Iphone Os: 49
- Apple Ipados: 49
- Openclaw: 35
- Imagemagick: 34
- Microsoft Windows Server 2025: 29
- Comodo Dome Firewall: 29
Top EPSS Score:
- CVE-2026-1731 - 61.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1731)
- CVE-2026-2329 - 41.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2329)
- CVE-2026-22769 - 34.16 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-25108 - 18.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25108)
- CVE-2026-2033 - 15.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2020-37123 - 12.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37123)
- CVE-2026-1603 - 11.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- CVE-2026-1687 - 5.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1687)
- CVE-2020-37088 - 4.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37088)
- CVE-2026-1207 - 4.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1207)
updated 2026-02-19T16:09:15.480000
1 posts
1 repos
IBM Patches Critical Remote Code Execution Flaws in QRadar SIEM
IBM patched 11 vulnerabilities in QRadar SIEM 7.5.0, including a critical net-snmp flaw (CVE-2025-68615) that allows unauthenticated remote attackers to crash the system or execute arbitrary code.
**If you are using IBM QRadar 7.5.0 branch, review its exposure to untrusted networks, then plan a patch cycle. It's not urgent especially if your SIEM is properly isolated, but should not be ignored.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ibm-patches-critical-remote-code-execution-flaws-in-qradar-siem-x-k-v-g-z/gD2P6Ple2L
updated 2026-02-18T18:31:27
4 posts
https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device
##https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device
##TPM-Sniffing LUKS Keys on an Embedded Linux Device [CVE-2026-0714] https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device
##updated 2026-02-18T18:30:35
1 posts
📈 CVE Published in last 30 days (2026-01-30 - 2026-03-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 5003
Severity:
- Critical: 448
- High: 1563
- Medium: 2229
- Low: 226
- None: 537
Status:
- : 33
- Analyzed: 2258
- Awaiting Analysis: 2188
- Modified: 155
- Received: 89
- Rejected: 197
- Undergoing Analysis: 83
Top CNAs:
- GitHub, Inc.: 907
- VulnCheck: 572
- VulDB: 519
- Patchstack: 385
- Wordfence: 361
- kernel.org: 259
- MITRE: 217
- Fortinet, Inc.: 102
- Intel Corporation: 84
- Apple Inc.: 76
Top Affected Products:
- UNKNOWN: 2529
- Apple Macos: 64
- Mozilla Firefox: 54
- Mozilla Thunderbird: 51
- Apple Iphone Os: 49
- Apple Ipados: 49
- Openclaw: 35
- Imagemagick: 34
- Microsoft Windows Server 2025: 29
- Comodo Dome Firewall: 29
Top EPSS Score:
- CVE-2026-1731 - 61.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1731)
- CVE-2026-2329 - 41.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2329)
- CVE-2026-22769 - 34.16 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-25108 - 18.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25108)
- CVE-2026-2033 - 15.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2020-37123 - 12.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37123)
- CVE-2026-1603 - 11.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- CVE-2026-1687 - 5.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1687)
- CVE-2020-37088 - 4.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37088)
- CVE-2026-1207 - 4.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1207)
updated 2026-02-17T15:31:33
1 posts
5 repos
https://github.com/jakubie07/CVE-2026-1731
https://github.com/cybrdude/cve-2026-1731-scanner
https://github.com/win3zz/CVE-2026-1731
📈 CVE Published in last 30 days (2026-01-30 - 2026-03-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 5003
Severity:
- Critical: 448
- High: 1563
- Medium: 2229
- Low: 226
- None: 537
Status:
- : 33
- Analyzed: 2258
- Awaiting Analysis: 2188
- Modified: 155
- Received: 89
- Rejected: 197
- Undergoing Analysis: 83
Top CNAs:
- GitHub, Inc.: 907
- VulnCheck: 572
- VulDB: 519
- Patchstack: 385
- Wordfence: 361
- kernel.org: 259
- MITRE: 217
- Fortinet, Inc.: 102
- Intel Corporation: 84
- Apple Inc.: 76
Top Affected Products:
- UNKNOWN: 2529
- Apple Macos: 64
- Mozilla Firefox: 54
- Mozilla Thunderbird: 51
- Apple Iphone Os: 49
- Apple Ipados: 49
- Openclaw: 35
- Imagemagick: 34
- Microsoft Windows Server 2025: 29
- Comodo Dome Firewall: 29
Top EPSS Score:
- CVE-2026-1731 - 61.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1731)
- CVE-2026-2329 - 41.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2329)
- CVE-2026-22769 - 34.16 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-25108 - 18.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25108)
- CVE-2026-2033 - 15.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2020-37123 - 12.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37123)
- CVE-2026-1603 - 11.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- CVE-2026-1687 - 5.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1687)
- CVE-2020-37088 - 4.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37088)
- CVE-2026-1207 - 4.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1207)
updated 2026-02-13T21:25:07.227000
1 posts
18 repos
https://github.com/silent6trinity/looney-tuneables
https://github.com/guffre/CVE-2023-4911
https://github.com/KillReal01/CVE-2023-4911
https://github.com/Diego-AltF4/CVE-2023-4911
https://github.com/KernelKrise/CVE-2023-4911
https://github.com/Billar42/CVE-2023-4911
https://github.com/teraGL/looneyCVE
https://github.com/NishanthAnand21/CVE-2023-4911-PoC
https://github.com/snurkeburk/Looney-Tunables
https://github.com/RickdeJager/CVE-2023-4911
https://github.com/Aryan20057/CVE-2023-4911
https://github.com/xiaoQ1z/CVE-2023-4911
https://github.com/puckiestyle/CVE-2023-4911
https://github.com/chaudharyarjun/LooneyPwner
https://github.com/Green-Avocado/CVE-2023-4911
https://github.com/leesh3288/CVE-2023-4911
https://github.com/hadrian3689/looney-tunables-CVE-2023-4911
#OT #Advisory VDE-2026-002
Endress+Hauser: buffer overflow in glibc ld.so leading to privilege escalation
A vulnerability has been identified in WAGO devices utilized in Endress+Hauser IoT solutions. WAGO has provided fixes for these vulnerabilities, which have been integrated into the solutions by Endress+Hauser.
#CVE CVE-2023-4911
https://certvde.com/en/advisories/vde-2026-002/
#oCSAF
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-002.json
updated 2026-02-11T15:40:42.937000
4 posts
63 repos
https://github.com/Parad0x7e/CVE-2026-24061
https://github.com/tiborscholtz/CVE-2026-24061
https://github.com/BrainBob/CVE-2026-24061
https://github.com/scumfrog/cve-2026-24061
https://github.com/leonjza/inetutils-telnetd-auth-bypass
https://github.com/lavabyte/telnet-CVE-2026-24061
https://github.com/Chocapikk/CVE-2026-24061
https://github.com/JayGLXR/CVE-2026-24061-POC
https://github.com/monstertsl/CVE-2026-24061
https://github.com/m3ngx1ng/cve_2026_24061_cli
https://github.com/r00tuser111/CVE-2026-24061
https://github.com/obrunolima1910/CVE-2026-24061
https://github.com/MY0723/GNU-Inetutils-telnet-CVE-2026-24061-
https://github.com/nrnw/CVE-2026-24061-GNU-inetutils-Telnet-Detector
https://github.com/Mefhika120/Ashwesker-CVE-2026-24061
https://github.com/h3athen/CVE-2026-24061
https://github.com/FurkanKAYAPINAR/CVE-2026-24061-telnet2root
https://github.com/madfxr/Twenty-Three-Scanner
https://github.com/ms0x08-dev/CVE-2026-24061-POC
https://github.com/androidteacher/CVE-2026-24061-PoC-Telnetd
https://github.com/hilwa24/CVE-2026-24061
https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061
https://github.com/Ali-brarou/telnest
https://github.com/shivam-bathla/CVE-2026-24061-setup
https://github.com/infat0x/CVE-2026-24061
https://github.com/z3n70/CVE-2026-24061
https://github.com/Remnant-DB/CVE-2026-24061
https://github.com/cumakurt/tscan
https://github.com/killsystema/scan-cve-2026-24061
https://github.com/XsanFlip/CVE-2026-24061-Scanner
https://github.com/0x7556/CVE-2026-24061
https://github.com/yanxinwu946/CVE-2026-24061--telnetd
https://github.com/hyu164/Terrminus-CVE-2026-2406
https://github.com/BrainBob/Telnet-TestVuln-CVE-2026-24061
https://github.com/dotelpenguin/telnetd_CVE-2026-24061_tester
https://github.com/Gabs-hub/CVE-2026-24061_Lab
https://github.com/punitdarji/telnetd-cve-2026-24061
https://github.com/ilostmypassword/Melissae
https://github.com/SeptembersEND/CVE--2026-24061
https://github.com/hackingyseguridad/root
https://github.com/canpilayda/inetutils-telnetd-cve-2026-24061
https://github.com/setuju/telnetd
https://github.com/buzz075/CVE-2026-24061
https://github.com/parameciumzhang/Tell-Me-Root
https://github.com/ibrahmsql/CVE-2026-24061-PoC
https://github.com/Mr-Zapi/CVE-2026-24061
https://github.com/LucasPDiniz/CVE-2026-24061
https://github.com/Alter-N0X/CVE-2026-24061-POC
https://github.com/X-croot/CVE-2026-24061_POC
https://github.com/typeconfused/CVE-2026-24061
https://github.com/ridpath/Terrminus-CVE-2026-2406
https://github.com/duy-31/CVE-2026-24061---telnetd
https://github.com/Lingzesec/CVE-2026-24061-GUI
https://github.com/TryA9ain/CVE-2026-24061
https://github.com/balgan/CVE-2026-24061
https://github.com/novitahk/Exploit-CVE-2026-24061
https://github.com/SafeBreach-Labs/CVE-2026-24061
https://github.com/midox008/CVE-2026-24061
https://github.com/franckferman/CVE_2026_24061_PoC
https://github.com/xuemian168/CVE-2026-24061
New.
Picus: CVE-2026-24061: Critical Telnetd Flaw Grants Root Access https://www.picussecurity.com/resource/blog/cve-2026-24061-critical-telnetd-flaw-grants-root-access #infosec #vulnerability #threatresearch
##February was about moving from detection to proof.
Here are the top updates in Pentest-Tools.com:
🧪 New research hub - we launched the Offensive Security Research Hub to share original 0-day research, working PoCs, and technical exploit chains built by our own team.
🔐 ISO 27001 certified - we are officially ISO/IEC 27001:2022 certified, providing verified assurance for your sensitive findings.
🎯 One-click RCE validation - Sniper: Auto-Exploiter now supports controlled exploitation for Telnet (CVE-2026-24061) and Ivanti EPMM (CVE-2026-1281) for confirmed proof-of-impact.
🛡️ New detection: Redis RCE - identify exploitable Redis instances (CVE-2025-62507) across internet-facing and internal segments.
🧭 Granular scan logs - Website and API Scanners now display discoveries in the console output in real-time.
Catch the full breakdown in the video or in this link: https://pentest-tools.com/change-log
Until next time: Stay sharp. Stay human.
#OffensiveSecurity #EthicalHacking #Infosec #VulnerabilityManagement #ISO27001
##New.
Picus: CVE-2026-24061: Critical Telnetd Flaw Grants Root Access https://www.picussecurity.com/resource/blog/cve-2026-24061-critical-telnetd-flaw-grants-root-access #infosec #vulnerability #threatresearch
##February was about moving from detection to proof.
Here are the top updates in Pentest-Tools.com:
🧪 New research hub - we launched the Offensive Security Research Hub to share original 0-day research, working PoCs, and technical exploit chains built by our own team.
🔐 ISO 27001 certified - we are officially ISO/IEC 27001:2022 certified, providing verified assurance for your sensitive findings.
🎯 One-click RCE validation - Sniper: Auto-Exploiter now supports controlled exploitation for Telnet (CVE-2026-24061) and Ivanti EPMM (CVE-2026-1281) for confirmed proof-of-impact.
🛡️ New detection: Redis RCE - identify exploitable Redis instances (CVE-2025-62507) across internet-facing and internal segments.
🧭 Granular scan logs - Website and API Scanners now display discoveries in the console output in real-time.
Catch the full breakdown in the video or in this link: https://pentest-tools.com/change-log
Until next time: Stay sharp. Stay human.
#OffensiveSecurity #EthicalHacking #Infosec #VulnerabilityManagement #ISO27001
##updated 2026-02-10T21:31:29
2 posts
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
https://thehackernews.com/2026/03/apt28-tied-to-cve-2026-21513-mshtml-0.html
##Urgent APT28 Cyber Attack Tied to MSHTML 0-Day
APT28 linked to CVE-2026-21513 MSHTML 0-day exploit. Urgent action is needed to mitigate cyber attack risks and protect sensitive data.
Read more: https://api.thefinancialstandard.com/apt28-cyber-attack/
##updated 2026-02-10T18:30:49
1 posts
📈 CVE Published in last 30 days (2026-01-30 - 2026-03-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 5003
Severity:
- Critical: 448
- High: 1563
- Medium: 2229
- Low: 226
- None: 537
Status:
- : 33
- Analyzed: 2258
- Awaiting Analysis: 2188
- Modified: 155
- Received: 89
- Rejected: 197
- Undergoing Analysis: 83
Top CNAs:
- GitHub, Inc.: 907
- VulnCheck: 572
- VulDB: 519
- Patchstack: 385
- Wordfence: 361
- kernel.org: 259
- MITRE: 217
- Fortinet, Inc.: 102
- Intel Corporation: 84
- Apple Inc.: 76
Top Affected Products:
- UNKNOWN: 2529
- Apple Macos: 64
- Mozilla Firefox: 54
- Mozilla Thunderbird: 51
- Apple Iphone Os: 49
- Apple Ipados: 49
- Openclaw: 35
- Imagemagick: 34
- Microsoft Windows Server 2025: 29
- Comodo Dome Firewall: 29
Top EPSS Score:
- CVE-2026-1731 - 61.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1731)
- CVE-2026-2329 - 41.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2329)
- CVE-2026-22769 - 34.16 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-25108 - 18.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25108)
- CVE-2026-2033 - 15.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2020-37123 - 12.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37123)
- CVE-2026-1603 - 11.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- CVE-2026-1687 - 5.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1687)
- CVE-2020-37088 - 4.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37088)
- CVE-2026-1207 - 4.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1207)
updated 2026-02-10T15:14:03.207000
1 posts
📈 CVE Published in last 30 days (2026-01-30 - 2026-03-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 5003
Severity:
- Critical: 448
- High: 1563
- Medium: 2229
- Low: 226
- None: 537
Status:
- : 33
- Analyzed: 2258
- Awaiting Analysis: 2188
- Modified: 155
- Received: 89
- Rejected: 197
- Undergoing Analysis: 83
Top CNAs:
- GitHub, Inc.: 907
- VulnCheck: 572
- VulDB: 519
- Patchstack: 385
- Wordfence: 361
- kernel.org: 259
- MITRE: 217
- Fortinet, Inc.: 102
- Intel Corporation: 84
- Apple Inc.: 76
Top Affected Products:
- UNKNOWN: 2529
- Apple Macos: 64
- Mozilla Firefox: 54
- Mozilla Thunderbird: 51
- Apple Iphone Os: 49
- Apple Ipados: 49
- Openclaw: 35
- Imagemagick: 34
- Microsoft Windows Server 2025: 29
- Comodo Dome Firewall: 29
Top EPSS Score:
- CVE-2026-1731 - 61.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1731)
- CVE-2026-2329 - 41.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2329)
- CVE-2026-22769 - 34.16 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-25108 - 18.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25108)
- CVE-2026-2033 - 15.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2020-37123 - 12.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37123)
- CVE-2026-1603 - 11.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- CVE-2026-1687 - 5.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1687)
- CVE-2020-37088 - 4.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37088)
- CVE-2026-1207 - 4.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1207)
updated 2026-02-05T18:30:36
1 posts
📈 CVE Published in last 30 days (2026-01-30 - 2026-03-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 5003
Severity:
- Critical: 448
- High: 1563
- Medium: 2229
- Low: 226
- None: 537
Status:
- : 33
- Analyzed: 2258
- Awaiting Analysis: 2188
- Modified: 155
- Received: 89
- Rejected: 197
- Undergoing Analysis: 83
Top CNAs:
- GitHub, Inc.: 907
- VulnCheck: 572
- VulDB: 519
- Patchstack: 385
- Wordfence: 361
- kernel.org: 259
- MITRE: 217
- Fortinet, Inc.: 102
- Intel Corporation: 84
- Apple Inc.: 76
Top Affected Products:
- UNKNOWN: 2529
- Apple Macos: 64
- Mozilla Firefox: 54
- Mozilla Thunderbird: 51
- Apple Iphone Os: 49
- Apple Ipados: 49
- Openclaw: 35
- Imagemagick: 34
- Microsoft Windows Server 2025: 29
- Comodo Dome Firewall: 29
Top EPSS Score:
- CVE-2026-1731 - 61.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1731)
- CVE-2026-2329 - 41.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2329)
- CVE-2026-22769 - 34.16 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-25108 - 18.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25108)
- CVE-2026-2033 - 15.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2020-37123 - 12.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37123)
- CVE-2026-1603 - 11.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- CVE-2026-1687 - 5.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1687)
- CVE-2020-37088 - 4.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37088)
- CVE-2026-1207 - 4.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1207)
updated 2026-02-04T00:30:40
1 posts
📈 CVE Published in last 30 days (2026-01-30 - 2026-03-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 5003
Severity:
- Critical: 448
- High: 1563
- Medium: 2229
- Low: 226
- None: 537
Status:
- : 33
- Analyzed: 2258
- Awaiting Analysis: 2188
- Modified: 155
- Received: 89
- Rejected: 197
- Undergoing Analysis: 83
Top CNAs:
- GitHub, Inc.: 907
- VulnCheck: 572
- VulDB: 519
- Patchstack: 385
- Wordfence: 361
- kernel.org: 259
- MITRE: 217
- Fortinet, Inc.: 102
- Intel Corporation: 84
- Apple Inc.: 76
Top Affected Products:
- UNKNOWN: 2529
- Apple Macos: 64
- Mozilla Firefox: 54
- Mozilla Thunderbird: 51
- Apple Iphone Os: 49
- Apple Ipados: 49
- Openclaw: 35
- Imagemagick: 34
- Microsoft Windows Server 2025: 29
- Comodo Dome Firewall: 29
Top EPSS Score:
- CVE-2026-1731 - 61.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1731)
- CVE-2026-2329 - 41.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2329)
- CVE-2026-22769 - 34.16 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-25108 - 18.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25108)
- CVE-2026-2033 - 15.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2020-37123 - 12.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37123)
- CVE-2026-1603 - 11.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- CVE-2026-1687 - 5.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1687)
- CVE-2020-37088 - 4.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37088)
- CVE-2026-1207 - 4.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1207)
updated 2026-02-03T19:32:57
1 posts
📈 CVE Published in last 30 days (2026-01-30 - 2026-03-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 5003
Severity:
- Critical: 448
- High: 1563
- Medium: 2229
- Low: 226
- None: 537
Status:
- : 33
- Analyzed: 2258
- Awaiting Analysis: 2188
- Modified: 155
- Received: 89
- Rejected: 197
- Undergoing Analysis: 83
Top CNAs:
- GitHub, Inc.: 907
- VulnCheck: 572
- VulDB: 519
- Patchstack: 385
- Wordfence: 361
- kernel.org: 259
- MITRE: 217
- Fortinet, Inc.: 102
- Intel Corporation: 84
- Apple Inc.: 76
Top Affected Products:
- UNKNOWN: 2529
- Apple Macos: 64
- Mozilla Firefox: 54
- Mozilla Thunderbird: 51
- Apple Iphone Os: 49
- Apple Ipados: 49
- Openclaw: 35
- Imagemagick: 34
- Microsoft Windows Server 2025: 29
- Comodo Dome Firewall: 29
Top EPSS Score:
- CVE-2026-1731 - 61.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1731)
- CVE-2026-2329 - 41.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2329)
- CVE-2026-22769 - 34.16 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-25108 - 18.59 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25108)
- CVE-2026-2033 - 15.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2020-37123 - 12.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37123)
- CVE-2026-1603 - 11.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- CVE-2026-1687 - 5.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1687)
- CVE-2020-37088 - 4.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2020-37088)
- CVE-2026-1207 - 4.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1207)
updated 2026-02-02T03:31:18
1 posts
ASUS has a new security advisory relating to CVE-2025-13348, a high-severity vulnerability:
Security Update for ASUS Business Manager https://www.asus.com/security-advisory/ #infosec #vulnerability #ASUS
##updated 2026-01-30T13:28:18.610000
2 posts
2 repos
https://github.com/YunfeiGE18/CVE-2026-1281-CVE-2026-1340-Ivanti-EPMM-RCE
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
February was about moving from detection to proof.
Here are the top updates in Pentest-Tools.com:
🧪 New research hub - we launched the Offensive Security Research Hub to share original 0-day research, working PoCs, and technical exploit chains built by our own team.
🔐 ISO 27001 certified - we are officially ISO/IEC 27001:2022 certified, providing verified assurance for your sensitive findings.
🎯 One-click RCE validation - Sniper: Auto-Exploiter now supports controlled exploitation for Telnet (CVE-2026-24061) and Ivanti EPMM (CVE-2026-1281) for confirmed proof-of-impact.
🛡️ New detection: Redis RCE - identify exploitable Redis instances (CVE-2025-62507) across internet-facing and internal segments.
🧭 Granular scan logs - Website and API Scanners now display discoveries in the console output in real-time.
Catch the full breakdown in the video or in this link: https://pentest-tools.com/change-log
Until next time: Stay sharp. Stay human.
#OffensiveSecurity #EthicalHacking #Infosec #VulnerabilityManagement #ISO27001
##February was about moving from detection to proof.
Here are the top updates in Pentest-Tools.com:
🧪 New research hub - we launched the Offensive Security Research Hub to share original 0-day research, working PoCs, and technical exploit chains built by our own team.
🔐 ISO 27001 certified - we are officially ISO/IEC 27001:2022 certified, providing verified assurance for your sensitive findings.
🎯 One-click RCE validation - Sniper: Auto-Exploiter now supports controlled exploitation for Telnet (CVE-2026-24061) and Ivanti EPMM (CVE-2026-1281) for confirmed proof-of-impact.
🛡️ New detection: Redis RCE - identify exploitable Redis instances (CVE-2025-62507) across internet-facing and internal segments.
🧭 Granular scan logs - Website and API Scanners now display discoveries in the console output in real-time.
Catch the full breakdown in the video or in this link: https://pentest-tools.com/change-log
Until next time: Stay sharp. Stay human.
#OffensiveSecurity #EthicalHacking #Infosec #VulnerabilityManagement #ISO27001
##updated 2026-01-21T21:40:20
2 posts
2 repos
📢 Claude Code: RCE et exfiltration de clés API via fichiers de projet (CVE-2025-59536, CVE-2026-21852), failles corrigées
📝 Selon C...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-02-claude-code-rce-et-exfiltration-de-cles-api-via-fichiers-de-projet-cve-2025-59536-cve-2026-21852-failles-corrigees/
🌐 source : https://research.checkpoint.com/2026/rce-and-api-token-exfiltration-through-claude-code-project-files-cve-2025-59536/
#CVE_2025_59536 #CVE_2026_21852 #Cyberveille
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852
#CVE_2025_59536 #CVE_2026_21852 #ClaudeCode
https://research.checkpoint.com/2026/rce-and-api-token-exfiltration-through-claude-code-project-files-cve-2025-59536/
updated 2026-01-20T19:03:30
2 posts
Mailpit SSRF Vulnerability Exploited in Targeted Attacks
Mailpit versions 1.28.0 and earlier are vulnerable to a Server-Side Request Forgery (SSRF) flaw (CVE-2026-21859) that allows attackers to probe internal networks and access sensitive cloud metadata. CrowdSec reports active, intelligence-driven exploitation attempts targeting the /proxy endpoint.
**Ensure development tools like Mailpit are never exposed to the public internet without strict authentication and network segmentation. If you are using Mailpit make sure it's isolated and update ASAP to version 1.28.1. These tools are already attacked and attacks will only get worse.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/mailpit-ssrf-vulnerability-cve-2026-21859-exploited-in-targeted-attacks-3-h-o-g-u/gD2P6Ple2L
Mailpit SSRF Vulnerability Exploited in Targeted Attacks
Mailpit versions 1.28.0 and earlier are vulnerable to a Server-Side Request Forgery (SSRF) flaw (CVE-2026-21859) that allows attackers to probe internal networks and access sensitive cloud metadata. CrowdSec reports active, intelligence-driven exploitation attempts targeting the /proxy endpoint.
**Ensure development tools like Mailpit are never exposed to the public internet without strict authentication and network segmentation. If you are using Mailpit make sure it's isolated and update ASAP to version 1.28.1. These tools are already attacked and attacks will only get worse.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/mailpit-ssrf-vulnerability-cve-2026-21859-exploited-in-targeted-attacks-3-h-o-g-u/gD2P6Ple2L
updated 2026-01-12T16:48:33.560000
5 posts
2 repos
⚠️ THREAT INTELLIGENCE
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Vulnerability | HIGH
CVEs: CVE-2026-0628, CVE-2026-21385
Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm...
Full analysis:
https://yazoul.net/news/news/new-chrome-vulnerability-let-malicious-extensions-escalate-privileges-via-gemini
The flaw, tracked as CVE-2026-0628, was uncovered by researchers at Palo Alto Networks' Unit 42 who found that rogue Chrome extensions could manipulate how the browser handled requests to the embedded Gemini Live side panel. https://www.theregister.com/2026/03/03/google_chrome_bug_gemini/
##📰 Критична вразливість Chrome дозволяє шкідливим розширенням шпигувати за користувачами через Gemini
CyberCalm Критична вразливість Chrome дозволяє шкідливим розширенням шпигувати за користувачами через Gemini Дослідники з безпеки виявили вразливість високого ступеня небезпеки у функції Gemini браузера Google Chrome. Вона дозволяє зловмисникам...
🔗 https://cybercalm.org/krytychna-vrazlyvist-chrome-cve-2026-0628/
##Chrome’s Gemini Live Side Panel Exposed a Silent Spy Tool — Millions at Risk Before Patch
Introduction: A Browser Feature Turned Into a Surveillance Gateway A newly disclosed security flaw in Google Chrome has raised fresh concerns about how deeply browser extensions can penetrate user privacy. The issue, tracked as CVE-2026-0628, affected Chrome’s Gemini Live side panel and allowed malicious extensions to operate far beyond their intended permissions. For a period of…
##The flaw, tracked as CVE-2026-0628, was uncovered by researchers at Palo Alto Networks' Unit 42 who found that rogue Chrome extensions could manipulate how the browser handled requests to the embedded Gemini Live side panel. https://www.theregister.com/2026/03/03/google_chrome_bug_gemini/
##updated 2026-01-07T16:57:56.077000
2 posts
A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets https://lobste.rs/s/1mya3a #linux #security
https://blog.calif.io/p/a-race-within-a-race-exploiting-cve
A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets https://lobste.rs/s/1mya3a #linux #security
https://blog.calif.io/p/a-race-within-a-race-exploiting-cve
updated 2025-10-22T21:12:32.330000
2 posts
Dell has a new advisory:
CVE-2025-23299: Security Update for NVIDIA Bluefield and ConnectX Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000435005/dsa-2026-121-security-update-for-nvidia-bluefield-and-connectx-vulnerabilities #Dell #infosec #vulnerability #Nvidia
##Dell has a new advisory:
CVE-2025-23299: Security Update for NVIDIA Bluefield and ConnectX Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000435005/dsa-2026-121-security-update-for-nvidia-bluefield-and-connectx-vulnerabilities #Dell #infosec #vulnerability #Nvidia
##updated 2025-10-20T16:04:04.377000
1 posts
🚨 New Exploit: WeGIA 3.5.0 - SQL Injection
📋 CVE: CVE-2025-62360
👤 Author: onurdemir
🔗 https://www.exploit-db.com/exploits/52483
#ExploitDB #InfoSec #CyberSecurity #CVE-2025-62360
##updated 2025-10-14T18:31:29
1 posts
CVE-2025-11462 AWS ClientVPN macOS Client Local Privilege Escalation
Bulletin ID: AWS-2025-020 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and ...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-020/
##updated 2025-10-03T14:16:36
2 posts
📢 Claude Code: RCE et exfiltration de clés API via fichiers de projet (CVE-2025-59536, CVE-2026-21852), failles corrigées
📝 Selon C...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-02-claude-code-rce-et-exfiltration-de-cles-api-via-fichiers-de-projet-cve-2025-59536-cve-2026-21852-failles-corrigees/
🌐 source : https://research.checkpoint.com/2026/rce-and-api-token-exfiltration-through-claude-code-project-files-cve-2025-59536/
#CVE_2025_59536 #CVE_2026_21852 #Cyberveille
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852
#CVE_2025_59536 #CVE_2026_21852 #ClaudeCode
https://research.checkpoint.com/2026/rce-and-api-token-exfiltration-through-claude-code-project-files-cve-2025-59536/
updated 2025-04-20T01:37:25.860000
1 posts
2 repos
@oraclejmt you're not wrong - the article is all about CVE-2017-13089 :)
##updated 2024-11-21T08:44:05.137000
1 posts
4 repos
https://github.com/cc3305/CVE-2023-6553
https://github.com/Chocapikk/CVE-2023-6553
🚨 New Exploit: WordPress Backup Migration 1.3.7 - Remote Command Execution
📋 CVE: CVE-2023-6553
👤 Author: dangwenjing
🔗 https://www.exploit-db.com/exploits/52486
#ExploitDB #InfoSec #CyberSecurity #CVE-2023-6553
##updated 2024-04-04T08:32:52
1 posts
1 repos
@tiraniddo Finally, the post I waited for. Back in 2023 I searched for a UAC bypass that is compatible with "always notify" and Windows 10 upwards to complete my chain for any Windows UAC bypass. I used your token reading UAC bypass as a base for older Windows systems. Then I just found CVE-2023-41772 by accident. So this route was burned or at least I thought it was. Then I tried to find a UIAccess bypass and it worked again. That was the moment where I knew not auto-elevate but UIAccess is (and will be) the biggest weakness of UAC. Even without GetProcessHandleFromHwnd there are more options like CSRSS activation cache poisoning, COM injection, abusing WER, ...
As far as I have seen the newest version of administrator protection still has at least one bug, that let's you bypass it, but after the chaos of the first "release", I will rather wait for the full release.
Anyway the PPL bypass might be fixed, but I have another PPL bypass that is "fixed" in 24H2 but still works on 25H2 and preview. The bug is simple, but (unique) exploitation is so dumb, I don't know what to say ... 😅
##updated 2023-11-07T05:05:15
1 posts
🚨 New Exploit: Boss Mini v1.4.0 - Local File Inclusion (LFI)
📋 CVE: CVE-2023-3643
👤 Author: andersoncezar048
🔗 https://www.exploit-db.com/exploits/52482
#ExploitDB #InfoSec #CyberSecurity #CVE-2023-3643
##updated 2023-11-07T05:01:24
1 posts
This week's biggest security fails include the emergence of Hot Dog Bots that can devour a 12-oz bun in under 8 minutes, but what's less funny is the alarming rate of exploited vulnerabilities like the recently patched CVE-2023-4116 in Windows Server.
Meanwhile,...
Read more: https://steelefortress.com/o629yr
##Critical RCE and SSRF Vulnerabilities Discovered in Popular mcp-atlassian Server
mcp-atlassian versions before 0.17.0 contain vulnerabilities (CVE-2026-27825 and CVE-2026-27826) that allow unauthenticated attackers to execute remote code and perform SSRF attacks by exploiting missing path validation and insecure header handling.
**If you use mcp-atlassian, update to version 0.17.0 ASAP. Since these servers run with high privileges and no authentication by default, network isolation is your first defense against unauthorized access and lateral movement withing environments.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-and-ssrf-vulnerabilities-discovered-in-popular-mcp-atlassian-server-m-l-c-6-g/gD2P6Ple2L
Critical RCE and SSRF Vulnerabilities Discovered in Popular mcp-atlassian Server
mcp-atlassian versions before 0.17.0 contain vulnerabilities (CVE-2026-27825 and CVE-2026-27826) that allow unauthenticated attackers to execute remote code and perform SSRF attacks by exploiting missing path validation and insecure header handling.
**If you use mcp-atlassian, update to version 0.17.0 ASAP. Since these servers run with high privileges and no authentication by default, network isolation is your first defense against unauthorized access and lateral movement withing environments.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-and-ssrf-vulnerabilities-discovered-in-popular-mcp-atlassian-server-m-l-c-6-g/gD2P6Ple2L
Critical RCE and SSRF Vulnerabilities Discovered in Popular mcp-atlassian Server
mcp-atlassian versions before 0.17.0 contain vulnerabilities (CVE-2026-27825 and CVE-2026-27826) that allow unauthenticated attackers to execute remote code and perform SSRF attacks by exploiting missing path validation and insecure header handling.
**If you use mcp-atlassian, update to version 0.17.0 ASAP. Since these servers run with high privileges and no authentication by default, network isolation is your first defense against unauthorized access and lateral movement withing environments.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-and-ssrf-vulnerabilities-discovered-in-popular-mcp-atlassian-server-m-l-c-6-g/gD2P6Ple2L
Critical RCE and SSRF Vulnerabilities Discovered in Popular mcp-atlassian Server
mcp-atlassian versions before 0.17.0 contain vulnerabilities (CVE-2026-27825 and CVE-2026-27826) that allow unauthenticated attackers to execute remote code and perform SSRF attacks by exploiting missing path validation and insecure header handling.
**If you use mcp-atlassian, update to version 0.17.0 ASAP. Since these servers run with high privileges and no authentication by default, network isolation is your first defense against unauthorized access and lateral movement withing environments.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-and-ssrf-vulnerabilities-discovered-in-popular-mcp-atlassian-server-m-l-c-6-g/gD2P6Ple2L
2 posts
1 repos
https://github.com/Network-Sec/CVE-2025-62507-Buffer-Overflow_PoC
February was about moving from detection to proof.
Here are the top updates in Pentest-Tools.com:
🧪 New research hub - we launched the Offensive Security Research Hub to share original 0-day research, working PoCs, and technical exploit chains built by our own team.
🔐 ISO 27001 certified - we are officially ISO/IEC 27001:2022 certified, providing verified assurance for your sensitive findings.
🎯 One-click RCE validation - Sniper: Auto-Exploiter now supports controlled exploitation for Telnet (CVE-2026-24061) and Ivanti EPMM (CVE-2026-1281) for confirmed proof-of-impact.
🛡️ New detection: Redis RCE - identify exploitable Redis instances (CVE-2025-62507) across internet-facing and internal segments.
🧭 Granular scan logs - Website and API Scanners now display discoveries in the console output in real-time.
Catch the full breakdown in the video or in this link: https://pentest-tools.com/change-log
Until next time: Stay sharp. Stay human.
#OffensiveSecurity #EthicalHacking #Infosec #VulnerabilityManagement #ISO27001
##February was about moving from detection to proof.
Here are the top updates in Pentest-Tools.com:
🧪 New research hub - we launched the Offensive Security Research Hub to share original 0-day research, working PoCs, and technical exploit chains built by our own team.
🔐 ISO 27001 certified - we are officially ISO/IEC 27001:2022 certified, providing verified assurance for your sensitive findings.
🎯 One-click RCE validation - Sniper: Auto-Exploiter now supports controlled exploitation for Telnet (CVE-2026-24061) and Ivanti EPMM (CVE-2026-1281) for confirmed proof-of-impact.
🛡️ New detection: Redis RCE - identify exploitable Redis instances (CVE-2025-62507) across internet-facing and internal segments.
🧭 Granular scan logs - Website and API Scanners now display discoveries in the console output in real-time.
Catch the full breakdown in the video or in this link: https://pentest-tools.com/change-log
Until next time: Stay sharp. Stay human.
#OffensiveSecurity #EthicalHacking #Infosec #VulnerabilityManagement #ISO27001
##1 posts
2 repos
🚨 New Exploit: mailcow 2025-01a - Host Header Password Reset Poisoning
📋 CVE: CVE-2025-25198
👤 Author: alvarez
🔗 https://www.exploit-db.com/exploits/52485
#ExploitDB #InfoSec #CyberSecurity #CVE-2025-25198
##Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338)
Bulletin ID: 2026-005-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/03/02 14:30 PM PST
Description:
AWS-LC is an open-source, general-purpose cryptographic library. We identified three distin...
https://aws.amazon.com/security/security-bulletins/rss/2026-005-aws/
##Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338)
Bulletin ID: 2026-005-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/03/02 14:30 PM PST
Description:
AWS-LC is an open-source, general-purpose cryptographic library. We identified three distin...
https://aws.amazon.com/security/security-bulletins/rss/2026-005-aws/
##🟠 CVE-2026-3338 - High (7.5)
Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes.
Customers of AWS services do not need to take action. Applica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3338/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21853 - High (8.8)
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a websit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21853/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28286 - High (8.5)
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to prevent users from creating files or folders in internal OS paths. H...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28286/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-52468 - High (8.8)
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52468/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28403 - High (7.6)
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:`) accepts connections from any origin without validating the HTTP `Origin` header during the WebSocket handshake. A maliciou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28403/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25955 - Critical (9.8)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reuses a cached `XImage` whose `data` pointer references a freed RDPGFX surface buffer, because `gdi_DeleteSurface` frees `su...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25955/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25953 - Critical (9.8)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reads from a freed `xfAppWindow` because the RDPGFX DVC thread obtains a bare pointer via `xf_rail_get_window` without any li...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25953/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25952 - Critical (9.8)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_SetWindowMinMaxInfo` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` in `xf_rail_server_min_max_info` returns an unprotected poin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25952/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25997 - Critical (9.8)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` memory because `xf_clipboard_formats_free` (called from the cliprdr channel thread during auto-reco...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25997/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25959 - Critical (9.8)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XChangeProperty` because the cliprdr channel thread calls `xf_cliprdr_server_format_data_response` whi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25959/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27950 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the S...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27950/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27950 - High (7.5)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the fix for the heap-use-after-free described in CVE-2026-24680 is incomplete. While the vulnerable execution flow referenced in the advisory exists in the S...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27950/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27633 - High (7.5)
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service (DoS) vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27633/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-28213 - Critical (9.8)
EverShop is a TypeScript-first eCommerce platform. Versions prior to 2.1.1 have a vulnerability in the "Forgot Password" functionality. When specifying a target email address, the API response returns the password reset token. This allows an attac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28213/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##