FediSecfeeds

CVE	CVSS	EPSS	Posts	Repos	Nuclei	Updated	Description
CVE-2026-2603	8.1	0.00%	2	2		2026-03-18T02:16:24.813000	A flaw was found in Keycloak. A remote attacker could bypass security controls b
CVE-2026-2092	7.7	0.00%	2	0		2026-03-18T02:16:24.577000	A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAM
CVE-2026-28500	8.6	0.00%	2	0		2026-03-18T02:16:24.227000	Open Neural Network Exchange (ONNX) is an open standard for machine learning int
CVE-2026-32838	7.5	0.00%	2	0		2026-03-18T00:30:59	Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the w
CVE-2026-1376	7.5	0.00%	2	0		2026-03-18T00:30:59	IBM i 7.6 could allow a remote attacker to cause a denial of service using faile
CVE-2026-3888	7.9	0.00%	2	0		2026-03-18T00:30:54	Local privilege escalation in snapd on Linux allows local attackers to get root
CVE-2026-22727	7.5	0.00%	2	0		2026-03-17T23:16:17.470000	Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below,
CVE-2026-21994	9.8	0.00%	2	0		2026-03-17T23:16:17.310000	Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation
CVE-2026-20643	0	0.00%	3	1		2026-03-17T23:16:17.193000	A cross-origin issue in the Navigation API was addressed with improved input val
CVE-2025-14031	7.5	0.00%	2	0		2026-03-17T23:16:15.863000	IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.
CVE-2026-32841	8.1	0.00%	4	0		2026-03-17T22:16:15.043000	Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication by
CVE-2026-4064	8.3	0.00%	2	0		2026-03-17T21:31:53	Missing authorization checks on multiple gRPC service endpoints in PowerShell Un
CVE-2026-4295	7.8	0.00%	2	0		2026-03-17T21:31:53	Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supp
CVE-2026-32981	7.5	0.00%	2	0		2026-03-17T21:31:53	A path traversal vulnerability was identified in Ray Dashboard (default port 826
CVE-2025-64301	7.8	0.00%	2	0		2026-03-17T21:31:53	An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Af
CVE-2026-22182	7.5	0.08%	1	0		2026-03-17T21:31:44	wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerabili
CVE-2025-66342	7.8	0.00%	2	0		2026-03-17T21:16:18.250000	A type confusion vulnerability exists in the EMF functionality of Canva Affinity
CVE-2026-22193	8.1	0.03%	1	0		2026-03-17T20:27:42.513000	wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubs
CVE-2026-32600	8.2	0.01%	1	0		2026-03-17T19:25:09.150000	xml-security is a library that implements XML signatures and encryption. Prior t
CVE-2026-25769	9.1	0.00%	2	1		2026-03-17T19:16:00.957000	Wazuh is a free and open source platform used for threat prevention, detection,
CVE-2026-2921	7.8	0.06%	1	0		2026-03-17T18:59:00.343000	GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. Thi
CVE-2026-3083	8.8	0.36%	1	0		2026-03-17T18:57:46.047000	GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability.
CVE-2026-3086	7.8	0.06%	1	2		2026-03-17T18:56:36.537000	GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerabi
CVE-2026-28430	9.8	0.14%	2	0		2026-03-17T18:53:49.153000	Chamilo LMS is a learning management system. Prior to version 1.11.34, there is
CVE-2026-30875	8.8	0.15%	2	0		2026-03-17T18:53:29.480000	Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitr
CVE-2026-2673	7.5	0.02%	2	0		2026-03-17T18:31:38	Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected pref
CVE-2026-32298	9.1	0.00%	6	0		2026-03-17T18:30:43	The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by
CVE-2026-32295	7.5	0.00%	2	0		2026-03-17T18:30:42	JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force att
CVE-2026-32292	7.5	0.00%	2	0		2026-03-17T18:30:37	The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enab
CVE-2026-32297	7.5	0.00%	8	0		2026-03-17T18:16:17.137000	The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary
CVE-2026-32296	8.2	0.00%	10	0		2026-03-17T18:16:16.960000	Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without prope
CVE-2026-25534	9.1	0.00%	4	0		2026-03-17T18:16:15.063000	### Impact Spinnaker updated URL Validation logic on user input to provide sanit
CVE-2026-4148	8.8	0.00%	4	0		2026-03-17T16:16:23.807000	A use-after-free vulnerability can be triggered in sharded clusters by an authen
CVE-2026-28519	8.8	0.01%	2	0		2026-03-17T15:38:55.280000	arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vuln
CVE-2026-4258	7.5	0.02%	4	0		2026-03-17T15:37:26	All versions of the package sjcl are vulnerable to Improper Verification of Cryp
CVE-2026-30911	8.1	0.02%	4	0		2026-03-17T15:37:26	Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability
CVE-2026-4318	8.8	0.00%	2	0		2026-03-17T15:36:34	A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is
CVE-2026-28779	7.5	0.02%	2	0		2026-03-17T15:36:23	Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is
CVE-2026-32267	None	0.02%	2	0		2026-03-17T15:23:52	### Summary A low-privilege user (or an unauthenticated user who has been sent a
CVE-2026-3564	9.0	0.00%	2	0		2026-03-17T15:16:19.253000	A condition in ScreenConnect may allow an actor with access to server-level cryp
CVE-2026-0708	8.3	0.16%	2	0		2026-03-17T14:20:01.670000	A flaw was found in libucl. A remote attacker could exploit this by providing a
CVE-2026-4208	0	0.05%	2	0		2026-03-17T14:20:01.670000	The extension fails to properly reset the generated MFA code after successful au
CVE-2026-23489	9.1	0.06%	3	0		2026-03-17T14:20:01.670000	Fields is a GLPI plugin that allows users to add custom fields on GLPI items for
CVE-2026-4269	7.5	0.05%	1	0		2026-03-17T14:20:01.670000	A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit bef
CVE-2026-4312	9.8	0.13%	4	0		2026-03-17T09:31:33	GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulne
CVE-2026-2579	7.5	0.07%	2	0		2026-03-17T03:30:22	The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPre
CVE-2026-32313	8.2	0.01%	1	0		2026-03-16T22:01:06	### Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256
CVE-2026-32720	None	0.04%	1	0		2026-03-16T22:00:36	### Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from
CVE-2026-27962	9.1	0.04%	2	0		2026-03-16T21:54:00	## Description ### Summary A JWK Header Injection vulnerability in `authlib`'s
CVE-2025-69784	8.8	0.01%	1	0		2026-03-16T21:35:35	A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed
CVE-2025-69768	7.5	0.04%	4	0		2026-03-16T21:35:34	SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker
CVE-2025-69809	9.8	0.04%	4	0		2026-03-16T21:34:38	A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticat
CVE-2025-69808	9.1	0.07%	2	0		2026-03-16T21:34:38	An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unaut
CVE-2026-32626	9.6	0.14%	2	0		2026-03-16T20:34:47.637000	AnythingLLM is an application that turns pieces of content into context that any
CVE-2026-4252	9.8	0.14%	3	0		2026-03-16T18:32:15	A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue
CVE-2026-4254	9.8	0.05%	3	0		2026-03-16T18:32:15	A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerabilit
CVE-2026-23862	7.8	0.06%	1	0		2026-03-16T18:32:15	Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutra
CVE-2025-62319	9.8	0.03%	1	0		2026-03-16T18:32:14	Boolean-Based SQL Injection is a type of blind SQL injection where an attacker m
CVE-2025-47813	4.3	20.96%	5	0	template	2026-03-16T18:32:03	loginok.html in Wing FTP Server before 7.4.4 discloses the full local installati
CVE-2026-4092	None	1.01%	1	1		2026-03-16T17:08:24	### Impact Allows an attacker to perform a "Path Traversal" attack to modify fil
CVE-2026-32302	8.1	0.01%	1	0		2026-03-16T17:07:29	## Summary In affected versions of `openclaw`, browser-originated WebSocket conn
CVE-2026-32301	9.3	0.04%	1	0		2026-03-16T17:07:19	### Summary Centrifugo is vulnerable to Server-Side Request Forgery (SSRF) when
CVE-2026-32306	10.0	0.23%	1	0		2026-03-16T17:06:59	### Summary The telemetry aggregation API accepts user-controlled `aggregationT
CVE-2026-32308	7.6	0.03%	1	0		2026-03-16T17:06:50	### Summary The Markdown viewer component renders Mermaid diagrams with `securi
CVE-2026-31882	7.5	0.19%	1	0		2026-03-16T17:06:34	# SSE Authentication Bypass in Basic Auth Mode ## Summary When Dagu is configu
CVE-2026-26954	10.0	0.05%	2	0		2026-03-16T17:05:29	### Summary It is possible to obtain arrays containing `Function`, which allows
CVE-2026-32614	7.5	0.02%	1	0		2026-03-16T16:37:11	## Overview The current SM9 decryption implementation contains an infinity-poin
CVE-2026-31886	9.1	0.08%	2	0		2026-03-16T16:36:36	## 1. Vulnerability Summary The `dagRunId` request field accepted by the inline
CVE-2026-3476	7.8	0.02%	1	0		2026-03-16T16:16:16.600000	A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 th
CVE-2026-4182	9.8	0.06%	2	0		2026-03-16T15:30:59	A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unkn
CVE-2026-4255	None	0.02%	1	0		2026-03-16T15:30:59	A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Win
CVE-2026-4188	8.8	0.04%	3	0		2026-03-16T15:30:58	A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected ele
CVE-2026-4214	8.8	0.04%	2	0		2026-03-16T15:30:58	A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L,
CVE-2026-4227	8.8	0.04%	2	0		2026-03-16T15:30:58	A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impac
CVE-2026-4226	8.8	0.04%	2	0		2026-03-16T15:30:58	A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element
CVE-2026-4211	8.8	0.04%	1	0		2026-03-16T15:30:58	A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D
CVE-2026-3081	7.8	0.06%	1	0		2026-03-16T15:30:57	GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution V
CVE-2026-3558	8.1	0.03%	1	0		2026-03-16T15:30:57	Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authenticat
CVE-2026-3556	8.8	0.07%	1	0		2026-03-16T15:30:57	Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Exe
CVE-2026-3555	8.0	0.05%	1	0		2026-03-16T15:30:57	Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflo
CVE-2026-3559	8.1	0.03%	1	0		2026-03-16T15:30:57	Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass
CVE-2026-4163	9.8	0.16%	4	0		2026-03-16T15:30:57	A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects th
CVE-2026-4212	8.8	0.04%	2	0		2026-03-16T15:30:57	A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L
CVE-2026-4201	7.3	0.04%	1	0		2026-03-16T15:30:57	A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040f
CVE-2026-3085	8.8	0.25%	1	0		2026-03-16T15:30:56	GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerab
CVE-2026-3082	7.8	0.06%	1	0		2026-03-16T15:30:56	GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerabi
CVE-2026-3838	8.8	1.58%	2	0		2026-03-16T15:30:56	Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This v
CVE-2026-4164	9.8	0.17%	4	0		2026-03-16T15:30:56	A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Del
CVE-2026-3561	8.0	0.11%	1	0		2026-03-16T15:30:56	Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code
CVE-2026-4170	9.8	0.15%	2	0		2026-03-16T15:30:56	A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerabil
CVE-2026-4183	9.8	0.06%	3	0		2026-03-16T15:30:56	A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected
CVE-2026-4167	8.8	0.04%	3	0		2026-03-16T15:30:56	A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the funct
CVE-2026-4187	5.3	0.06%	1	0		2026-03-16T15:30:56	A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.
CVE-2026-4169	2.4	0.03%	1	0		2026-03-16T15:30:56	A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is
CVE-2026-28521	7.7	0.01%	2	0		2026-03-16T15:30:55	arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vuln
CVE-2026-28520	8.4	0.01%	2	0		2026-03-16T15:30:55	arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vul
CVE-2026-2493	7.5	10.28%	2	0		2026-03-16T15:30:55	IceWarp collaboration Directory Traversal Information Disclosure Vulnerability.
CVE-2026-2920	7.8	0.06%	1	0		2026-03-16T15:30:55	GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerabi
CVE-2026-2922	7.8	0.06%	1	0		2026-03-16T15:30:55	GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerabil
CVE-2026-2923	7.8	0.06%	1	0		2026-03-16T15:30:55	GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability.
CVE-2026-3084	7.8	0.06%	1	0		2026-03-16T15:30:55	GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerabili
CVE-2026-31386	7.2	0.16%	1	0		2026-03-16T15:30:55	OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an
CVE-2026-1947	7.5	0.03%	2	0		2026-03-16T15:30:54	The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vuln
CVE-2026-32746	9.8	0.04%	1	0		2026-03-16T15:30:40	telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMO
CVE-2025-13779	8.3	0.03%	1	0		2026-03-16T14:54:11.293000	Missing authentication for critical function vulnerability in ABB AWIN GW100 rev
CVE-2026-0956	7.8	0.01%	1	0		2026-03-16T14:54:11.293000	There is a memory corruption vulnerability due to an out-of-bounds read when loa
CVE-2026-25819	7.5	0.22%	1	0		2026-03-16T14:54:11.293000	HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx b
CVE-2026-2890	7.5	0.05%	1	0		2026-03-16T14:54:11.293000	The Formidable Forms plugin for WordPress is vulnerable to a payment integrity b
CVE-2026-31917	8.5	0.03%	1	0		2026-03-16T14:54:11.293000	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-32304	9.8	0.08%	1	0		2026-03-16T14:54:11.293000	Locutus brings stdlibs of other programming languages to JavaScript for educatio
CVE-2026-32319	7.5	0.06%	1	0		2026-03-16T14:54:11.293000	Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core
CVE-2016-20030	9.8	0.06%	1	0		2026-03-16T14:53:46.157000	ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows u
CVE-2026-32426	7.5	0.11%	2	0		2026-03-16T14:53:46.157000	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-32366	8.5	0.03%	1	0		2026-03-16T14:53:46.157000	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-2476	7.6	0.03%	1	0		2026-03-16T14:53:07.390000	Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configurat
CVE-2026-3557	8.0	0.14%	1	0		2026-03-16T14:53:07.390000	Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Ove
CVE-2026-3560	8.8	0.07%	1	0		2026-03-16T14:53:07.390000	Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Re
CVE-2026-4181	9.8	0.06%	2	0		2026-03-16T14:53:07.390000	A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an
CVE-2026-4184	9.8	0.06%	2	0		2026-03-16T14:53:07.390000	A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulne
CVE-2026-4213	8.8	0.08%	1	0		2026-03-16T14:53:07.390000	A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS
CVE-2026-4206	6.3	0.43%	1	0		2026-03-16T14:53:07.390000	A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-32
CVE-2026-4172	7.2	0.04%	1	0		2026-03-16T14:53:07.390000	A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an un
CVE-2026-3227	0	0.42%	1	0		2026-03-16T14:53:07.390000	A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR8
CVE-2026-26795	9.8	0.68%	1	0		2026-03-16T14:18:27.577000	GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulner
CVE-2026-3910	8.8	21.89%	8	0		2026-03-13T22:00:01.403000	Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allow
CVE-2026-3909	8.8	27.12%	10	0		2026-03-13T21:32:59	Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a re
CVE-2026-26791	9.8	0.68%	1	0		2026-03-13T21:32:49	GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulner
CVE-2026-26792	9.8	0.68%	1	0		2026-03-13T21:32:48	GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection
CVE-2026-32422	8.5	0.03%	2	0		2026-03-13T21:32:00	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-32368	8.5	0.03%	2	0		2026-03-13T21:31:59	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-32358	7.6	0.03%	1	0		2026-03-13T21:31:59	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-32400	7.5	0.11%	1	0		2026-03-13T21:31:59	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-22202	8.1	0.01%	1	0		2026-03-13T21:31:58	wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that
CVE-2026-25818	9.1	0.02%	1	0		2026-03-13T21:31:58	HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx b
CVE-2026-31922	8.5	0.03%	1	0		2026-03-13T21:31:58	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-0957	7.8	0.01%	1	0		2026-03-13T21:31:57	There is a memory corruption vulnerability due to an out-of-bounds write when lo
CVE-2026-0955	7.8	0.01%	1	0		2026-03-13T21:31:57	There is a memory corruption vulnerability due to an out-of-bounds read when loa
CVE-2026-0954	7.8	0.01%	1	0		2026-03-13T21:31:57	There is a memory corruption vulnerability due to an out-of-bounds write when lo
CVE-2026-25817	8.8	0.26%	1	0		2026-03-13T21:31:57	HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx b
CVE-2026-25823	9.8	0.19%	1	0		2026-03-13T21:31:57	HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx b
CVE-2025-13777	8.3	0.03%	1	0		2026-03-13T21:31:49	Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, A
CVE-2026-32621	9.9	0.03%	3	0		2026-03-13T20:51:15	### Impact A vulnerability exists in query plan execution within the gateway th
CVE-2026-31899	7.5	0.04%	1	1		2026-03-13T18:57:34	## Summary Kozea/CairoSVG has exponential denial of service via recursive `<use
CVE-2026-26793	9.8	0.68%	1	0		2026-03-13T16:02:22.993000	GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulner
CVE-2026-28356	7.5	0.54%	1	0		2026-03-12T18:32:23	## Summary The `parse_options_header()` function in `multipart.py` uses a regul
CVE-2026-32136	9.8	0.79%	1	0		2026-03-12T14:47:49	VULNERABILITY: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass ============
CVE-2026-26130	7.5	1.59%	1	0		2026-03-11T21:11:31	# Microsoft Security Advisory CVE-2026-26130 – .NET Denial of Service Vulnerabil
CVE-2026-1965	6.5	0.05%	1	0		2026-03-11T15:32:59	libcurl can in some circumstances reuse the wrong connection when asked to do an
CVE-2026-2413	7.5	14.93%	3	2	template	2026-03-11T06:31:47	The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to S
CVE-2026-26123	5.5	0.04%	1	0		2026-03-10T21:32:18	Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized a
CVE-2026-25185	5.3	0.10%	1	0		2026-03-10T18:31:30	Exposure of sensitive information to an unauthorized actor in Windows Shell Link
CVE-2025-14558	7.2	41.56%	1	2		2026-03-09T15:30:47	The rtsol(8) and rtsold(8) programs do not validate the domain search list optio
CVE-2026-2256	6.5	2.31%	1	1		2026-03-04T21:14:09	A Command Injection vulnerability in ModelScope's MS-Agent versions v1.6.0rc1 an
CVE-2026-25646	8.1	0.07%	1	0		2026-02-13T20:43:44.690000	LIBPNG is a reference library for use in applications that read, create, and man
CVE-2025-12420	9.8	0.05%	1	1		2026-01-27T21:32:42	A vulnerability has been identified in the ServiceNow AI Platform that could ena
CVE-2025-32463	9.4	26.52%	2	83		2025-10-22T00:34:26	Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswi
CVE-2025-59284	3.3	0.03%	2	1		2025-10-14T18:30:47	Exposure of sensitive information to an unauthorized actor in Windows NTLM allow
CVE-2025-53773	7.8	0.64%	1	0		2025-08-15T17:01:01.673000	Improper neutralization of special elements used in a command ('command injectio
CVE-2024-45163	9.1	0.11%	2	0		2024-08-22T18:31:21	The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to t
CVE-2026-32628	0	0.03%	3	0			N/A
CVE-2026-24901	0	0.00%	6	0			N/A
CVE-2026-25770	0	0.00%	2	0			N/A
CVE-2025-30201	0	0.28%	2	0			N/A
CVE-2026-30881	0	0.03%	2	0			N/A
CVE-2026-32616	0	0.03%	1	0			N/A
CVE-2026-32627	0	0.02%	1	0			N/A
CVE-2026-32708	0	0.02%	2	0			N/A
CVE-2026-32729	0	0.06%	1	0			N/A
CVE-2026-31852	0	0.10%	1	0			N/A
CVE-2026-26969	0	0.00%	1	0			N/A
CVE-2026-32133	0	0.04%	1	0			N/A
CVE-2026-31944	0	0.03%	1	0			N/A

CVE-2026-2603
(8.1 HIGH)

EPSS: 0.00%

updated 2026-03-18T02:16:24.813000

2 posts

A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.

2 repos

https://github.com/mbanyamer/CVE-2026-26030-Microsoft-Semantic-Kernel-1.39.4-RCE

https://github.com/piiiico/mcp-check

thehackerwire@mastodon.social at 2026-03-18T02:45:25.000Z ##

🟠 CVE-2026-2603 - High (8.1)

A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to com...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2603/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-18T02:45:25.000Z ##

🟠 CVE-2026-2603 - High (8.1)

A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to com...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2603/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2092
(7.7 HIGH)

EPSS: 0.00%

updated 2026-03-18T02:16:24.577000

2 posts

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unautho

thehackerwire@mastodon.social at 2026-03-18T02:45:15.000Z ##

🟠 CVE-2026-2092 - High (7.7)

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exp...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2092/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-18T02:45:15.000Z ##

🟠 CVE-2026-2092 - High (7.7)

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exp...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2092/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28500
(8.6 HIGH)

EPSS: 0.00%

updated 2026-03-18T02:16:24.227000

2 posts

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely sup

thehackerwire@mastodon.social at 2026-03-18T02:45:05.000Z ##

🟠 CVE-2026-28500 - High (8.6)

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification m...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28500/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-18T02:45:05.000Z ##

🟠 CVE-2026-28500 - High (8.6)

Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification m...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28500/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32838
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-18T00:30:59

2 posts

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data.

thehackerwire@mastodon.social at 2026-03-17T22:59:49.000Z ##

🟠 CVE-2026-32838 - High (7.5)

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32838/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T22:59:49.000Z ##

🟠 CVE-2026-32838 - High (7.5)

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32838/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1376
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-18T00:30:59

2 posts

IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.

thehackerwire@mastodon.social at 2026-03-17T22:31:49.000Z ##

🟠 CVE-2026-1376 - High (7.5)

IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1376/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T22:31:49.000Z ##

🟠 CVE-2026-1376 - High (7.5)

IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1376/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3888
(7.9 HIGH)

EPSS: 0.00%

updated 2026-03-18T00:30:54

2 posts

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

thehackerwire@mastodon.social at 2026-03-17T19:58:45.000Z ##

🟠 CVE-2026-3888 - High (7.8)

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LT...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3888/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T19:58:45.000Z ##

🟠 CVE-2026-3888 - High (7.8)

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LT...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3888/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22727
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-17T23:16:17.470000

2 posts

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing them to access secure application information.

thehackerwire@mastodon.social at 2026-03-17T23:32:31.000Z ##

🟠 CVE-2026-22727 - High (7.5)

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22727/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T23:32:31.000Z ##

🟠 CVE-2026-22727 - High (7.5)

Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22727/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21994
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-03-17T23:16:17.310000

2 posts

Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. Successful attacks of

thehackerwire@mastodon.social at 2026-03-17T23:32:22.000Z ##

🔴 CVE-2026-21994 - Critical (9.8)

Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauth...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21994/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T23:32:22.000Z ##

🔴 CVE-2026-21994 - Critical (9.8)

Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauth...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21994/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-20643
(0 None)

EPSS: 0.00%

updated 2026-03-17T23:16:17.193000

3 posts

A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2. Processing maliciously crafted web content may bypass Same Origin Policy.

1 repos

https://github.com/zeroxjf/WebKit-NavigationAPI-SOP-Bypass

oversecurity@mastodon.social at 2026-03-18T01:20:17.000Z ##

Apple pushes first Background Security Improvements update to fix WebKit flaw

Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs...

🔗️ [Bleepingcomputer] https://link.is.it/9V9yPV

##

forest_watch_impress@rss-mstdn.studiofreesia.com at 2026-03-17T22:52:00.000Z ##

iPhone/iPad/Macに脆弱性、Appleが「バックグラウンドセキュリティ改善」を実施／クロスオリジン問題「CVE-2026-20643」を解決
https://forest.watch.impress.co.jp/docs/news/2094087.html

#forest_watch_impress #Apple #iOS #iPadOS #セキュリティ #脆弱性 #システム_ファイル #システム

##

oversecurity@mastodon.social at 2026-03-18T01:20:17.000Z ##

Apple pushes first Background Security Improvements update to fix WebKit flaw

Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs...

🔗️ [Bleepingcomputer] https://link.is.it/9V9yPV

##

CVE-2025-14031
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-17T23:16:15.863000

2 posts

IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash.

thehackerwire@mastodon.social at 2026-03-17T23:32:41.000Z ##

🟠 CVE-2025-14031 - High (7.5)

IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes th...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14031/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T23:32:41.000Z ##

🟠 CVE-2025-14031 - High (7.5)

IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes th...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14031/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32841
(8.1 HIGH)

EPSS: 0.00%

updated 2026-03-17T22:16:15.043000

4 posts

Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any user authenticates, enabling unauthorized password changes, firmware uploads, and configuration modifica

offseq at 2026-03-18T00:00:38.614Z ##

⚠️ CRITICAL: Edimax GS-5008PL (≤1.00.54) has an auth bypass flaw (CVE-2026-32841). Attackers can gain admin access with no creds after any login. Isolate devices, restrict access, monitor logs — patch ASAP when available. https://radar.offseq.com/threat/cve-2026-32841-cwe-1108-excessive-reliance-on-glob-a4b3dee3 #OffSeq #CVE202632841 #IoTSecurity

##

thehackerwire@mastodon.social at 2026-03-17T22:31:40.000Z ##

🟠 CVE-2026-32841 - High (8.1)

Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain adm...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32841/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-03-18T00:00:38.000Z ##

⚠️ CRITICAL: Edimax GS-5008PL (≤1.00.54) has an auth bypass flaw (CVE-2026-32841). Attackers can gain admin access with no creds after any login. Isolate devices, restrict access, monitor logs — patch ASAP when available. https://radar.offseq.com/threat/cve-2026-32841-cwe-1108-excessive-reliance-on-glob-a4b3dee3 #OffSeq #CVE202632841 #IoTSecurity

##

thehackerwire@mastodon.social at 2026-03-17T22:31:40.000Z ##

🟠 CVE-2026-32841 - High (8.1)

Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain adm...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32841/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4064
(8.3 HIGH)

EPSS: 0.00%

updated 2026-03-17T21:31:53

2 posts

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and disrupting service operations — via crafted gRPC requests.

thehackerwire@mastodon.social at 2026-03-17T21:49:11.000Z ##

🟠 CVE-2026-4064 - High (8.3)

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4064/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T21:49:11.000Z ##

🟠 CVE-2026-4064 - High (8.3)

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4064/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4295
(7.8 HIGH)

EPSS: 0.00%

updated 2026-03-17T21:31:53

2 posts

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory. To remediate this issue, users should upgrade to version 0.8.0 or higher.

thehackerwire@mastodon.social at 2026-03-17T20:48:25.000Z ##

🟠 CVE-2026-4295 - High (7.8)

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4295/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T20:48:25.000Z ##

🟠 CVE-2026-4295 - High (7.8)

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4295/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32981
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-17T21:31:53

2 posts

A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences (e.g., ../) to access files outside the intended static directory, resulting in local file disclosure.

thehackerwire@mastodon.social at 2026-03-17T20:24:21.000Z ##

🟠 CVE-2026-32981 - High (7.5)

A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traver...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32981/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T20:24:21.000Z ##

🟠 CVE-2026-32981 - High (7.5)

A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traver...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32981/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-64301
(7.8 HIGH)

EPSS: 0.00%

updated 2026-03-17T21:31:53

2 posts

An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code execution.

thehackerwire@mastodon.social at 2026-03-17T19:31:06.000Z ##

🟠 CVE-2025-64301 - High (7.8)

An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code exec...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64301/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T19:31:06.000Z ##

🟠 CVE-2025-64301 - High (7.8)

An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code exec...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64301/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-22182
(7.5 HIGH)

EPSS: 0.08%

updated 2026-03-17T21:31:44

1 posts

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. Attackers can repeatedly call the wpdiscuz-ajax.php endpoint with arbitrary postId and comment_id parameters to flood subscribers with notifications, as the handler lacks nonce verification, authentica

thehackerwire@mastodon.social at 2026-03-14T18:00:36.000Z ##

🟠 CVE-2026-22182 - High (7.5)

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. Attackers can repeatedly call the wpdiscuz-ajax....

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22182/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-66342
(7.8 HIGH)

EPSS: 0.00%

updated 2026-03-17T21:16:18.250000

2 posts

A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.

thehackerwire@mastodon.social at 2026-03-17T19:30:56.000Z ##

🟠 CVE-2025-66342 - High (7.8)

A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.

updated 2026-03-17T19:16:00.957000

2 posts

Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using cluster mode (master/worker architecture) and any organization with a compromised worker node (e.g., through initial access, insider threat, or supply chain

1 repos

https://github.com/hakaioffsec/CVE-2026-25769

thehackerwire@mastodon.social at 2026-03-17T19:00:48.000Z ##

🔴 CVE-2026-25769 - Critical (9.1)

Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using clu...

updated 2026-03-17T18:56:36.537000

1 posts

GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of APS units. The issue

2 repos

https://github.com/Worthes/CVE-2026-30863-Exploit

https://github.com/drkim-dev/CVE-2026-30862

thehackerwire@mastodon.social at 2026-03-16T19:13:18.000Z ##

🟠 CVE-2026-3086 - High (7.8)

GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3086/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-28430
(9.8 CRITICAL)

EPSS: 0.14%

updated 2026-03-17T18:53:49.153000

2 posts

Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the custom_dates parameter. By chaining this with a predictable legacy password reset mechanism, an attacker can achieve full administrative account takeover without any prior credentials. The vulnerabilit

offseq at 2026-03-17T00:00:46.958Z ##

Chamilo LMS < 1.11.34 has a CRITICAL SQL injection vuln (CVE-2026-28430, CVSS 9.3). Unauth attackers can hijack admin accounts & access PII. Upgrade to 1.11.34 ASAP. No public exploits yet. https://radar.offseq.com/threat/cve-2026-28430-cwe-89-improper-neutralization-of-s-36133b16 #OffSeq #SQLInjection #Chamilo #InfoSec

##

offseq@infosec.exchange at 2026-03-17T00:00:46.000Z ##

Chamilo LMS < 1.11.34 has a CRITICAL SQL injection vuln (CVE-2026-28430, CVSS 9.3). Unauth attackers can hijack admin accounts & access PII. Upgrade to 1.11.34 ASAP. No public exploits yet. https://radar.offseq.com/threat/cve-2026-28430-cwe-89-improper-neutralization-of-s-36133b16 #OffSeq #SQLInjection #Chamilo #InfoSec

##

CVE-2026-30875
(8.8 HIGH)

EPSS: 0.15%

updated 2026-03-17T18:53:29.480000

2 posts

Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution (RCE). The H5P package validation only checks if h5p.json exists but doesn't block .htaccess or PHP files with alternative extensions. An attacker uploads a crafted H5P package containin

thehackerwire@mastodon.social at 2026-03-16T20:17:16.000Z ##

🟠 CVE-2026-30875 - High (8.8)

Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution (RCE). The H5P package validation...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30875/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-16T20:17:16.000Z ##

🟠 CVE-2026-30875 - High (8.8)

Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution (RCE). The H5P package validation...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30875/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-2673
(7.5 HIGH)

EPSS: 0.02%

updated 2026-03-17T18:31:38

2 posts

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is supported by both client and server, if the group was not included among the client's initial predicated

lobsters@mastodon.social at 2026-03-17T00:15:13.000Z ##

Security-only OpenSSL tarball releases for CVE-2026-2673 https://lobste.rs/s/g7mczo #practices #security
https://blog.surgut.co.uk/2026/03/security-only-openssl-tarball-releases.html

##

lobsters@mastodon.social at 2026-03-17T00:15:13.000Z ##

Security-only OpenSSL tarball releases for CVE-2026-2673 https://lobste.rs/s/g7mczo #practices #security
https://blog.surgut.co.uk/2026/03/security-only-openssl-tarball-releases.html

##

CVE-2026-32298
(9.1 CRITICAL)

EPSS: 0.00%

updated 2026-03-17T18:30:43

6 posts

The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.

thehackerwire@mastodon.social at 2026-03-17T19:01:50.000Z ##

🔴 CVE-2026-32298 - Critical (9.1)

The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32298/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T18:59:35.000Z ##

🔴 CVE-2026-32298 - Critical (9.1)

The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32298/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T18:58:53.000Z ##

🔴 CVE-2026-32298 - Critical (9.1)

The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32298/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T19:01:50.000Z ##

🔴 CVE-2026-32298 - Critical (9.1)

The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32298/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T18:59:35.000Z ##

🔴 CVE-2026-32298 - Critical (9.1)

The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32298/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T18:58:53.000Z ##

🔴 CVE-2026-32298 - Critical (9.1)

The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32298/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32295
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-17T18:30:42

2 posts

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials.

thehackerwire@mastodon.social at 2026-03-17T18:59:03.000Z ##

🟠 CVE-2026-32295 - High (7.5)

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32295/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T18:59:03.000Z ##

🟠 CVE-2026-32295 - High (7.5)

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32295/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32292
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-17T18:30:37

2 posts

The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials.

thehackerwire@mastodon.social at 2026-03-17T18:58:54.000Z ##

🟠 CVE-2026-32292 - High (7.5)

The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32292/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T18:58:54.000Z ##

🟠 CVE-2026-32292 - High (7.5)

The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32292/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32297
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-17T18:16:17.137000

8 posts

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system.

offseq at 2026-03-18T03:00:27.735Z ##

🚨 CVE-2026-32297 (CRITICAL, CVSS 9.3): ANGEET ES3 KVM allows unauthenticated remote file writes — attackers can take full control. Isolate & restrict access immediately. No patch yet. Details: https://radar.offseq.com/threat/cve-2026-32297-cwe-306-missing-authentication-for--72cb42a6 #OffSeq #CVE202632297 #KVM #Vuln #Infosec

##

thehackerwire@mastodon.social at 2026-03-17T19:01:41.000Z ##

🟠 CVE-2026-32297 - High (7.5)

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerab...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32297/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T18:59:26.000Z ##

🟠 CVE-2026-32297 - High (7.5)

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerab...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32297/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T18:58:43.000Z ##

🟠 CVE-2026-32297 - High (7.5)

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerab...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32297/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-03-18T03:00:27.000Z ##

🚨 CVE-2026-32297 (CRITICAL, CVSS 9.3): ANGEET ES3 KVM allows unauthenticated remote file writes — attackers can take full control. Isolate & restrict access immediately. No patch yet. Details: https://radar.offseq.com/threat/cve-2026-32297-cwe-306-missing-authentication-for--72cb42a6 #OffSeq #CVE202632297 #KVM #Vuln #Infosec

##

thehackerwire@mastodon.social at 2026-03-17T19:01:41.000Z ##

🟠 CVE-2026-32297 - High (7.5)

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerab...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32297/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T18:59:26.000Z ##

🟠 CVE-2026-32297 - High (7.5)

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerab...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32297/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-17T18:58:43.000Z ##

🟠 CVE-2026-32297 - High (7.5)

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerab...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32297/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32296
(8.2 HIGH)

EPSS: 0.00%

updated 2026-03-17T18:16:16.960000

10 posts

Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate the KVM process.

thehackerwire@mastodon.social at 2026-03-17T22:01:18.000Z ##

🟠 CVE-2026-32296 - High (8.2)