| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-1717 | 5.5 | 0.00% | 1 | 0 | 2026-03-11T21:31:10 | An input validation vulnerability was reported in the LenovoProductivitySystemAd | |
| CVE-2026-1715 | 7.1 | 0.00% | 1 | 0 | 2026-03-11T21:31:10 | An input validation vulnerability was reported in the DeviceSettingsSystemAddin | |
| CVE-2026-1716 | 7.1 | 0.00% | 1 | 0 | 2026-03-11T21:16:15.017000 | An input validation vulnerability was reported in the DeviceSettingsSystemAddin | |
| CVE-2026-26801 | 7.5 | 0.04% | 1 | 0 | 2026-03-11T21:12:10 | Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta. | |
| CVE-2026-26127 | 7.5 | 0.04% | 1 | 0 | 2026-03-11T21:11:46 | # Microsoft Security Advisory CVE-2026-26127 – .NET Denial of Service Vulnerabil | |
| CVE-2026-26130 | 7.5 | 1.27% | 3 | 0 | 2026-03-11T21:11:31 | # Microsoft Security Advisory CVE-2026-26130 – .NET Denial of Service Vulnerabil | |
| CVE-2026-31866 | 7.5 | 0.00% | 2 | 0 | 2026-03-11T20:57:38 | ## Details flagd exposes OFREP (`/ofrep/v1/evaluate/...`) and gRPC (`evaluation | |
| CVE-2026-31862 | 9.1 | 0.00% | 2 | 0 | 2026-03-11T20:45:27 | ### Summary Multiple Git-related API endpoints use execAsync() with string inter | |
| CVE-2026-31839 | 8.2 | 0.00% | 2 | 0 | 2026-03-11T20:43:42 | ## Summary A high-severity integrity bypass vulnerability existed in Striae's d | |
| CVE-2026-28229 | 7.5 | 0.00% | 4 | 0 | 2026-03-11T20:43:32 | ### Summary Workflow templates endpoints allow any client to retrieve WorkflowTe | |
| CVE-2026-30933 | 7.5 | 0.05% | 4 | 0 | 2026-03-11T20:40:06 | ### Summary The remediation for CVE-2026-27611 appears incomplete. Password pro | |
| CVE-2026-32059 | 8.8 | 0.00% | 2 | 0 | 2026-03-11T20:38:42 | ### Summary In OpenClaw, `tools.exec.safeBins` validation for `sort` could be by | |
| CVE-2026-32062 | 7.5 | 0.00% | 2 | 0 | 2026-03-11T20:38:31 | ### Summary `@openclaw/voice-call` (and the bundled copy shipped in `openclaw`) | |
| CVE-2026-27273 | 7.8 | 0.03% | 2 | 0 | 2026-03-11T20:27:05.240000 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds | |
| CVE-2026-27274 | 7.8 | 0.03% | 1 | 0 | 2026-03-11T20:26:36.670000 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds | |
| CVE-2026-26118 | 8.8 | 0.06% | 1 | 0 | 2026-03-11T19:59:55 | Server-Side Request Forgery (SSRF) in Azure MCP Server allows an authorized atta | |
| CVE-2026-26131 | 7.8 | 0.04% | 1 | 0 | 2026-03-11T19:53:25 | # Microsoft Security Advisory CVE-2026-26131 – .NET Elevation of Privilege Vulne | |
| CVE-2026-30966 | 10.0 | 0.04% | 1 | 0 | 2026-03-11T19:50:29.950000 | Parse Server is an open source backend that can be deployed to any infrastructur | |
| CVE-2025-68613 | 9.9 | 78.98% | 4 | 31 | template | 2026-03-11T19:40:09.533000 | n8n is an open source workflow automation platform. Versions starting with 0.211 |
| CVE-2026-31881 | 7.7 | 0.00% | 2 | 0 | 2026-03-11T19:16:04.787000 | Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticate | |
| CVE-2026-31874 | 9.8 | 0.00% | 4 | 0 | 2026-03-11T19:16:03.970000 | Taskosaur is an open source project management platform with conversational AI f | |
| CVE-2025-70082 | 9.8 | 0.00% | 2 | 0 | 2026-03-11T19:16:03.607000 | An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitr | |
| CVE-2025-68623 | 8.8 | 0.00% | 2 | 0 | 2026-03-11T19:16:03.420000 | In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege | |
| CVE-2026-3805 | 7.5 | 0.02% | 3 | 0 | 2026-03-11T18:31:35 | When doing a second SMB request to the same host again, curl would wrongly use a | |
| CVE-2025-67298 | 8.1 | 0.00% | 2 | 0 | 2026-03-11T18:31:35 | An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privi | |
| CVE-2026-0230 | None | 0.00% | 2 | 0 | 2026-03-11T18:30:40 | A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent | |
| CVE-2026-20046 | 8.8 | 0.00% | 4 | 0 | 2026-03-11T18:30:40 | A vulnerability in task group assignment for a specific CLI command in Cisco IOS | |
| CVE-2026-20116 | 6.1 | 0.00% | 2 | 0 | 2026-03-11T18:30:40 | A vulnerability in the web-based management interface of Cisco Finesse, Ci | |
| CVE-2026-20117 | 6.1 | 0.00% | 2 | 0 | 2026-03-11T18:30:40 | A vulnerability in the web-based management interface of Cisco Unified Contact C | |
| CVE-2026-20118 | 6.8 | 0.00% | 2 | 0 | 2026-03-11T18:30:40 | A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Ali | |
| CVE-2026-1069 | 7.5 | 0.00% | 2 | 0 | 2026-03-11T18:30:40 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 | |
| CVE-2025-13929 | 7.5 | 0.00% | 2 | 0 | 2026-03-11T18:30:39 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 | |
| CVE-2026-1090 | 8.7 | 0.00% | 2 | 0 | 2026-03-11T18:30:39 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 | |
| CVE-2026-0124 | 7.8 | 0.03% | 1 | 0 | 2026-03-11T18:30:29 | There is a possible out of bounds write due to a missing bounds check. This coul | |
| CVE-2026-21289 | 7.5 | 0.13% | 2 | 0 | 2026-03-11T18:21:50.817000 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, | |
| CVE-2026-21290 | 8.7 | 0.04% | 2 | 0 | 2026-03-11T18:21:47.207000 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, | |
| CVE-2026-30226 | 0 | 0.00% | 2 | 0 | 2026-03-11T18:16:22.937000 | Svelte devalue is a JavaScript library that serializes values into strings when | |
| CVE-2026-20074 | 7.4 | 0.00% | 2 | 0 | 2026-03-11T17:16:55.470000 | A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi- | |
| CVE-2026-20040 | 8.8 | 0.00% | 4 | 0 | 2026-03-11T17:16:54.747000 | A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated | |
| CVE-2026-27271 | 7.8 | 0.03% | 2 | 0 | 2026-03-11T17:11:22.460000 | Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffe | |
| CVE-2026-3784 | 6.5 | 0.02% | 1 | 0 | 2026-03-11T16:16:46.583000 | curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a se | |
| CVE-2026-27897 | 10.0 | 0.00% | 4 | 0 | 2026-03-11T16:16:40.133000 | Vociferous provides cross-platform, offline speech-to-text with local AI refinem | |
| CVE-2026-22248 | 8.0 | 0.00% | 2 | 0 | 2026-03-11T16:16:24.103000 | GLPI is an open-source asset and IT management software package that provides IT | |
| CVE-2025-14513 | 7.5 | 0.00% | 2 | 0 | 2026-03-11T16:16:19.223000 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 | |
| CVE-2026-3847 | 8.8 | 0.04% | 2 | 0 | 2026-03-11T15:55:51.477000 | Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidenc | |
| CVE-2026-2631 | 9.8 | 0.08% | 3 | 0 | 2026-03-11T15:32:59 | The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an una | |
| CVE-2026-3783 | 5.3 | 0.02% | 1 | 0 | 2026-03-11T15:32:59 | When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer p | |
| CVE-2026-1965 | 6.5 | 0.04% | 1 | 0 | 2026-03-11T15:32:59 | libcurl can in some circumstances reuse the wrong connection when asked to do an | |
| CVE-2025-70027 | 7.5 | 0.00% | 2 | 0 | 2026-03-11T15:31:58 | An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Su | |
| CVE-2026-30900 | 7.8 | 0.00% | 2 | 0 | 2026-03-11T15:31:58 | Improper Check of minimum version in update functionality of certain Zoom Client | |
| CVE-2026-30903 | 9.7 | 0.00% | 2 | 0 | 2026-03-11T15:31:58 | External Control of File Name or Path in the Mail feature of Zoom Workplace for | |
| CVE-2026-3496 | 7.5 | 0.00% | 2 | 0 | 2026-03-11T15:31:58 | The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'chec | |
| CVE-2026-2626 | 8.1 | 0.01% | 2 | 0 | 2026-03-11T15:31:52 | The divi-booster WordPress plugin before 5.0.2 does not have authorization and C | |
| CVE-2026-23814 | 8.8 | 0.11% | 2 | 0 | 2026-03-11T15:31:51 | A vulnerability in the command parameters of a certain AOS-CX CLI command could | |
| CVE-2026-23813 | 9.8 | 0.05% | 3 | 0 | 2026-03-11T15:31:51 | A vulnerability has been identified in the web-based management interface of AOS | |
| CVE-2026-30902 | 7.8 | 0.00% | 2 | 0 | 2026-03-11T15:16:30.103000 | Improper Privilege Management in certain Zoom Clients for Windows may allow an a | |
| CVE-2026-32060 | 8.8 | 0.00% | 2 | 0 | 2026-03-11T14:16:27.943000 | OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in a | |
| CVE-2026-3585 | 7.5 | 0.06% | 2 | 0 | 2026-03-11T13:53:47.157000 | The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in | |
| CVE-2025-11158 | 9.1 | 0.04% | 1 | 0 | 2026-03-11T13:53:47.157000 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, i | |
| CVE-2026-1261 | 7.2 | 0.07% | 1 | 0 | 2026-03-11T13:53:47.157000 | The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scriptin | |
| CVE-2026-30929 | 7.7 | 0.01% | 1 | 0 | 2026-03-11T13:53:47.157000 | ImageMagick is free and open-source software used for editing and manipulating d | |
| CVE-2025-41709 | 9.8 | 0.05% | 2 | 0 | 2026-03-11T13:53:47.157000 | [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allo | |
| CVE-2026-30862 | 9.0 | 0.04% | 1 | 1 | 2026-03-11T13:53:47.157000 | Appsmith is a platform to build admin panels, internal tools, and dashboards. Pr | |
| CVE-2026-3288 | 8.8 | 0.04% | 2 | 1 | 2026-03-11T13:53:47.157000 | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubern | |
| CVE-2026-0846 | 8.6 | 0.08% | 2 | 0 | 2026-03-11T13:53:47.157000 | A vulnerability in the `filestring()` function of the `nltk.util` module in nltk | |
| CVE-2026-24289 | 7.8 | 0.06% | 1 | 0 | 2026-03-11T13:53:20.707000 | Use after free in Windows Kernel allows an authorized attacker to elevate privil | |
| CVE-2026-26113 | 8.4 | 0.04% | 1 | 0 | 2026-03-11T13:53:20.707000 | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacke | |
| CVE-2026-26121 | 7.5 | 0.10% | 1 | 0 | 2026-03-11T13:53:20.707000 | Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized | |
| CVE-2026-27269 | 7.8 | 0.03% | 1 | 0 | 2026-03-11T13:53:20.707000 | Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vul | |
| CVE-2026-26141 | 7.8 | 0.04% | 1 | 0 | 2026-03-11T13:53:20.707000 | Improper authentication in Azure Arc allows an authorized attacker to elevate pr | |
| CVE-2026-30957 | 9.9 | 0.27% | 3 | 0 | 2026-03-11T13:53:20.707000 | OneUptime is a solution for monitoring and managing online services. Prior to 10 | |
| CVE-2026-30944 | 8.8 | 0.04% | 2 | 1 | 2026-03-11T13:53:20.707000 | StudioCMS is a server-side-rendered, Astro native, headless content management s | |
| CVE-2026-30956 | 9.9 | 0.04% | 1 | 0 | 2026-03-11T13:53:20.707000 | OneUptime is a solution for monitoring and managing online services. Prior to 10 | |
| CVE-2026-30978 | 7.8 | 0.01% | 1 | 0 | 2026-03-11T13:53:20.707000 | iccDEV provides a set of libraries and tools for working with ICC color manageme | |
| CVE-2026-3843 | 9.8 | 0.44% | 2 | 0 | 2026-03-11T13:53:20.707000 | Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux conta | |
| CVE-2026-31792 | 7.8 | 0.01% | 1 | 0 | 2026-03-11T13:53:20.707000 | iccDEV provides a set of libraries and tools for working with ICC color manageme | |
| CVE-2026-3483 | 7.8 | 0.03% | 1 | 0 | 2026-03-11T13:53:20.707000 | An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local | |
| CVE-2026-1708 | 7.5 | 0.12% | 2 | 0 | 2026-03-11T13:52:47.683000 | The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin p | |
| CVE-2026-1993 | 8.8 | 0.04% | 2 | 0 | 2026-03-11T12:31:30 | The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable | |
| CVE-2026-1992 | 8.8 | 0.07% | 2 | 0 | 2026-03-11T12:31:29 | The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable | |
| CVE-2026-31844 | 8.8 | 0.04% | 2 | 0 | 2026-03-11T09:32:00 | An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff i | |
| CVE-2026-3826 | 9.8 | 0.20% | 3 | 0 | 2026-03-11T09:32:00 | IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing | |
| CVE-2025-13067 | 8.8 | 0.10% | 2 | 0 | 2026-03-11T06:31:47 | The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary f | |
| CVE-2026-2413 | 7.5 | 0.08% | 2 | 2 | 2026-03-11T06:31:47 | The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to S | |
| CVE-2026-24448 | 9.8 | 0.04% | 3 | 0 | 2026-03-11T06:31:47 | Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which m | |
| CVE-2026-3222 | 7.5 | 0.16% | 2 | 0 | 2026-03-11T06:31:47 | The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection | |
| CVE-2026-29515 | None | 0.07% | 1 | 0 | 2026-03-11T06:31:47 | MiCode FileExplorer contains an authentication bypass vulnerability in the embed | |
| CVE-2026-27842 | 9.8 | 0.10% | 3 | 0 | 2026-03-11T06:31:41 | Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow | |
| CVE-2026-21311 | 8.0 | 0.10% | 2 | 0 | 2026-03-11T03:31:39 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, | |
| CVE-2026-21309 | 7.5 | 0.13% | 2 | 0 | 2026-03-11T03:31:39 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, | |
| CVE-2026-3453 | 8.1 | 0.04% | 2 | 0 | 2026-03-11T03:31:39 | The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Re | |
| CVE-2026-21361 | 8.1 | 0.09% | 2 | 0 | 2026-03-11T03:31:39 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, | |
| CVE-2026-21284 | 8.1 | 0.09% | 2 | 0 | 2026-03-11T03:31:38 | Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, | |
| CVE-2026-26738 | 7.8 | 0.05% | 1 | 0 | 2026-03-10T21:33:20 | Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows | |
| CVE-2026-3823 | 8.8 | 0.14% | 1 | 0 | 2026-03-10T21:33:19 | EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Ov | |
| CVE-2026-27276 | 7.8 | 0.03% | 1 | 0 | 2026-03-10T21:32:24 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free | |
| CVE-2026-27275 | 7.8 | 0.03% | 1 | 0 | 2026-03-10T21:32:24 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds | |
| CVE-2026-27280 | 7.8 | 0.03% | 1 | 0 | 2026-03-10T21:32:24 | DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-27277 | 7.8 | 0.03% | 1 | 0 | 2026-03-10T21:32:17 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free | |
| CVE-2026-27279 | 7.8 | 0.03% | 2 | 0 | 2026-03-10T21:32:17 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds | |
| CVE-2025-69219 | 8.8 | 0.05% | 1 | 2 | 2026-03-10T18:58:35.607000 | A user with access to the DB could craft a database entry that would result in e | |
| CVE-2026-3630 | 9.8 | 0.05% | 1 | 0 | 2026-03-10T18:48:52.193000 | Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability. | |
| CVE-2026-27826 | 8.2 | 0.04% | 2 | 1 | 2026-03-10T18:48:50 | ### Summary An unauthenticated attacker who can reach the mcp-atlassian HTTP end | |
| CVE-2026-30934 | 8.9 | 0.04% | 1 | 0 | 2026-03-10T18:44:35 | ## Summary Stored XSS is possible via share metadata fields (e.g., `title`, `des | |
| CVE-2026-30921 | 10.0 | 0.01% | 2 | 0 | 2026-03-10T18:44:25 | Summary OneUptime Synthetic Monitors allow low-privileged project users to subm | |
| CVE-2026-30920 | 8.6 | 0.01% | 2 | 0 | 2026-03-10T18:44:15 | ### Summary OneUptime's GitHub App callback trusts attacker-controlled `state` | |
| CVE-2026-30869 | 9.3 | 0.43% | 1 | 0 | 2026-03-10T18:43:20 | ### Summary A path traversal vulnerability in the `/export` endpoint allows an a | |
| CVE-2026-28292 | 9.8 | 0.14% | 4 | 0 | 2026-03-10T18:38:58 | ### Summary The `blockUnsafeOperationsPlugin` in `simple-git` fails to block gi | |
| CVE-2026-30910 | 7.5 | 0.02% | 1 | 0 | 2026-03-10T18:32:20 | Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overf | |
| CVE-2026-26128 | 7.8 | 0.04% | 1 | 0 | 2026-03-10T18:31:31 | Improper authentication in Windows SMB Server allows an authorized attacker to e | |
| CVE-2026-26134 | 7.8 | 0.06% | 1 | 0 | 2026-03-10T18:31:31 | Integer overflow or wraparound in Microsoft Office allows an authorized attacker | |
| CVE-2026-3845 | 8.8 | 0.04% | 2 | 0 | 2026-03-10T18:31:31 | Heap buffer overflow in the Audio/Video: Playback component in Firefox for Andro | |
| CVE-2026-26117 | 7.8 | 0.04% | 5 | 0 | 2026-03-10T18:31:30 | Authentication bypass using an alternate path or channel in Azure Windows Virtua | |
| CVE-2026-26144 | 7.5 | 0.10% | 5 | 0 | 2026-03-10T18:31:30 | Improper neutralization of input during web page generation ('cross-site scripti | |
| CVE-2026-26132 | 7.8 | 0.06% | 1 | 0 | 2026-03-10T18:31:30 | Use after free in Windows Kernel allows an authorized attacker to elevate privil | |
| CVE-2026-26148 | 8.2 | 0.08% | 1 | 0 | 2026-03-10T18:31:30 | External initialization of trusted variables or data stores in Azure Entra ID al | |
| CVE-2026-2339 | 7.5 | 0.22% | 1 | 0 | 2026-03-10T18:31:30 | Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Sof | |
| CVE-2025-54820 | 8.1 | 0.04% | 2 | 0 | 2026-03-10T18:31:25 | A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet | |
| CVE-2026-24291 | 7.8 | 0.06% | 1 | 0 | 2026-03-10T18:31:25 | Incorrect permission assignment for critical resource in Windows Accessibility I | |
| CVE-2026-21262 | 8.8 | 0.08% | 1 | 0 | 2026-03-10T18:31:25 | Improper access control in SQL Server allows an authorized attacker to elevate p | |
| CVE-2026-2364 | 7.3 | 0.01% | 2 | 0 | 2026-03-10T18:31:24 | If a legitimate user confirms a self-update prompt or initiate an installation o | |
| CVE-2026-1508 | 4.3 | 0.01% | 1 | 0 | 2026-03-10T18:31:24 | The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check i | |
| CVE-2025-41711 | 5.3 | 0.02% | 2 | 0 | 2026-03-10T18:31:24 | An unauthenticated remote attacker can use firmware images to extract password h | |
| CVE-2025-41712 | 6.5 | 0.03% | 2 | 0 | 2026-03-10T18:31:24 | An unauthenticated remote attacker who tricks a user to upload a manipulated HTM | |
| CVE-2025-41710 | 6.5 | 0.03% | 2 | 0 | 2026-03-10T18:31:24 | An unauthenticated remote attacker may use hardcodes credentials to get access t | |
| CVE-2026-0953 | 9.8 | 0.04% | 1 | 0 | 2026-03-10T18:31:24 | The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in | |
| CVE-2026-27685 | 9.1 | 0.04% | 1 | 0 | 2026-03-10T18:31:24 | SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged use | |
| CVE-2026-1603 | 8.6 | 43.88% | 5 | 0 | template | 2026-03-10T15:31:30 | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allo |
| CVE-2026-27005 | 9.8 | 0.12% | 1 | 0 | 2026-03-10T14:04:01.353000 | Chartbrew is an open-source web application that can connect directly to databas | |
| CVE-2025-70238 | 7.5 | 0.04% | 1 | 0 | 2026-03-09T21:32:45 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2026-3638 | 5.9 | 0.03% | 1 | 0 | 2026-03-09T21:31:49 | Improper access control in user and role restore API endpoints in Devolutions Se | |
| CVE-2025-26399 | 9.8 | 23.31% | 5 | 1 | 2026-03-09T21:31:33 | SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxP | |
| CVE-2021-22054 | 7.5 | 93.79% | 3 | 1 | template | 2026-03-09T21:31:33 | VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20. |
| CVE-2026-28802 | 9.8 | 0.04% | 1 | 0 | 2026-03-09T21:20:56.980000 | Authlib is a Python library which builds OAuth and OpenID Connect servers. From | |
| CVE-2025-70363 | 7.5 | 0.05% | 1 | 0 | 2026-03-09T19:16:00.890000 | Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ci | |
| CVE-2026-3038 | 7.5 | 0.04% | 1 | 0 | 2026-03-09T18:32:49 | The rtsock_msg_buffer() function serializes routing information into a buffer. | |
| CVE-2026-3588 | 7.5 | 0.02% | 1 | 0 | 2026-03-09T18:31:50 | A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 all | |
| CVE-2025-70047 | 7.5 | 0.04% | 1 | 0 | 2026-03-09T18:31:49 | An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered | |
| CVE-2026-25866 | 7.8 | 0.01% | 1 | 0 | 2026-03-09T18:31:49 | MobaXterm versions prior to 26.1 contain an uncontrolled search path element vul | |
| CVE-2026-30863 | None | 0.07% | 1 | 1 | 2026-03-09T17:42:26 | ### Impact The Google, Apple, and Facebook authentication adapters use JWT veri | |
| CVE-2026-29191 | 9.3 | 0.03% | 1 | 0 | 2026-03-09T15:48:28 | ### Summary A vulnerability was discovered in Zitadel's login V2 interface that | |
| CVE-2026-2919 | 4.3 | 0.01% | 1 | 0 | 2026-03-09T15:30:48 | Malicious scripts could display attacker-controlled web content under spoofed do | |
| CVE-2026-2219 | 7.5 | 0.01% | 1 | 0 | 2026-03-09T15:30:43 | It was discovered that dpkg-deb (a component of dpkg, the Debian package managem | |
| CVE-2026-27944 | 9.8 | 1.03% | 1 | 3 | template | 2026-03-05T22:37:22 | ## Summary The `/api/backup` endpoint is accessible without authentication and |
| CVE-2026-25921 | 9.3 | 0.02% | 1 | 0 | 2026-03-05T22:28:33 | ### Summary Overwritable LFS object across different repos leads to supply-chain | |
| CVE-2026-21385 | 7.8 | 0.38% | 2 | 1 | 2026-03-03T21:31:13 | Memory corruption while using alignments for memory allocation. | |
| CVE-2026-27611 | 6.5 | 0.03% | 4 | 0 | 2026-02-27T19:12:25.640000 | FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to ver | |
| CVE-2026-27739 | None | 0.05% | 1 | 1 | 2026-02-25T22:42:37 | A [Server-Side Request Forgery (SSRF)](https://developer.mozilla.org/en-US/docs/ | |
| CVE-2026-20127 | 10.0 | 2.60% | 2 | 6 | 2026-02-25T18:31:45 | A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controlle | |
| CVE-2026-20841 | 8.8 | 0.11% | 1 | 12 | 2026-02-11T15:31:25 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-2138 | 8.8 | 0.08% | 1 | 0 | 2026-02-10T19:28:57.427000 | A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the | |
| CVE-2026-24307 | 9.3 | 0.15% | 2 | 0 | 2026-01-23T00:31:24 | Improper validation of specified type of input in M365 Copilot allows an unautho | |
| CVE-2025-13154 | 5.5 | 0.02% | 1 | 0 | 2026-01-15T00:31:44 | An improper link following vulnerability was reported in the SmartPerformanceAdd | |
| CVE-2025-66005 | 0 | 0.02% | 1 | 0 | 2026-01-14T16:25:12.057000 | Lack of authorization of the InputManager D-Bus interface in InputPlumber versio | |
| CVE-2025-14338 | None | 0.01% | 1 | 0 | 2026-01-14T12:31:48 | Polkit authentication dis isabled by default and a race condition in the Polkit | |
| CVE-2026-0628 | 8.8 | 0.04% | 2 | 2 | 2026-01-12T16:48:33.560000 | Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7 | |
| CVE-2025-11126 | 9.8 | 0.18% | 2 | 0 | 2025-09-29T00:30:35 | A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerab | |
| CVE-2025-0037 | 6.6 | 0.03% | 1 | 0 | 2025-06-10T00:30:36 | In AMD Versal Adaptive SoC devices, the lack of address validation when executin | |
| CVE-2022-25860 | 9.8 | 41.35% | 1 | 0 | 2025-04-01T23:03:12 | Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code E | |
| CVE-2022-25912 | 8.1 | 43.30% | 1 | 0 | 2023-08-17T05:02:31 | The package simple-git before 3.15.0 is vulnerable to Remote Code Execution (RCE | |
| CVE-2026-0866 | 0 | 0.00% | 4 | 0 | N/A | ||
| CVE-2026-31870 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-31852 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-21888 | 0 | 0.00% | 4 | 0 | N/A | ||
| CVE-2026-3611 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-28806 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-28514 | 0 | 0.11% | 2 | 0 | N/A | ||
| CVE-2026-30983 | 0 | 0.01% | 2 | 0 | N/A | ||
| CVE-2026-30979 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-30985 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-30987 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-31795 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-31796 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-30918 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-27603 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2026-28693 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-28691 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-28431 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-30240 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-31816 | 0 | 0.10% | 2 | 0 | N/A | ||
| CVE-2026-25737 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2025-62166 | 0 | 0.08% | 1 | 0 | N/A |
updated 2026-03-11T21:31:10
1 posts
Lenovo released all patches for the Vantage vulnerabilities I reported earlier this year. The blog has been updated with write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.
##updated 2026-03-11T21:31:10
1 posts
Lenovo released all patches for the Vantage vulnerabilities I reported earlier this year. The blog has been updated with write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.
##updated 2026-03-11T21:16:15.017000
1 posts
Lenovo released all patches for the Vantage vulnerabilities I reported earlier this year. The blog has been updated with write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.
##updated 2026-03-11T21:12:10
1 posts
🟠 CVE-2026-26801 - High (7.5)
Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26801/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T21:11:46
1 posts
🟠 CVE-2026-26127 - High (7.5)
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26127/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T21:11:31
3 posts
🟠 CVE-2026-26130 - High (7.5)
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26130/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26130 - High (7.5)
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26130/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-26130 - A denial of service attack against SignalR. Update your runtime, restart your SignalR apps.
github.com/dotnet/annou...
(2/5)
Microsoft Security Advisory CV...
updated 2026-03-11T20:57:38
2 posts
🟠 CVE-2026-31866 - High (7.5)
flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2, flagd exposes OFREP (/ofrep/v1/evaluate/...) and gRPC (evaluation.v1, evaluation.v2) endpoints for feature flag evaluation. These endpoints are designed to be publicly accessi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31866/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31866 - High (7.5)
flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2, flagd exposes OFREP (/ofrep/v1/evaluate/...) and gRPC (evaluation.v1, evaluation.v2) endpoints for feature flag evaluation. These endpoints are designed to be publicly accessi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31866/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T20:45:27
2 posts
🔴 CVE-2026-31862 - Critical (9.1)
Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31862/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31862 - Critical (9.1)
Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31862/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T20:43:42
2 posts
🟠 CVE-2026-31839 - High (8.2)
Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified togeth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31839/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31839 - High (8.2)
Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified togeth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31839/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T20:43:32
4 posts
🔴 CVE-2026-28229 - Critical (9.8)
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates)....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28229/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-28229 - Critical (9.8)
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates)....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28229/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-28229 - Critical (9.8)
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates)....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28229/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-28229 - Critical (9.8)
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates (and ClusterWorkflowTemplates)....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28229/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T20:40:06
4 posts
🟠 CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T20:38:42
2 posts
🟠 CVE-2026-32059 - High (8.8)
OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32059 - High (8.8)
OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T20:38:31
2 posts
🟠 CVE-2026-32062 - High (7.5)
OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32062/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32062 - High (7.5)
OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32062/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T20:27:05.240000
2 posts
🟠 CVE-2026-27273 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27273/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27273 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27273/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T20:26:36.670000
1 posts
🟠 CVE-2026-27274 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27274/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T19:59:55
1 posts
🟠 CVE-2026-26118 - High (8.8)
Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26118/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T19:53:25
1 posts
🟠 CVE-2026-26131 - High (7.8)
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26131/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T19:50:29.950000
1 posts
🚨 CRITICAL: CVE-2026-30966 in parse-server (<9.5.2-alpha.7, <8.6.20) lets attackers gain any role via REST/GraphQL with just the app key. Upgrade now and restrict API access! Full details: https://radar.offseq.com/threat/cve-2026-30966-cwe-284-improper-access-control-in--321de92a #OffSeq #parseServer #CVE202630966 #infosec
##updated 2026-03-11T19:40:09.533000
4 posts
31 repos
https://github.com/nehkark/CVE-2025-68613
https://github.com/GnuTLam/POC-CVE-2025-68613
https://github.com/ali-py3/Exploit-CVE-2025-68613
https://github.com/ahmedshamsddin/n8n-RCE-CVE-2025-68613
https://github.com/Ak-cybe/CVE-2025-68613-n8n-rce-analysis
https://github.com/r4j3sh-com/CVE-2025-68613-n8n-lab
https://github.com/Rishi-kaul/n8n-CVE-2025-68613
https://github.com/sahilccras/Blackash-CVE-2025-68613
https://github.com/gagaltotal/n8n-cve-2025-68613
https://github.com/manyaigdtuw/CVE-2025-68613_Scanner
https://github.com/intelligent-ears/CVE-2025-68613
https://github.com/TheStingR/CVE-2025-68613-POC
https://github.com/secjoker/CVE-2025-68613
https://github.com/JohannesLks/CVE-2025-68613-Python-Exploit
https://github.com/cv-sai-kamesh/n8n-CVE-2025-68613
https://github.com/mbanyamer/n8n-Authenticated-Expression-Injection-RCE-CVE-2025-68613
https://github.com/reem-012/poc_CVE-2025-68613
https://github.com/hackersatyamrastogi/n8n-exploit-CVE-2025-68613-n8n-God-Mode-Ultimate
https://github.com/releaseown/analysis-and-poc-n8n-CVE-2025-68613
https://github.com/Dlanang/homelab-CVE-2025-68613
https://github.com/J4ck3LSyN-Gen2/n8n-CVE-2025-68613-TryHackMe
https://github.com/wioui/n8n-CVE-2025-68613-exploit
https://github.com/AbdulRKB/n8n-RCE
https://github.com/shibaaa204/CVE-2025-68613
https://github.com/Victorhugofariasvieir66/relatorio-n8n.md
https://github.com/h3raklez/CVE-2025-68613
https://github.com/Khin-96/n8n-cve-2025-68613-thm
https://github.com/rxerium/CVE-2025-68613
https://github.com/TheInterception/n8n_CVE-2025-68613_exploit_payloads
🚨 [CISA-2026:0311] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0311)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-68613 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-68613)
- Name: n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: n8n
- Product: n8n
- Notes: https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp ; https://nvd.nist.gov/vuln/detail/CVE-2025-68613
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260311 #cisa20260311 #cve_2025_68613 #cve202568613
##CVE ID: CVE-2025-68613
Vendor: n8n
Product: n8n
Date Added: 2026-03-11
Notes: https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp ; https://nvd.nist.gov/vuln/detail/CVE-2025-68613
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-68613
🚨 [CISA-2026:0311] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0311)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-68613 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-68613)
- Name: n8n Improper Control of Dynamically-Managed Code Resources Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: n8n
- Product: n8n
- Notes: https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp ; https://nvd.nist.gov/vuln/detail/CVE-2025-68613
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260311 #cisa20260311 #cve_2025_68613 #cve202568613
##CVE ID: CVE-2025-68613
Vendor: n8n
Product: n8n
Date Added: 2026-03-11
Notes: https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp ; https://nvd.nist.gov/vuln/detail/CVE-2025-68613
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-68613
updated 2026-03-11T19:16:04.787000
2 posts
🟠 CVE-2026-31881 - High (7.7)
Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator (admin) password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-passw...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31881/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31881 - High (7.7)
Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator (admin) password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-passw...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31881/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T19:16:03.970000
4 posts
🔴 CVE-2026-31874 - Critical (9.8)
Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can man...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31874/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31874 - Critical (9.8)
Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can man...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31874/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31874 - Critical (9.8)
Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can man...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31874/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31874 - Critical (9.8)
Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can man...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31874/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T19:16:03.607000
2 posts
🔴 CVE-2025-70082 - Critical (9.8)
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70082/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70082 - Critical (9.8)
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70082/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T19:16:03.420000
2 posts
🟠 CVE-2025-68623 - High (8.8)
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68623/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-68623 - High (8.8)
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68623/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T18:31:35
3 posts
🟠 CVE-2026-3805 - High (7.5)
When doing a second SMB request to the same host again, curl would wrongly use
a data pointer pointing into already freed memory.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3805/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3805 - High (7.5)
When doing a second SMB request to the same host again, curl would wrongly use
a data pointer pointing into already freed memory.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3805/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-3805: use after free in SMB connection reuse
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.
##updated 2026-03-11T18:31:35
2 posts
🟠 CVE-2025-67298 - High (8.1)
An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67298/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-67298 - High (8.1)
An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67298/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T18:30:40
2 posts
CVE-2026-0230 Cortex XDR Agent: Local Administrator can disable the agent on macOS
https://security.paloaltonetworks.com/CVE-2026-0230
Short summary: https://hackerworkspace.com/article/cve-2026-0230-cortex-xdr-agent-local-administrator-can-disable-the-agent-on-macos
##CVE-2026-0230 Cortex XDR Agent: Local Administrator can disable the agent on macOS
https://security.paloaltonetworks.com/CVE-2026-0230
Short summary: https://hackerworkspace.com/article/cve-2026-0230-cortex-xdr-agent-local-administrator-can-disable-the-agent-on-macos
##updated 2026-03-11T18:30:40
4 posts
🟠 CVE-2026-20046 - High (8.8)
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device.
This vulnerability is du...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20046/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Four new high-risk vulnerabilities from Cisco:
- CVE-2026-20118: Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN
- CVE-2026-20074: Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK
- CVE-2026-20040 and CVE-2026-20046L Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W
- CVE-2026-20116 and CVE-2026-20117: Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh @TalosSecurity #infosec #Cisco #vulnerability
##🟠 CVE-2026-20046 - High (8.8)
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device.
This vulnerability is du...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20046/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Four new high-risk vulnerabilities from Cisco:
- CVE-2026-20118: Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN
- CVE-2026-20074: Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK
- CVE-2026-20040 and CVE-2026-20046L Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W
- CVE-2026-20116 and CVE-2026-20117: Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh @TalosSecurity #infosec #Cisco #vulnerability
##updated 2026-03-11T18:30:40
2 posts
Four new high-risk vulnerabilities from Cisco:
- CVE-2026-20118: Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN
- CVE-2026-20074: Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK
- CVE-2026-20040 and CVE-2026-20046L Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W
- CVE-2026-20116 and CVE-2026-20117: Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh @TalosSecurity #infosec #Cisco #vulnerability
##Four new high-risk vulnerabilities from Cisco:
- CVE-2026-20118: Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN
- CVE-2026-20074: Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK
- CVE-2026-20040 and CVE-2026-20046L Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W
- CVE-2026-20116 and CVE-2026-20117: Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh @TalosSecurity #infosec #Cisco #vulnerability
##updated 2026-03-11T18:30:40
2 posts
Four new high-risk vulnerabilities from Cisco:
- CVE-2026-20118: Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN
- CVE-2026-20074: Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK
- CVE-2026-20040 and CVE-2026-20046L Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W
- CVE-2026-20116 and CVE-2026-20117: Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh @TalosSecurity #infosec #Cisco #vulnerability
##Four new high-risk vulnerabilities from Cisco:
- CVE-2026-20118: Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN
- CVE-2026-20074: Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK
- CVE-2026-20040 and CVE-2026-20046L Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W
- CVE-2026-20116 and CVE-2026-20117: Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh @TalosSecurity #infosec #Cisco #vulnerability
##updated 2026-03-11T18:30:40
2 posts
Four new high-risk vulnerabilities from Cisco:
- CVE-2026-20118: Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN
- CVE-2026-20074: Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK
- CVE-2026-20040 and CVE-2026-20046L Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W
- CVE-2026-20116 and CVE-2026-20117: Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh @TalosSecurity #infosec #Cisco #vulnerability
##Four new high-risk vulnerabilities from Cisco:
- CVE-2026-20118: Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN
- CVE-2026-20074: Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK
- CVE-2026-20040 and CVE-2026-20046L Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W
- CVE-2026-20116 and CVE-2026-20117: Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh @TalosSecurity #infosec #Cisco #vulnerability
##updated 2026-03-11T18:30:40
2 posts
🟠 CVE-2026-1069 - High (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1069/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1069 - High (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1069/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T18:30:39
2 posts
🟠 CVE-2025-13929 - High (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by issuing specially crafted req...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13929/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-13929 - High (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by issuing specially crafted req...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13929/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T18:30:39
2 posts
🟠 CVE-2026-1090 - High (8.7)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1090/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1090 - High (8.7)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1090/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T18:30:29
1 posts
⚠️ CVE-2026-0124 (CRITICAL, CVSS 10) hits Google Pixel devices: local out-of-bounds write means privilege escalation — no user interaction needed. Restrict access, monitor now, patch ASAP when available. https://radar.offseq.com/threat/cve-2026-0124-elevation-of-privilege-in-google-and-bf0f89c1 #OffSeq #Android #Vuln #MobileSecurity
##updated 2026-03-11T18:21:50.817000
2 posts
🟠 CVE-2026-21289 - High (7.5)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21289 - High (7.5)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T18:21:47.207000
2 posts
🟠 CVE-2026-21290 - High (8.7)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21290/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21290 - High (8.7)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21290/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T18:16:22.937000
2 posts
Okay, so it turns out that this is really, really slow.
Which led to CVE-2026-30226: https://github.com/sveltejs/devalue/security/advisories/GHSA-cfw5-2vxh-hr84
##Okay, so it turns out that this is really, really slow.
Which led to CVE-2026-30226: https://github.com/sveltejs/devalue/security/advisories/GHSA-cfw5-2vxh-hr84
##updated 2026-03-11T17:16:55.470000
2 posts
Four new high-risk vulnerabilities from Cisco:
- CVE-2026-20118: Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN
- CVE-2026-20074: Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK
- CVE-2026-20040 and CVE-2026-20046L Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W
- CVE-2026-20116 and CVE-2026-20117: Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh @TalosSecurity #infosec #Cisco #vulnerability
##Four new high-risk vulnerabilities from Cisco:
- CVE-2026-20118: Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN
- CVE-2026-20074: Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK
- CVE-2026-20040 and CVE-2026-20046L Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W
- CVE-2026-20116 and CVE-2026-20117: Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh @TalosSecurity #infosec #Cisco #vulnerability
##updated 2026-03-11T17:16:54.747000
4 posts
🟠 CVE-2026-20040 - High (8.8)
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.
This vulnerability is due to insufficient validatio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20040/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Four new high-risk vulnerabilities from Cisco:
- CVE-2026-20118: Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN
- CVE-2026-20074: Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK
- CVE-2026-20040 and CVE-2026-20046L Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W
- CVE-2026-20116 and CVE-2026-20117: Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh @TalosSecurity #infosec #Cisco #vulnerability
##🟠 CVE-2026-20040 - High (8.8)
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.
This vulnerability is due to insufficient validatio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20040/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Four new high-risk vulnerabilities from Cisco:
- CVE-2026-20118: Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN
- CVE-2026-20074: Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK
- CVE-2026-20040 and CVE-2026-20046L Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-privesc-bF8D5U4W
- CVE-2026-20116 and CVE-2026-20117: Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh @TalosSecurity #infosec #Cisco #vulnerability
##updated 2026-03-11T17:11:22.460000
2 posts
🟠 CVE-2026-27271 - High (7.8)
Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27271/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27271 - High (7.8)
Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27271/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T16:16:46.583000
1 posts
CVE-2026-3784: wrong proxy connection reuse with credentials
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.
##updated 2026-03-11T16:16:40.133000
4 posts
🔴 CVE-2026-27897 - Critical (10)
Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the export_file route. The application accepts a JSON payload containing a filename and conte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27897/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-27897 - Critical (10)
Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the export_file route. The application accepts a JSON payload containing a filename and conte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27897/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-27897 - Critical (10)
Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the export_file route. The application accepts a JSON payload containing a filename and conte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27897/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-27897 - Critical (10)
Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the export_file route. The application accepts a JSON payload containing a filename and conte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27897/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T16:16:24.103000
2 posts
🟠 CVE-2026-22248 - High (8)
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigg...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22248/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22248 - High (8)
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigg...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22248/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T16:16:19.223000
2 posts
🟠 CVE-2025-14513 - High (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14513/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-14513 - High (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14513/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T15:55:51.477000
2 posts
🟠 CVE-2026-3847 - High (8.8)
Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 14...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3847/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3847 - High (8.8)
Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 14...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3847/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T15:32:59
3 posts
🔴 CVE-2026-2631 - Critical (9.8)
The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option `datalogics_token` without verification. This token is subsequently used for authentication...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2631/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2631 - Critical (9.8)
The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option `datalogics_token` without verification. This token is subsequently used for authentication...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2631/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛑 CVE-2026-2631 (CRITICAL): Datalogics Ecommerce Delivery WP plugin (<2.6.60) lets unauthenticated attackers gain admin via REST endpoint. Patch or restrict access now! Details: https://radar.offseq.com/threat/cve-2026-2631-cwe-269-improper-privilege-managemen-beccaec0 #OffSeq #WordPress #Vuln #Infosec
##updated 2026-03-11T15:32:59
1 posts
CVE-2026-3783: token leak with redirect and netrc
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances.
##updated 2026-03-11T15:32:59
1 posts
CVE-2026-1965: bad reuse of HTTP Negotiate connection
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.
##updated 2026-03-11T15:31:58
2 posts
🟠 CVE-2025-70027 - High (7.5)
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70027/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70027 - High (7.5)
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70027/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T15:31:58
2 posts
🟠 CVE-2026-30900 - High (7.8)
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30900/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30900 - High (7.8)
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30900/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T15:31:58
2 posts
🔴 CVE-2026-30903 - Critical (9.6)
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30903/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30903 - Critical (9.6)
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30903/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T15:31:58
2 posts
🟠 CVE-2026-3496 - High (7.5)
The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check_in_date' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3496/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3496 - High (7.5)
The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check_in_date' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3496/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T15:31:52
2 posts
🟠 CVE-2026-2626 - High (8.1)
The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2626/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2626 - High (8.1)
The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2626/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T15:31:51
2 posts
🟠 CVE-2026-23814 - High (8.8)
A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23814/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23814 - High (8.8)
A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23814/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T15:31:51
3 posts
🔴 CVE-2026-23813 - Critical (9.8)
A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23813/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-23813 - Critical (9.8)
A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23813/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##HPE Patches Multiple Flaws Aruba AOS-CX Including Critical Allowing Admin Password Resets
HPE patched five vulnerabilities in Aruba AOS-CX, including a critical authentication bypass (CVE-2026-23813) that allows unauthenticated remote attackers to reset administrator passwords and take full control of switches.
**Isolate your switch management interfaces on a separate VLAN that's only accessible from trusted networks. Then plan a patch cycle for your AOS-CX devices. For good measure, disable the web interface on all ports where it is not strictly necessary.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/hpe-patches-multiple-flaws-aruba-aos-cx-including-critical-allowing-admin-password-resets-y-u-h-x-3/gD2P6Ple2L
updated 2026-03-11T15:16:30.103000
2 posts
🟠 CVE-2026-30902 - High (7.8)
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30902/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30902 - High (7.8)
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30902/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T14:16:27.943000
2 posts
🟠 CVE-2026-32060 - High (8.8)
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the configured workspace directory. When apply_patch is enabled without filesystem sandbox containmen...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32060/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32060 - High (8.8)
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the configured workspace directory. When apply_patch is enabled without filesystem sandbox containmen...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32060/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:53:47.157000
2 posts
🟠 CVE-2026-3585 - High (7.5)
The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajax_create_import' function. This makes it possible for authenticated attackers, with Author-level access and abov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3585/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-3585 (HIGH): Path traversal in stellarwp The Events Calendar plugin lets Author+ users read any files on WordPress servers up to v6.15.17. Restrict access, monitor logs, and patch ASAP. Details: https://radar.offseq.com/threat/cve-2026-3585-cwe-22-improper-limitation-of-a-path-57fec669 #OffSeq #WordPress #Vuln #Cybersecurity
##updated 2026-03-11T13:53:47.157000
1 posts
🔴 CVE-2025-11158 - Critical (9.1)
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-11158/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:53:47.157000
1 posts
🚨 CVE-2026-1261: HIGH-severity stored XSS in all Wpmet MetForm Pro versions (Quiz feature). Unauthenticated attackers can inject persistent scripts, risking user data and site integrity. Disable Quiz & monitor for patches. https://radar.offseq.com/threat/cve-2026-1261-cwe-79-improper-neutralization-of-in-3b7ad624 #OffSeq #WordPress #XSS
##updated 2026-03-11T13:53:47.157000
1 posts
🟠 CVE-2026-30929 - High (7.7)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30929/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:53:47.157000
2 posts
#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230
An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/
#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json
###OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E
An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json
updated 2026-03-11T13:53:47.157000
1 posts
1 repos
⚠️ CRITICAL: CVE-2026-30862 in Appsmith <1.96 enables stored XSS via TableWidgetV2. Attackers can leverage 'Invite Users' for admin takeover. Patch to 1.96+ ASAP! No active exploits yet. https://radar.offseq.com/threat/cve-2026-30862-cwe-79-improper-neutralization-of-i-d918c60a #OffSeq #XSS #Appsmith #CVE2026_30862
##updated 2026-03-11T13:53:47.157000
2 posts
1 repos
[Security Advisory] CVE-2026-3288: ingress-nginx rewrite-target nginx configuration injection #devopsish https://groups.google.com/a/kubernetes.io/g/dev/c/NoW4Ollgoxc/m/m1to2nAqAAAJ?utm_medium=email&utm_source=footer
##🟠 CVE-2026-3288 - High (8.8)
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-ngin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3288/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:53:47.157000
2 posts
🚨 CVE-2026-0846: HIGH severity absolute path traversal in nltk v3.9.2 (filestring()). Remote attackers can read files if user input isn’t sanitized. Patch when available & validate inputs! https://radar.offseq.com/threat/cve-2026-0846-cwe-36-absolute-path-traversal-in-nl-799595df #OffSeq #nltk #vuln #infosec
##🟠 CVE-2026-0846 - High (8.6)
A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, en...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0846/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:53:20.707000
1 posts
updated 2026-03-11T13:53:20.707000
1 posts
🟠 CVE-2026-26113 - High (8.4)
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26113/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:53:20.707000
1 posts
🟠 CVE-2026-26121 - High (7.5)
Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:53:20.707000
1 posts
🟠 CVE-2026-27269 - High (7.8)
Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27269/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:53:20.707000
1 posts
🟠 CVE-2026-26141 - High (7.8)
Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26141/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:53:20.707000
3 posts
🔴 CVE-2026-30957 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30957 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30957 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:53:20.707000
2 posts
1 repos
🟠 CVE-2026-30944 - High (8.8)
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user (at least Editor) to generate API tokens for any other user, incl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30944 - High (8.8)
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user (at least Editor) to generate API tokens for any other user, incl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:53:20.707000
1 posts
🔴 CVE-2026-30956 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by sending a forged is-multi-tenant-query header togethe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:53:20.707000
1 posts
🟠 CVE-2026-30978 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-use-after-free in CIccCmm::AddXform() causing invalid vptr dereference and crash. This vulnerability is fixed in 2.3.1.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30978/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:53:20.707000
2 posts
🔴 CVE-2026-3843 - Critical (9.8)
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3843/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3843 - Critical (9.8)
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3843/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:53:20.707000
1 posts
🟠 CVE-2026-31792 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag() causing a segmentation fault or denial of service. This vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31792/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:53:20.707000
1 posts
🟠 CVE-2026-3483 - High (7.8)
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3483/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T13:52:47.683000
2 posts
🟠 CVE-2026-1708 - High (7.5)
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the `db_where_conditions` method in the `TD_D...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1708/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1708 - High (7.5)
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the `db_where_conditions` method in the `TD_D...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1708/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T12:31:30
2 posts
🟠 CVE-2026-1993 - High (8.8)
The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the `update_settings()` function accepting arbitrary plugin setting names without a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1993/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1993 - High (8.8)
The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the `update_settings()` function accepting arbitrary plugin setting names without a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1993/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T12:31:29
2 posts
🟠 CVE-2026-1992 - High (8.8)
The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the `store_settings()` method in the `ExactMetrics_Onboarding` class accepting a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1992/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1992 - High (8.8)
The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the `store_settings()` method in the `ExactMetrics_Onboarding` class accepting a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1992/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T09:32:00
2 posts
🟠 CVE-2026-31844 - High (8.8)
An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A lo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31844/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31844 - High (8.8)
An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A lo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31844/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T09:32:00
3 posts
🔴 CVE-2026-3826 - Critical (9.8)
IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3826/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3826 - Critical (9.8)
IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3826/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-3826 (CRITICAL): WellChoose IFTOP PHP LFI lets unauthenticated attackers execute remote code. No patch yet. Isolate affected systems & monitor for LFI attempts. Act now to avoid full compromise! https://radar.offseq.com/threat/cve-2026-3826-cwe-98-improper-control-of-filename--e68c5a28 #OffSeq #Infosec #PHP #Vulnerability
##updated 2026-03-11T06:31:47
2 posts
🟠 CVE-2025-13067 - High (8.8)
The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insufficient file type validation detecting files named main.php, allowing a file with such a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13067/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-13067 - High (8.8)
The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insufficient file type validation detecting files named main.php, allowing a file with such a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13067/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T06:31:47
2 posts
2 repos
🟠 CVE-2026-2413 - High (7.5)
The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the `get_global...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2413/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2413 - High (7.5)
The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user-supplied URL parameter in the `get_global...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2413/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T06:31:47
3 posts
🔴 CVE-2026-24448 - Critical (9.8)
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24448/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24448 - Critical (9.8)
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24448/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24448 (CRITICAL, CVSS 9.8): Micro Research MR-GM5L-S1/MR-GM5A-L1 devices contain hard-coded credentials, allowing admin access w/o authentication. Update firmware to v2.01.04N1_02 ASAP! https://radar.offseq.com/threat/cve-2026-24448-use-of-hard-coded-credentials-in-mi-455b658d #OffSeq #CVE #IoTSecurity #Vuln
##updated 2026-03-11T06:31:47
2 posts
🟠 CVE-2026-3222 - High (7.5)
The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location_id' parameter in all versions up to, and including, 4.9.1. This is due to the plugin's database abstraction layer (`FlipperCode_Model_Base::is_colum...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3222/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3222 - High (7.5)
The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location_id' parameter in all versions up to, and including, 4.9.1. This is due to the plugin's database abstraction layer (`FlipperCode_Model_Base::is_colum...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3222/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T06:31:47
1 posts
🚨 CRITICAL vuln: CVE-2026-29515 in MiCode FileExplorer (all versions). FTP auth bypass via SwiFTP — any credentials grant access to read, write, or delete files. No patch; restrict FTP access ASAP! https://radar.offseq.com/threat/cve-2026-29515-cwe-303-incorrect-implementation-of-ff84fc0e #OffSeq #Vuln #MiCode #CVE202629515
##updated 2026-03-11T06:31:41
3 posts
🔴 CVE-2026-27842 - Critical (9.8)
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27842/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-27842 - Critical (9.8)
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27842/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚩 CVE-2026-27842 (CRITICAL, CVSS 9.8): Auth bypass in Micro Research MR-GM5L-S1 & MR-GM5A-L1 (pre-v2.01.04N1_02). Remote attackers can reconfigure devices. Patch ASAP & segment networks! Details: https://radar.offseq.com/threat/cve-2026-27842-authentication-bypass-using-an-alte-4a1f7ba8 #OffSeq #Vulnerability #IoTSecurity
##updated 2026-03-11T03:31:39
2 posts
🟠 CVE-2026-21311 - High (8)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21311/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21311 - High (8)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21311/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T03:31:39
2 posts
🟠 CVE-2026-21309 - High (7.5)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21309/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21309 - High (7.5)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21309/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T03:31:39
2 posts
🟠 CVE-2026-3453 - High (8.1)
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the change_plan_sub_id parameter in the process_checkout() functi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3453/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3453 - High (8.1)
The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on the change_plan_sub_id parameter in the process_checkout() functi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3453/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T03:31:39
2 posts
🟠 CVE-2026-21361 - High (8.1)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vvulnerability that could be abused by a high-privileged attacker to inject malicious scripts...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21361/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21361 - High (8.1)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vvulnerability that could be abused by a high-privileged attacker to inject malicious scripts...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21361/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T03:31:38
2 posts
🟠 CVE-2026-21284 - High (8.1)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21284/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21284 - High (8.1)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21284/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:33:20
1 posts
🟠 CVE-2026-26738 - High (7.8)
Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26738/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:33:19
1 posts
🚨 CRITICAL: CVE-2026-3823 exposes Atop EHG2408 switches to unauthenticated RCE via stack-based buffer overflow. No patch yet — segment, restrict access, and monitor traffic. Full device compromise risk. https://radar.offseq.com/threat/cve-2026-3823-cwe-121-stack-based-buffer-overflow--68d582bc #OffSeq #ICS #Vuln #OTSecurity
##updated 2026-03-10T21:32:24
1 posts
🟠 CVE-2026-27276 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27276/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:24
1 posts
🟠 CVE-2026-27275 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27275/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:24
1 posts
🟠 CVE-2026-27280 - High (7.8)
DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27280/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:17
1 posts
🟠 CVE-2026-27277 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27277/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:17
2 posts
🟠 CVE-2026-27279 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27279/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27279 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27279/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:58:35.607000
1 posts
2 repos
🟠 CVE-2025-69219 - High (8.8)
A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airfl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69219/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:48:52.193000
1 posts
🔔 CVE-2026-3630: CRITICAL stack-based buffer overflow in DeltaWW COMMGR2 (CVSS 9.8). Remote, unauthenticated RCE risk — no patch yet. Segment & restrict network access, monitor for exploits. More: https://radar.offseq.com/threat/cve-2026-3630-cwe-121-stack-based-buffer-overflow--c00e7f15 #OffSeq #ICS #Vulnerability #OTsecurity
##updated 2026-03-10T18:48:50
2 posts
1 repos
🟠 CVE-2026-27826 - High (8.2)
MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound H...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27826/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27826 - High (8.2)
MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound H...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27826/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:44:35
1 posts
🟠 CVE-2026-30934 - High (8.9)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields (e.g., title, description) that are rendered into HTML for /public/share/ without context-aw...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30934/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:44:25
2 posts
🔴 CVE-2026-30921 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30921/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30921 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30921/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:44:15
2 posts
🟠 CVE-2026-30920 - High (8.6)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installation_id values and updates Project.gitHubAppInstallationId with isRoot: true withou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30920/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30920 - High (8.6)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installation_id values and updates Project.gitHubAppInstallationId with isRoot: true withou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30920/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:43:20
1 posts
🚨 CRITICAL: CVE-2026-30869 affects SiYuan (< 3.5.10) — path traversal via /export lets attackers read sensitive files (API tokens, keys). Patch to 3.5.10+ now! No auth needed. All admins review configs. https://radar.offseq.com/threat/cve-2026-30869-cwe-22-improper-limitation-of-a-pat-98459c9d #OffSeq #CVE202630869 #infosec
##updated 2026-03-10T18:38:58
4 posts
CVE-2026-28292: simple-git Remote Code Execution - Case-Sensitivity Bypass (CVSS 9.8)
https://www.codeant.ai/security-research/simple-git-remote-code-execution-cve-2026-28292
Short summary: https://hackerworkspace.com/article/cve-2026-28292-simple-git-remote-code-execution-case-sensitivity-bypass-cvss-9-8
##CVE-2026-28292: simple-git Remote Code Execution - Case-Sensitivity Bypass (CVSS 9.8)
https://www.codeant.ai/security-research/simple-git-remote-code-execution-cve-2026-28292
Short summary: https://hackerworkspace.com/article/cve-2026-28292-simple-git-remote-code-execution-case-sensitivity-bypass-cvss-9-8
##CVE-2026-28292: RCE in simple-git via case-sensitivity bypass (CVSS 9.8) https://www.codeant.ai/security-research/security-research-simple-git-remote-code-execution-cve-2026-28292
##🔴 CVE-2026-28292 - Critical (9.8)
`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:32:20
1 posts
🟠 CVE-2026-30910 - High (7.5)
Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows.
Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:31
1 posts
🟠 CVE-2026-26128 - High (7.8)
Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26128/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:31
1 posts
🟠 CVE-2026-26134 - High (7.8)
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26134/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:31
2 posts
🟠 CVE-2026-3845 - High (8.8)
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3845/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3845 - High (8.8)
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3845/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:30
5 posts
CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover
https://cymulate.com/blog/cve-2026-26117-azure-arc-windows-lpe-cloud-identity-takeover/
##CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover
https://cymulate.com/blog/cve-2026-26117-azure-arc-windows-lpe-cloud-identity-takeover/
##CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover https://cymulate.com/blog/cve-2026-26117-azure-arc-windows-lpe-cloud-identity-takeover/
##CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover https://cymulate.com/blog/cve-2026-26117-azure-arc-windows-lpe-cloud-identity-takeover/
##🟠 CVE-2026-26117 - High (7.8)
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26117/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:30
5 posts
Common architectural pattern across four Q1 2026 AI assistant vulnerabilities (CVE-2026-26144, CVE-2026-0628, CVE-2026-24307, PleaseFix) https://blog.barrack.ai/ai-copilot-attack-surface/
##Common architectural pattern across four Q1 2026 AI assistant vulnerabilities (CVE-2026-26144, CVE-2026-0628, CVE-2026-24307, PleaseFix) https://blog.barrack.ai/ai-copilot-attack-surface/
##Microsoft Flickentag 2026-03
Nach dem fetten Flickentag im Februar ist der für März wieder auf "normales" Maß geschrumpft. Mit den aktuellen Updates adressiert Microsoft (MS) 83 Sicherheitslücken. Von denen sind 8 als kritisch eingestuft. Von denen wiederum sticht eine (CVE-2026-26144) heraus. Ein führender Sicherheitsfachmann findet sie faszinierend. Es handelt sich um einen Fehler in Excel, nämlich "unzureichende Bereinigung von Eingaben". Der Leckerbissen besteht darin, dass ein Angreifer den Fehler nutzen kann, um mit Hilfe der KI Copilot von Ferne Informationen abzusaugen. Dafür sind keine Anmeldung oder Benutzerrechte
https://www.pc-fluesterer.info/wordpress/2026/03/11/microsoft-flickentag-2026-03/
#Empfehlung #Hintergrund #Warnung #0day #datenschutz #Microsoft #office #privacy #sicherheit #UnplugTrump #vorbeugen #unplugmicrosoft
##And don't miss our bug of the month! Each patch Tuesday we'll be selecting our very favorite patch to highlight. This month, it CVE-2026-26144 - a Critical-rated info disclosure in Excel that uses the Copilot Agent to exfiltrate data. Neat! https://youtube.com/shorts/r4EjP3JxYRk?feature=share
##🟠 CVE-2026-26144 - High (7.5)
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26144/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:30
1 posts
🟠 CVE-2026-26132 - High (7.8)
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26132/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:30
1 posts
🟠 CVE-2026-26148 - High (8.1)
External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26148/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:30
1 posts
🟠 CVE-2026-2339 - High (7.5)
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This issue affects Liderahenk: before v3.4.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2339/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:25
2 posts
Fortinet FortiManager vulnerability allows remote command execution
Fortinet has patched a high-severity stack-based buffer overflow in FortiManager (CVE-2025-54820) that allows remote unauthenticated attackers to execute unauthorized commands by sending crafted requests to the fgtupdates service.
**If you are using Fortinet FortiManager, plan a quick patch. In the interim, make sure the HTTP/HTTPS interface is isolated from the internet or disable fgtupdates in the system interface settings to close the attack vector.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-fortinet-fortimanager-vulnerability-allows-remote-command-execution-d-2-v-g-c/gD2P6Ple2L
Fortinet FortiManager vulnerability allows remote command execution
Fortinet has patched a high-severity stack-based buffer overflow in FortiManager (CVE-2025-54820) that allows remote unauthenticated attackers to execute unauthorized commands by sending crafted requests to the fgtupdates service.
**If you are using Fortinet FortiManager, plan a quick patch. In the interim, make sure the HTTP/HTTPS interface is isolated from the internet or disable fgtupdates in the system interface settings to close the attack vector.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-fortinet-fortimanager-vulnerability-allows-remote-command-execution-d-2-v-g-c/gD2P6Ple2L
updated 2026-03-10T18:31:25
1 posts
updated 2026-03-10T18:31:25
1 posts
updated 2026-03-10T18:31:24
2 posts
🚩 CVE-2026-2364: HIGH severity TOCTOU flaw in CODESYS Installer (all versions) lets local attackers escalate privileges via user-initiated updates. Restrict access & monitor until patch. No active exploits yet. https://radar.offseq.com/threat/cve-2026-2364-cwe-367-time-of-check-time-of-use-to-5eb858d5 #OffSeq #CODESYS #ICS #Vuln
###OT #Advisory VDE-2026-012
CODESYS Installer - Possible Privilege Escalation
Exploitation of this vulnerability can lead to a privilege escalation on the host system.
#CVE CVE-2026-2364
https://certvde.com/en/advisories/vde-2026-012/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-01_vde-2026-012.json
##updated 2026-03-10T18:31:24
1 posts
🔒 CVE-2026-1508 (HIGH): Court Reservation WordPress plugin <1.10.9 has a CSRF flaw — admins can be tricked into deleting events via crafted requests. No live exploits yet. Update ASAP or add nonce checks! https://radar.offseq.com/threat/cve-2026-1508-cwe-352-cross-site-request-forgery-c-cd03c8c6 #OffSeq #WordPress #CSRF #Infosec
##updated 2026-03-10T18:31:24
2 posts
#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230
An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/
#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json
###OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E
An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json
updated 2026-03-10T18:31:24
2 posts
#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230
An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/
#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json
###OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E
An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json
updated 2026-03-10T18:31:24
2 posts
#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230
An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/
#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json
###OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E
An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json
updated 2026-03-10T18:31:24
1 posts
🚨 CRITICAL: CVE-2026-0953 impacts all versions of themeum Tutor LMS Pro for WordPress. Flawed Social Login lets attackers bypass authentication using valid OAuth tokens + victim’s email. Admin accounts at risk. Patch or restrict access! https://radar.offseq.com/threat/cve-2026-0953-cwe-287-improper-authentication-in-t-965fa126 #OffSeq #WordPress #Infosec
##updated 2026-03-10T18:31:24
1 posts
🚨 CRITICAL: CVE-2026-27685 in SAP NetWeaver EP-RUNTIME 7.50 (Admin) enables privileged users to upload malicious serialized data — risking full system compromise. Restrict uploads, monitor privileged actions, patch ASAP! https://radar.offseq.com/threat/cve-2026-27685-cwe-502-deserialization-of-untruste-36704129 #OffSeq #SAP #CVE #InfoSec
##updated 2026-03-10T15:31:30
5 posts
CISA flips the switch: Ivanti EPM (CVE-2026-1603) is under active exploit. A low-complexity XSS allows total authentication bypass with zero user interaction. If your EPM is internet-facing, the "Master Key" is compromised. Get the Strategic Arsenal now. #CyberSecurity #Ivanti #KEV
##CISA Warns of Active Exploitation in Ivanti Endpoint Manager Authentication Bypass
CISA added an Ivanti Endpoint Manager authentication bypass vulnerability (CVE-2026-1603) to its catalog of known exploited flaws after reports of active use by threat actors.
**If you use Ivanti Endpoint Manager, now patching is urgent. Update to 2024 SU5 immediately because attackers are already using this flaw to take over management servers.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-warns-of-active-exploitation-in-ivanti-endpoint-manager-authentication-bypass-u-5-u-l-k/gD2P6Ple2L
🚨 [CISA-2026:0309] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0309)
CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-22054 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22054)
- Name: Omnissa Workspace ONE Server-Side Request Forgery
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Omnissa
- Product: Workspace One UEM
- Notes: https://web.archive.org/web/20211222154335/https://www.vmware.com/security/advisories/VMSA-2021-0029.html ; https://nvd.nist.gov/vuln/detail/CVE-2021-22054
⚠️ CVE-2025-26399 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-26399)
- Name: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 ; https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-26399
⚠️ CVE-2026-1603 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- Name: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ivanti
- Product: Endpoint Manager (EPM)
- Notes: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260309 #cisa20260309 #cve_2021_22054 #cve_2025_26399 #cve_2026_1603 #cve202122054 #cve202526399 #cve20261603
##CVE ID: CVE-2026-1603
Vendor: Ivanti
Product: Endpoint Manager (EPM)
Date Added: 2026-03-09
Notes: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-1603
CISA has updated the KEV catalogue https://www.cisa.gov/news-events/alerts/2026/03/09/cisa-adds-three-known-exploited-vulnerabilities-catalog
- CVE-2021-22054: Omnissa Workspace ONE Server-Side Request Forgery
- CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- CVE-2026-1603 Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability #CISA #infosec #vulnerability
##updated 2026-03-10T14:04:01.353000
1 posts
🔴 CVE-2026-27005 - Critical (9.8)
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against databases con...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27005/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:32:45
1 posts
🟠 CVE-2025-70238 - High (7.5)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70238/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:31:49
1 posts
CVE-2026-3638 (HIGH): Devolutions Server ≤ 2025.3.11.0 has missing authorization in restore APIs — low-priv users can reinstate deleted accounts, risking privilege escalation. Restrict API access & monitor logs! https://radar.offseq.com/threat/cve-2026-3638-cwe-862-missing-authorization-in-dev-87162fbb #OffSeq #Devolutions #AppSec
##updated 2026-03-09T21:31:33
5 posts
1 repos
CISA Mandates Emergency Patching for SolarWinds Web Help Desk Vulnerabilities
CISA has shortened the patch deadline for an actively exploited critical SolarWinds Web Help Desk vulnerabilities, including CVE-2025-26399.
**When a federal agency shortens a patch deadline to just a few days, it means the product is actively and successfuly hacked. Treat your SolarWinds as an immediate priority, patch and ideally if possible isolate your help desk software from the public internet.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-mandates-emergency-patching-for-solarwinds-web-help-desk-vulnerabilities-q-x-y-6-r/gD2P6Ple2L
CISA shortens patch deadline for critical Ivanti, SolarWinds bugs
The Cybersecurity and Infrastructure Security Agency (CISA) gave all federal civilian agencies until Thursday to patch CVE-2025-26399 — a critical...
🔗️ [Therecord] https://link.is.it/pp8jNp
##🚨 [CISA-2026:0309] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0309)
CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-22054 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22054)
- Name: Omnissa Workspace ONE Server-Side Request Forgery
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Omnissa
- Product: Workspace One UEM
- Notes: https://web.archive.org/web/20211222154335/https://www.vmware.com/security/advisories/VMSA-2021-0029.html ; https://nvd.nist.gov/vuln/detail/CVE-2021-22054
⚠️ CVE-2025-26399 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-26399)
- Name: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 ; https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-26399
⚠️ CVE-2026-1603 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- Name: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ivanti
- Product: Endpoint Manager (EPM)
- Notes: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260309 #cisa20260309 #cve_2021_22054 #cve_2025_26399 #cve_2026_1603 #cve202122054 #cve202526399 #cve20261603
##CVE ID: CVE-2025-26399
Vendor: SolarWinds
Product: Web Help Desk
Date Added: 2026-03-09
Notes: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 ; https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-26399
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-26399
CISA has updated the KEV catalogue https://www.cisa.gov/news-events/alerts/2026/03/09/cisa-adds-three-known-exploited-vulnerabilities-catalog
- CVE-2021-22054: Omnissa Workspace ONE Server-Side Request Forgery
- CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- CVE-2026-1603 Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability #CISA #infosec #vulnerability
##updated 2026-03-09T21:31:33
3 posts
1 repos
🚨 [CISA-2026:0309] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0309)
CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-22054 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22054)
- Name: Omnissa Workspace ONE Server-Side Request Forgery
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Omnissa
- Product: Workspace One UEM
- Notes: https://web.archive.org/web/20211222154335/https://www.vmware.com/security/advisories/VMSA-2021-0029.html ; https://nvd.nist.gov/vuln/detail/CVE-2021-22054
⚠️ CVE-2025-26399 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-26399)
- Name: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 ; https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-26399
⚠️ CVE-2026-1603 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- Name: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ivanti
- Product: Endpoint Manager (EPM)
- Notes: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260309 #cisa20260309 #cve_2021_22054 #cve_2025_26399 #cve_2026_1603 #cve202122054 #cve202526399 #cve20261603
##CVE ID: CVE-2021-22054
Vendor: Omnissa
Product: Workspace One UEM
Date Added: 2026-03-09
Notes: https://web.archive.org/web/20211222154335/https://www.vmware.com/security/advisories/VMSA-2021-0029.html ; https://nvd.nist.gov/vuln/detail/CVE-2021-22054
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2021-22054
CISA has updated the KEV catalogue https://www.cisa.gov/news-events/alerts/2026/03/09/cisa-adds-three-known-exploited-vulnerabilities-catalog
- CVE-2021-22054: Omnissa Workspace ONE Server-Side Request Forgery
- CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- CVE-2026-1603 Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability #CISA #infosec #vulnerability
##updated 2026-03-09T21:20:56.980000
1 posts
🔴 CVE-2026-28802 - Critical (9.8)
Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verificat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28802/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T19:16:00.890000
1 posts
🟠 CVE-2025-70363 - High (7.5)
Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70363/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T18:32:49
1 posts
🟠 CVE-2026-3038 - High (7.5)
The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length field had already been val...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3038/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T18:31:50
1 posts
🟠 CVE-2026-3588 - High (7.5)
A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3588/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T18:31:49
1 posts
🟠 CVE-2025-70047 - High (7.5)
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70047/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T18:31:49
1 posts
🟠 CVE-2026-25866 - High (7.8)
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25866/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T17:42:26
1 posts
1 repos
🔴 CVE-2026-30863 - Critical (9.8)
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30863/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T15:48:28
1 posts
Critical 1-Click Account Takeover Vulnerability Patched in ZITADEL IAM Platform
ZITADEL patched a critical XSS vulnerability (CVE-2026-29191) that allows unauthenticated attackers to take over user accounts via a single-click malicious link. The flaw can lead to unauthorized password resets.
**If you are using ZITADEL, this is important. Plan a very quick update to version 4.12.0 because your users will be hacked, the full exploit instruction is already public. If you cannot patch today, block the /saml-post endpoint at your firewall and ensure MFA is active for all users.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-1-click-account-takeover-vulnerability-patched-in-zitadel-iam-platform-1-1-6-i-0/gD2P6Ple2L
updated 2026-03-09T15:30:48
1 posts
Mozilla Firefox Focus for iOS.. interesting version jump from 143.0 to 148.2 today
current release fixes CVE-2026-2919
Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability affects Focus for iOS < 148.2.
https://www.mozilla.org/en-US/security/advisories/mfsa2026-18/
https://hecate.pw/vulnerability/CVE-2026-2919
updated 2026-03-09T15:30:43
1 posts
🟠 CVE-2026-2219 - High (7.5)
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite lo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2219/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T22:37:22
1 posts
3 repos
https://github.com/weefunker/CVE-2026-27944-Lab
Critical Nginx UI flaw CVE-2026-27944 exposes server backups https://securityaffairs.com/189123/security/critical-nginx-ui-flaw-cve-2026-27944-exposes-server-backups.html
##updated 2026-03-05T22:28:33
1 posts
Critical Gogs Vulnerability Enables Silent Supply-Chain Attacks via LFS Overwrites
Gogs patched a critical vulnerability (CVE-2026-25921) that allows unauthenticated attackers to overwrite Git Large File Storage (LFS) objects across repositories, enabling silent supply-chain attacks.
**If you are using Gogs, this is important, and if you have public access or registration to Gogs, it's urgent. Attackers can exploit this flaw to inject their malicious versions of binaries. You should not only update to version 0.14.2 ASAP and verify the integrity of your existing large files to ensure they haven't been replaced with malicious versions.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-gogs-vulnerability-enables-silent-supply-chain-attacks-via-lfs-overwrites-g-z-x-s-r/gD2P6Ple2L
updated 2026-03-03T21:31:13
2 posts
1 repos
https://github.com/automate-it0/qualcomm-vulnerability-scanner
⚪️ Android patches 0‑day vulnerability linked to Qualcomm components
🗨️ Google experts have released the March security updates for Android, fixing a total of 129 vulnerabilities. Among them is a 0‑day issue in a Qualcomm component that is already being used in real-world attacks. The vulnerability has been assigned the…
##Latest Geopolitical, Technology, and Cybersecurity Update (March 6-7, 2026):
Russia is reportedly sharing intelligence with Iran to target US forces in the Middle East, escalating tensions. Cybersecurity faces critical threats as a Cisco SD-WAN flaw (CVE-2026-20127) has been exploited since 2023, and a Qualcomm zero-day (CVE-2026-21385) affects 234 chipsets. Meanwhile, rapid AI advancements are intensifying regulatory debates globally.
##updated 2026-02-27T19:12:25.640000
4 posts
🟠 CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-25T22:42:37
1 posts
1 repos
Critical SSRF Vulnerability Patched in Angular Server-Side Rendering
Angular patched a critical SSRF vulnerability (CVE-2026-27739) in its SSR framework that allows attackers to redirect server-side requests to malicious or internal destinations by manipulating HTTP headers.
**If you are using Angular, this is important and urgent. Check your package.json for the possibly risky versions of the libraries, and either patch or sanitize the headers. Always validate incoming headers against a strict allowlist and avoid using client-provided data to build internal request URLs.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-ssrf-vulnerability-patched-in-angular-server-side-rendering-n-2-c-r-e/gD2P6Ple2L
updated 2026-02-25T18:31:45
2 posts
6 repos
https://github.com/zerozenxlabs/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE
https://github.com/abrahamsurf/sdwan-scanner-CVE-2026-20127
https://github.com/leemuun/CVE-2026-20127
https://github.com/sfewer-r7/CVE-2026-20127
https://github.com/BugFor-Pings/CVE-2026-20127_EXP
https://github.com/yonathanpy/CVE-2026-20127-Cisco-SD-WAN-Preauth-RCE
WatchTowr reports seeing exploitation attempts for CVE-2026-20127 from numerous unique IP addresses. https://www.securityweek.com/recent-cisco-catalyst-sd-wan-vulnerability-now-widely-exploited/
##Latest Geopolitical, Technology, and Cybersecurity Update (March 6-7, 2026):
Russia is reportedly sharing intelligence with Iran to target US forces in the Middle East, escalating tensions. Cybersecurity faces critical threats as a Cisco SD-WAN flaw (CVE-2026-20127) has been exploited since 2023, and a Qualcomm zero-day (CVE-2026-21385) affects 234 chipsets. Meanwhile, rapid AI advancements are intensifying regulatory debates globally.
##updated 2026-02-11T15:31:25
1 posts
12 repos
https://github.com/uky007/CVE-2026-20841_notepad_analysis
https://github.com/atiilla/CVE-2026-20841
https://github.com/EleniChristopoulou/PoC-CVE-2026-20841
https://github.com/hackfaiz/CVE-2026-20841-PoC
https://github.com/hamzamalik3461/CVE-2026-20841
https://github.com/tangent65536/CVE-2026-20841
https://github.com/patchpoint/CVE-2026-20841
https://github.com/RajaUzairAbdullah/CVE-2026-20841
https://github.com/BTtea/CVE-2026-20841-PoC
https://github.com/SecureWithUmer/CVE-2026-20841
Microsoft turned Notepad into a "smart" AI assistant and accidentally handed hackers a "one-click" execution engine. Here is the technical breakdown of CVE-2026-20841 and why feature creep is killing your security. 🛑💻
##updated 2026-02-10T19:28:57.427000
1 posts
⚪️ Android patches 0‑day vulnerability linked to Qualcomm components
🗨️ Google experts have released the March security updates for Android, fixing a total of 129 vulnerabilities. Among them is a 0‑day issue in a Qualcomm component that is already being used in real-world attacks. The vulnerability has been assigned the…
##updated 2026-01-23T00:31:24
2 posts
Common architectural pattern across four Q1 2026 AI assistant vulnerabilities (CVE-2026-26144, CVE-2026-0628, CVE-2026-24307, PleaseFix) https://blog.barrack.ai/ai-copilot-attack-surface/
##Common architectural pattern across four Q1 2026 AI assistant vulnerabilities (CVE-2026-26144, CVE-2026-0628, CVE-2026-24307, PleaseFix) https://blog.barrack.ai/ai-copilot-attack-surface/
##updated 2026-01-15T00:31:44
1 posts
Lenovo released all patches for the Vantage vulnerabilities I reported earlier this year. The blog has been updated with write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.
##updated 2026-01-14T16:25:12.057000
1 posts
Steam Deck just posted:
SteamOS 3.7.20
SteamOS 3.7.20 has just been released for all users with the following changes previously in Beta:GeneralAdded ntsync driverNon-DeckEnabled polkit for the InputPlumber dbus interface and resolved a potential race condition for the InputPlumber interface, addressing CVE-2025-66005 and CVE-2025-14338
https://store.steampowered.com/news/app/1675200/view/502851820603836934
##updated 2026-01-14T12:31:48
1 posts
Steam Deck just posted:
SteamOS 3.7.20
SteamOS 3.7.20 has just been released for all users with the following changes previously in Beta:GeneralAdded ntsync driverNon-DeckEnabled polkit for the InputPlumber dbus interface and resolved a potential race condition for the InputPlumber interface, addressing CVE-2025-66005 and CVE-2025-14338
https://store.steampowered.com/news/app/1675200/view/502851820603836934
##updated 2026-01-12T16:48:33.560000
2 posts
2 repos
Common architectural pattern across four Q1 2026 AI assistant vulnerabilities (CVE-2026-26144, CVE-2026-0628, CVE-2026-24307, PleaseFix) https://blog.barrack.ai/ai-copilot-attack-surface/
##Common architectural pattern across four Q1 2026 AI assistant vulnerabilities (CVE-2026-26144, CVE-2026-0628, CVE-2026-24307, PleaseFix) https://blog.barrack.ai/ai-copilot-attack-surface/
##updated 2025-09-29T00:30:35
2 posts
Critical Vulnerabilities in Apeman ID71 Cameras Allow Remote Takeover
CISA warned of three vulnerabilities in Apeman ID71 cameras, including a critical credential exposure (CVE-2025-11126), that allow remote attackers to take full control of devices and view private feeds.
**If you are using Apeman ID71, this is urgent - there's a PoC exploit already available so hackers are probably already looking for these devices. Isolate these cameras from the internet immediately and use a VPN for any necessary remote access. Because the vendor is not providing patches, you should consider replacing these devices with a more secure, supported brand.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-in-apeman-id71-cameras-allow-remote-takeover-2-r-s-f-e/gD2P6Ple2L
Critical Vulnerabilities in Apeman ID71 Cameras Allow Remote Takeover
CISA warned of three vulnerabilities in Apeman ID71 cameras, including a critical credential exposure (CVE-2025-11126), that allow remote attackers to take full control of devices and view private feeds.
**If you are using Apeman ID71, this is urgent - there's a PoC exploit already available so hackers are probably already looking for these devices. Isolate these cameras from the internet immediately and use a VPN for any necessary remote access. Because the vendor is not providing patches, you should consider replacing these devices with a more secure, supported brand.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-in-apeman-id71-cameras-allow-remote-takeover-2-r-s-f-e/gD2P6Ple2L
updated 2025-06-10T00:30:36
1 posts
Medium-severity advisory from AMD:
CVE-2025-0037: Versal Adaptive SoC – Overwriting Protected Memory Regions through PLM Firmware https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8010.html
A long list of advisories from Adobe: https://helpx.adobe.com/security/security-bulletin.html
Dell patches for multiple vulnerabilities:
Security Update for Dell Connectrix B-Series SANnav Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000437875/dsa-2026-088-security-update-for-dell-connectrix-b-series-sannav-vulnerabilities
Security Update for Dell Connectrix B-Series FOS and SANnav Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000437867/dsa-2026-087-security-update-for-dell-connectrix-b-series-fos-and-sannav-vulnerabilities
Security Update for Dell Avamar Data Store Gen5A Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000437829/dsa-2026-086-security-update-for-dell-avamar-data-store-gen5a-multiple-third-party-component-vulnerabilities #Dell
#infosec #vulnerability #AMD #Adobe
updated 2025-04-01T23:03:12
1 posts
🔴 CVE-2026-28292 - Critical (9.8)
`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2023-08-17T05:02:31
1 posts
🔴 CVE-2026-28292 - Critical (9.8)
`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Analyzing "Zombie Zip" Files (CVE-2026-0866)
#CVE_2026_0866
https://isc.sans.edu/diary/rss/32786
Analyzing "Zombie Zip" Files (CVE-2026-0866)
#CVE_2026_0866
https://isc.sans.edu/diary/rss/32786
Analyzing "Zombie Zip" (CVE-2026-0866) https://isc.sans.edu/diary/32786
##[ #VULN ] "Zombie ZIP : cette technique d'évasion rend aveugles les antivirus"
CVE-2026-0866
⬇️
"Découverte par Chris Aziz, chercheur en sécurité chez Bombadil Systems, la technique Zombie ZIP abuse de la confiance accordée aux moteurs d'analyse à l'en-tête des fichiers ZIP. En effet, cette attaque consiste à manipuler l'en-tête du fichier ZIP de façon à altérer le champ déterminant la méthode de compression au sein de l'archive.
La technique Zombie ZIP consiste à indiquer que les données sont stockées sans aucune compression (méthode STORED ou Method=0), alors que c'est faux ! Le fichier malveillant est bel et bien compressé via l'algorithme standard DEFLATE."
👇
https://www.it-connect.fr/zombie-zip-cette-technique-devasion-rend-aveugles-les-antivirus/
(NDR yet another) " #ZIP format confusion technique that evades 98% of #antivirus engines."
⬇️
CVE-2026-0866 | VU#976247 | Published March 10, 2026
👇
https://github.com/bombadil-systems/zombie-zip?tab=readme-ov-file
🟠 CVE-2026-31870 - High (7.5)
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API (httplib::stream::Get, httplib::stream::Post, etc.), the library calls std::stoull() directly on th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31870/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31870 - High (7.5)
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API (httplib::stream::Get, httplib::stream::Post, etc.), the library calls std::stoull() directly on th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31870/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31852 - Critical (10)
Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions (nearly...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31852/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31852 - Critical (10)
Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions (nearly...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31852/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21888 - High (7.5)
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. Thi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21888/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21888 - High (7.5)
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. Thi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21888/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21888 - High (7.5)
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. Thi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21888/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21888 - High (7.5)
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. Thi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21888/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Critical Authentication Bypass in Honeywell IQ4x BMS Controllers Allows Remote Takeover
Honeywell IQ4x BMS controllers contain a maximum severity critical vulnerability (CVE-2026-3611) that allows unauthenticated attackers to create administrative accounts and take full control of building management systems.
**If you are using Honeywell IQ4x Building Management System (or any BMS), make sure it's isolated from the internet and accessible only from trusted networks. Then reach out to Honeywell for updates. Don't wait to isolate your systems. This is maximum severity flaw, and it will be exploited very soon.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-honeywell-iq4x-bms-controllers-allows-remote-takeover-j-p-z-w-f/gD2P6Ple2L
🚨 CRITICAL: CVE-2026-28806 in nerves_hub_web ≤2.3.x allows authenticated users to take over devices/orgs via improper authorization. Upgrade to 2.4.0+ ASAP! Remote console: high risk of full compromise. https://radar.offseq.com/threat/cve-2026-28806-cwe-285-improper-authorization-in-n-d2ddfb8c #OffSeq #nerveshub #infosec #CVE202628806
###RocketChat has a critical authentication bypass vulnerability due to forgetting await keyword ("Users can login with any password via the EE ddp-streamer-servic" CVE-2026-28514):
https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-w6vw-mrgv-69vf
The vulnerability has been patched in RocketChat 8.0.0, 7.13.3, 7.12.4, 7.11.4, 7.10.7, 7.9.8 and 7.8.6.
These issues were discovered by an AI agent developed by the GitHub Security Lab and reviewed by GHSL team members Peter Stöckli and Man Yue Mo.
I often voice my dislike of misguided AI use. This right here is actually good use of AI.
##Sign in with ANY password into Rocket.Chat EE (CVE-2026-28514) and other vulnerabilities we’ve found with our open source AI framework https://github.blog/security/how-to-scan-for-vulnerabilities-with-github-security-labs-open-source-ai-powered-framework/
##🟠 CVE-2026-30983 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml() (strcpy) causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30983/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30983 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml() (strcpy) causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30983/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30979 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() triggered with local user interaction causing memory corrupt...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30979/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30985 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash. This vulnerability is fixe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30985/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30987 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum::GetValues() causing stack memory corruption or crash. This vulnerability is fixed in 2.3...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30987/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31795 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply() corrupting stack memory or crash. This vulnerability is fixed in 2.3.1.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31795/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31796 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in icCurvesFromXml() causing heap memory corruption or crash. This vulnerability is fixed in 2.3.1.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31796/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30918 - High (7.6)
facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP responses in a way that could lead to vulnerab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30918/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27603 - High (7.5)
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the chart filter endpoint POST /project/:project_id/chart/:chart_id/filter is missing both verif...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27603/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28693 - High (8.1)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28693/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28691 - High (7.5)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. This vul...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28691/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-28431 (CRITICAL, CVSS 9.2) in Misskey (8.45.0 – <2026.3.1): Improper authorization allows unauthenticated data access. Patch to 2026.3.1 now! Review access controls and monitor logs. https://radar.offseq.com/threat/cve-2026-28431-cwe-285-improper-authorization-in-m-e4688f7e #OffSeq #Misskey #Vuln #InfoSec
##🔴 CVE-2026-30240 - Critical (9.6)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA (Progressive Web App) ZIP processing endpoint (POST /api/pwa/process-zip) allows an authenti...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30240 - Critical (9.6)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA (Progressive Web App) ZIP processing endpoint (POST /api/pwa/process-zip) allows an authenti...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31816 - Critical (9.1)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized() middleware that protects every server-side API endpoint can be completely bypassed by appending a w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31816/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31816 - Critical (9.1)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized() middleware that protects every server-side API endpoint can be completely bypassed by appending a w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31816/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25737 - High (8.9)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25737/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-62166 - High (7.5)
FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-62166/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##