| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-11911 | 7.5 | 0.00% | 2 | 0 | 2026-06-20T09:33:32 | The Simple File List plugin for WordPress is vulnerable to arbitrary file deleti | |
| CVE-2026-11912 | 7.5 | 0.00% | 2 | 1 | 2026-06-20T09:16:15.460000 | The Simple File List plugin for WordPress is vulnerable to arbitrary file modifi | |
| CVE-2026-9843 | 8.1 | 0.00% | 2 | 0 | 2026-06-20T02:16:26.910000 | The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress i | |
| CVE-2026-56082 | 7.5 | 0.00% | 2 | 0 | 2026-06-20T00:34:15 | Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnera | |
| CVE-2026-56081 | 9.1 | 0.00% | 4 | 0 | 2026-06-20T00:34:14 | Cap-go before 12.128.2 contains an authentication logic flaw that lets an attack | |
| CVE-2026-11551 | 9.8 | 0.00% | 4 | 2 | 2026-06-20T00:34:09 | The Branda plugin for WordPress is vulnerable to privilege escalation via accoun | |
| CVE-2026-56073 | 9.4 | 0.00% | 2 | 0 | 2026-06-20T00:34:08 | Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP ve | |
| CVE-2026-47645 | 8.8 | 0.00% | 1 | 0 | 2026-06-19T21:16:58.720000 | Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's B | |
| CVE-2026-42824 | 6.5 | 0.50% | 1 | 0 | 2026-06-19T21:16:42.893000 | Missing authentication for critical function in M365 Copilot allows an unauthori | |
| CVE-2026-12398 | 7.5 | 0.89% | 1 | 0 | 2026-06-19T20:48:07 | A command injection vulnerability was found in galaxy_ng. The do_git_checkout() | |
| CVE-2026-56099 | 5.3 | 0.00% | 2 | 0 | 2026-06-19T18:33:37 | OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulner | |
| CVE-2026-11718 | None | 0.20% | 1 | 0 | 2026-06-19T16:59:28 | An authentication bypass vulnerability exists in the generic opaque token valida | |
| CVE-2026-11717 | None | 0.19% | 1 | 0 | 2026-06-19T16:58:23 | An authentication bypass vulnerability exists in the generic opaque token valida | |
| CVE-2026-43495 | 8.8 | 0.25% | 1 | 0 | 2026-06-19T13:16:30.457000 | In the Linux kernel, the following vulnerability has been resolved: net: wwan: | |
| CVE-2026-46461 | 7.8 | 0.00% | 1 | 0 | 2026-06-19T08:16:16.840000 | Dell Server Hardware Manager, versions prior to 3.2.2, contains an Improper Acce | |
| CVE-2026-8713 | 9.1 | 0.00% | 2 | 0 | 2026-06-19T06:32:02 | The Avada (Fusion) Builder plugin for WordPress is vulnerable to arbitrary file | |
| CVE-2026-7515 | 9.8 | 0.00% | 1 | 2 | 2026-06-19T06:32:02 | The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in | |
| CVE-2026-54414 | 9.8 | 0.00% | 1 | 0 | 2026-06-19T06:32:02 | FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder uplo | |
| CVE-2026-54104 | 8.8 | 0.00% | 2 | 0 | 2026-06-19T06:17:09.720000 | The U.S. Government Accountability Office (GAO) Electronic Protest Docketing Sys | |
| CVE-2026-54103 | 9.8 | 0.00% | 3 | 0 | 2026-06-19T06:17:09.580000 | The U.S. Government Accountability Office (GAO) Electronic Protest Docketing Sys | |
| CVE-2026-12044 | 8.8 | 0.00% | 1 | 0 | 2026-06-19T00:31:46 | SQL injection in pgAdmin 4 across every dialog template that renders ``COMMENT O | |
| CVE-2026-47633 | 7.5 | 0.00% | 1 | 0 | 2026-06-19T00:31:41 | Exposure of sensitive information to an unauthorized actor in Cost Management In | |
| CVE-2026-40624 | 9.8 | 0.00% | 1 | 0 | 2026-06-19T00:16:47.693000 | Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras | |
| CVE-2026-12048 | 9.3 | 0.00% | 1 | 0 | 2026-06-19T00:16:47.200000 | Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-renderi | |
| CVE-2026-54130 | 9.8 | 0.00% | 1 | 0 | 2026-06-18T22:16:32.223000 | Missing authentication for critical function in M365 Copilot allows an unauthori | |
| CVE-2026-47647 | 9.9 | 0.00% | 1 | 0 | 2026-06-18T22:16:31.747000 | Improper access control in Microsoft Dynamics 365 allows an authorized attacker | |
| CVE-2026-32174 | 7.7 | 0.00% | 1 | 0 | 2026-06-18T22:16:30.290000 | Improper authentication in Azure Bot Service allows an authorized attacker to el | |
| CVE-2026-48937 | 5.3 | 0.00% | 1 | 0 | 2026-06-18T21:32:38 | A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data eve | |
| CVE-2026-49454 | 9.1 | 0.00% | 1 | 0 | 2026-06-18T21:16:29.920000 | Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and P | |
| CVE-2026-49252 | 9.9 | 0.00% | 1 | 0 | 2026-06-18T21:16:29.643000 | deepstream is a server that allows clients and backend services to sync data, se | |
| CVE-2026-53849 | 8.1 | 0.21% | 1 | 0 | 2026-06-18T20:36:32 | ### Summary Discord allowFrom could bind to mutable display names. In affected | |
| CVE-2026-53853 | 7.1 | 0.33% | 1 | 0 | 2026-06-18T20:33:23 | ### Summary OpenClaw's exec allowlist supported optional `argPattern` entries t | |
| CVE-2026-48814 | 9.1 | 0.30% | 1 | 0 | 2026-06-18T20:16:14.080000 | Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 a | |
| CVE-2026-53855 | 8.1 | 0.26% | 1 | 0 | 2026-06-18T20:12:14 | ### Summary Shell positional parameters could weaken strict inline-eval checks. | |
| CVE-2026-12317 | 7.5 | 0.29% | 1 | 0 | 2026-06-18T19:16:21.870000 | Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox | |
| CVE-2026-12312 | 7.5 | 0.25% | 1 | 0 | 2026-06-18T19:16:21.527000 | Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox | |
| CVE-2026-12310 | 7.5 | 0.25% | 1 | 0 | 2026-06-18T19:16:21.367000 | Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox | |
| CVE-2026-28573 | 5.5 | 0.15% | 1 | 0 | 2026-06-18T18:38:48.913000 | In AndroidManifest.xml, there is a possible persistent denial of service due to | |
| CVE-2026-20253 | 9.8 | 10.04% | 18 | 3 | template | 2026-06-18T18:35:18 | In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform |
| CVE-2026-54390 | 9.8 | 0.00% | 1 | 0 | 2026-06-18T18:16:19.943000 | JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection | |
| CVE-2026-55203 | 7.5 | 0.00% | 1 | 0 | 2026-06-18T17:16:34.373000 | HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vul | |
| CVE-2026-53864 | 8.1 | 0.25% | 1 | 0 | 2026-06-18T16:16:55.997000 | OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in | |
| CVE-2026-53857 | 8.1 | 0.21% | 1 | 0 | 2026-06-18T14:44:41.247000 | OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo | |
| CVE-2026-47103 | 9.8 | 0.80% | 1 | 0 | 2026-06-18T14:28:03 | ### Summary python-statemachine 3.1.2 evaluates `<data expr="...">` attributes | |
| CVE-2026-8024 | 9.8 | 0.55% | 2 | 0 | 2026-06-18T14:17:35.190000 | A remote, unauthenticated attacker may exploit a deserialization of untrusted da | |
| CVE-2026-55740 | 9.8 | 0.37% | 1 | 0 | 2026-06-18T14:17:33.980000 | Nur-Alam39 bus-ticket (no released versions; latest commit 459cabdbeb99c00225b26 | |
| CVE-2026-12569 | 0 | 0.50% | 1 | 1 | 2026-06-18T14:17:23.863000 | A critical remote code execution (RCE) vulnerability has been reported in PTC Wi | |
| CVE-2026-12530 | 7.3 | 0.30% | 1 | 0 | 2026-06-18T14:17:22.310000 | Improper neutralization of argument delimiters in the install_packages() method | |
| CVE-2026-12442 | 8.8 | 0.38% | 1 | 0 | 2026-06-18T13:46:17.917000 | Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 | |
| CVE-2026-55200 | 8.1 | 0.55% | 1 | 0 | 2026-06-18T04:17:02.430000 | libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write | |
| CVE-2026-53866 | 8.1 | 0.26% | 1 | 0 | 2026-06-18T04:17:02.290000 | OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell in | |
| CVE-2026-53843 | 8.8 | 0.27% | 1 | 0 | 2026-06-18T04:17:00.750000 | OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a | |
| CVE-2026-46850 | 9.9 | 0.48% | 1 | 0 | 2026-06-18T04:16:48.923000 | Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell for V | |
| CVE-2026-20181 | 9.1 | 0.57% | 7 | 0 | 2026-06-18T04:16:45 | A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote at | |
| CVE-2026-3894 | 0 | 0.20% | 1 | 1 | 2026-06-17T20:20:10.920000 | Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) al | |
| CVE-2026-20266 | 9.1 | 0.45% | 1 | 0 | 2026-06-17T20:17:50.620000 | In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk r | |
| CVE-2026-53805 | 9.8 | 0.69% | 1 | 0 | 2026-06-17T19:18:10.363000 | NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthenticated remote | |
| CVE-2026-47747 | 7.8 | 0.14% | 1 | 0 | 2026-06-17T19:18:08.253000 | stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable | |
| CVE-2026-48907 | 9.8 | 6.85% | 10 | 7 | template | 2026-06-17T18:36:17 | A vulnerability in the JCE editor extension for Joomla allows the creation of ne |
| CVE-2026-42530 | 8.1 | 0.76% | 7 | 3 | 2026-06-17T18:36:07 | NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGI | |
| CVE-2026-20190 | 7.5 | 0.37% | 4 | 0 | 2026-06-17T18:36:07 | A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote | |
| CVE-2026-42055 | 8.1 | 0.64% | 4 | 1 | 2026-06-17T18:36:07 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_m | |
| CVE-2026-2467 | None | 0.21% | 1 | 0 | 2026-06-17T18:35:58 | Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libra | |
| CVE-2026-12440 | 9.6 | 0.31% | 1 | 0 | 2026-06-17T18:35:53 | Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0. | |
| CVE-2026-12441 | 8.8 | 0.29% | 1 | 0 | 2026-06-17T18:35:53 | Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 a | |
| CVE-2026-12443 | 8.8 | 0.52% | 1 | 0 | 2026-06-17T18:35:53 | Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 al | |
| CVE-2026-22313 | 9.1 | 0.92% | 2 | 0 | 2026-06-17T17:16:43.687000 | The device has a webserver that exposes a REST API authenticated with a token on | |
| CVE-2026-48745 | 9.3 | 0.41% | 1 | 0 | 2026-06-17T16:28:34.830000 | Traccar Client is a GPS tracking mobile app for sending location updates to priv | |
| CVE-2026-5667 | 0 | 0.15% | 1 | 0 | 2026-06-17T16:21:32.403000 | Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Cond | |
| CVE-2026-48780 | 8.2 | 0.22% | 1 | 0 | 2026-06-17T14:17:56.423000 | Forem is open source software for building communities. Prior to commit a2ab6d4, | |
| CVE-2026-47964 | 7.8 | 0.20% | 1 | 0 | 2026-06-17T13:20:42.017000 | DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Over | |
| CVE-2026-24155 | 7.8 | 0.19% | 3 | 0 | 2026-06-17T13:20:10.417000 | NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. | |
| CVE-2026-22312 | 8.6 | 0.23% | 2 | 0 | 2026-06-17T13:20:06.023000 | The device has a webserver that exposes a REST API authenticated with a constant | |
| CVE-2026-54420 | 8.5 | 0.65% | 1 | 4 | 2026-06-17T10:58:13.830000 | LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn bef | |
| CVE-2026-50751 | 9.3 | 41.15% | 1 | 8 | template | 2026-06-17T10:57:46.373000 | A logic flow weakness in Remote Access and Mobile Access certificate validation |
| CVE-2026-4272 | 8.1 | 0.45% | 1 | 0 | 2026-06-17T10:56:20.347000 | Missing Authentication for Critical Function vulnerability in Honeywell Handheld | |
| CVE-2026-4020 | 7.5 | 2.98% | 5 | 0 | template | 2026-06-17T10:55:52.033000 | The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exp |
| CVE-2026-49112 | 7.5 | 0.33% | 1 | 0 | 2026-06-17T10:55:31.270000 | Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions. | |
| CVE-2026-49110 | 7.5 | 0.24% | 1 | 0 | 2026-06-17T10:55:31.073000 | Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce | |
| CVE-2026-49106 | 9.8 | 0.38% | 1 | 0 | 2026-06-17T10:55:30.877000 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Const | |
| CVE-2026-49105 | 9.8 | 0.38% | 1 | 1 | 2026-06-17T10:55:30.777000 | Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, | |
| CVE-2026-49104 | 9.8 | 0.38% | 1 | 1 | 2026-06-17T10:55:30.680000 | Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Co | |
| CVE-2026-49068 | 7.5 | 0.40% | 1 | 0 | 2026-06-17T10:55:29.337000 | Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions. | |
| CVE-2026-49067 | 9.3 | 0.30% | 1 | 0 | 2026-06-17T10:55:29.237000 | Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions | |
| CVE-2026-49066 | 7.5 | 0.30% | 1 | 0 | 2026-06-17T10:55:29.137000 | Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 vers | |
| CVE-2026-49065 | 8.2 | 0.24% | 1 | 0 | 2026-06-17T10:55:29.037000 | Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1. | |
| CVE-2026-49061 | 7.5 | 0.37% | 1 | 0 | 2026-06-17T10:55:28.650000 | Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce < | |
| CVE-2026-48558 | 10.0 | 0.63% | 2 | 0 | 2026-06-17T10:55:05.230000 | SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an aut | |
| CVE-2026-48095 | 8.8 | 0.70% | 1 | 1 | 2026-06-17T10:54:50.997000 | 7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior | |
| CVE-2026-47749 | 7.8 | 0.16% | 1 | 0 | 2026-06-17T10:54:39.427000 | stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable | |
| CVE-2026-47684 | 7.7 | 0.38% | 1 | 0 | 2026-06-17T10:54:37.403000 | Sync-in Server is a secure, open-source platform for file storage, sharing, coll | |
| CVE-2026-42271 | 8.8 | 53.70% | 1 | 2 | template | 2026-06-17T10:47:36.560000 | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) fo |
| CVE-2026-2751 | 8.3 | 0.27% | 1 | 1 | 2026-06-17T10:31:39.420000 | Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. | |
| CVE-2026-11526 | 9.8 | 2.46% | 1 | 0 | 2026-06-17T10:14:12.300000 | GD versions before 2.86 for Perl allow OS command injection and file overwrite v | |
| CVE-2026-0843 | 6.3 | 0.20% | 1 | 0 | 2026-06-17T10:11:29.160000 | A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjs | |
| CVE-2025-8088 | 8.8 | 81.35% | 1 | 31 | 2026-06-17T10:06:17.243000 | A path traversal vulnerability affecting the Windows version of WinRAR allows th | |
| CVE-2025-71261 | 8.6 | 0.21% | 1 | 0 | 2026-06-17T10:03:58.203000 | An attacker with network-level access between the SUSE Virtualization and Ranch | |
| CVE-2024-7730 | 7.4 | 0.29% | 1 | 0 | 2026-06-17T08:20:48.370000 | A heap buffer overflow was found in the virtio-snd device in QEMU. When reading | |
| CVE-2026-12316 | 9.1 | 0.24% | 1 | 0 | 2026-06-16T21:33:05 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed i | |
| CVE-2026-12314 | 7.5 | 0.25% | 1 | 0 | 2026-06-16T21:33:05 | Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox | |
| CVE-2026-12305 | 7.5 | 0.37% | 1 | 0 | 2026-06-16T21:33:04 | Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox | |
| CVE-2026-50656 | 7.8 | 0.34% | 5 | 1 | 2026-06-16T21:31:57 | Microsoft is aware of an elevation of privilege in the Microsoft Malware Protect | |
| CVE-2026-12003 | None | 0.14% | 2 | 0 | 2026-06-16T21:31:56 | To allow builds of Python to be run from an in-tree layout (rather than an insta | |
| CVE-2026-12315 | 9.1 | 0.25% | 1 | 0 | 2026-06-16T21:31:56 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed i | |
| CVE-2026-10649 | 8.6 | 0.46% | 1 | 0 | 2026-06-16T21:31:56 | A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an | |
| CVE-2026-12304 | 9.1 | 0.17% | 1 | 0 | 2026-06-16T21:31:55 | Same-origin policy bypass in the Networking: Cookies component. This vulnerabili | |
| CVE-2026-11832 | 9.1 | 0.33% | 1 | 0 | 2026-06-16T18:33:40 | Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predicta | |
| CVE-2026-12087 | 9.1 | 0.39% | 1 | 0 | 2026-06-16T18:33:40 | Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socke | |
| CVE-2026-12205 | 9.1 | 0.29% | 1 | 0 | 2026-06-16T18:33:40 | Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, lea | |
| CVE-2026-12161 | 8.8 | 0.29% | 1 | 0 | 2026-06-16T18:33:40 | Improper input validation in the SSH Elevate Shell feature in Devolutions Remot | |
| CVE-2026-12289 | 8.8 | 0.32% | 1 | 0 | 2026-06-16T18:33:39 | Privilege escalation in the Graphics: WebRender component. This vulnerability wa | |
| CVE-2026-24228 | 7.8 | 0.16% | 3 | 0 | 2026-06-16T18:32:44 | NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may c | |
| CVE-2026-44932 | 8.8 | 0.49% | 1 | 0 | 2026-06-16T18:32:44 | Passing of unsanitized strings from DHCP replies into the wicked dhcp client bef | |
| CVE-2026-12328 | 8.1 | 0.30% | 1 | 0 | 2026-06-16T18:32:38 | Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbir | |
| CVE-2025-68045 | 7.5 | 0.23% | 1 | 0 | 2026-06-16T12:32:07 | Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions. | |
| CVE-2026-8444 | 8.8 | 0.25% | 1 | 0 | 2026-06-16T09:32:42 | The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via | |
| CVE-2026-49109 | 9.8 | 0.38% | 1 | 0 | 2026-06-15T21:30:58 | Unauthenticated PHP Object Injection in Integration for Salesforce and Contact F | |
| CVE-2026-49085 | 9.8 | 0.38% | 1 | 1 | 2026-06-15T21:30:58 | Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms | |
| CVE-2025-55649 | 5.5 | 0.19% | 1 | 0 | 2026-06-15T21:30:42 | A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_to | |
| CVE-2026-35273 | 9.8 | 7.51% | 2 | 3 | template | 2026-06-12T18:31:50 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleS |
| CVE-2026-25089 | 9.8 | 2.66% | 1 | 2 | 2026-06-09T18:30:47 | A improper neutralization of special elements used in an os command ('os command | |
| CVE-2026-8206 | 9.8 | 0.62% | 2 | 3 | 2026-06-02T06:30:33 | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordP | |
| CVE-2025-60485 | 5.5 | 0.17% | 1 | 0 | 2026-06-02T00:31:54 | A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/iso | |
| CVE-2026-47717 | 7.5 | 0.00% | 2 | 0 | template | 2026-05-27T22:51:19 | ### Summary The GET /api/project endpoint exposes sensitive project configurati |
| CVE-2026-42089 | 8.6 | 0.19% | 1 | 0 | 2026-05-26T23:10:40 | ### Impact `yeoman-environment` versions `>= 2.9.0` and `< 6.0.1` install missi | |
| CVE-2026-42069 | None | 0.23% | 1 | 0 | 2026-05-13T13:38:50 | ### TL;DR This vulnerability affects all Kirby sites that might have potential | |
| CVE-2026-41175 | 8.1 | 0.30% | 1 | 0 | 2026-04-24T20:52:07 | ### Impact Manipulating query parameters on Control Panel and REST API endpoint | |
| CVE-2026-39808 | 9.8 | 66.17% | 1 | 6 | template | 2026-04-22T15:32:37 | A improper neutralization of special elements used in an os command ('os command |
| CVE-2026-39813 | 9.8 | 18.70% | 1 | 2 | 2026-04-14T18:30:41 | A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 thro | |
| CVE-2025-20701 | 8.8 | 3.40% | 2 | 0 | 2025-08-04T21:31:49 | In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth aud | |
| CVE-2026-9142 | 0 | 0.00% | 3 | 0 | N/A | ||
| CVE-2026-48773 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-47846 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2025-60467 | 0 | 0.00% | 4 | 0 | N/A | ||
| CVE-2025-60474 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-48772 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2025-60473 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2025-60466 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2025-60465 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2025-60471 | 0 | 0.00% | 4 | 0 | N/A | ||
| CVE-2025-60464 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-48768 | 0 | 0.27% | 2 | 0 | N/A | ||
| CVE-2026-48979 | 0 | 0.27% | 2 | 0 | N/A | ||
| CVE-2026-48618 | 0 | 0.00% | 4 | 0 | N/A | ||
| CVE-2026-47729 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-49257 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-55074 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-48933 | 0 | 0.00% | 3 | 0 | N/A | ||
| CVE-2026-48615 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2025-55640 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-52291 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-55639 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-55654 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-55653 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-24252 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-4855 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2019-25293 | 0 | 0.13% | 1 | 0 | N/A | ||
| CVE-2026-48797 | 0 | 0.44% | 1 | 0 | N/A | ||
| CVE-2026-47750 | 0 | 0.14% | 1 | 0 | N/A | ||
| CVE-2026-53776 | 0 | 0.36% | 1 | 0 | N/A |
updated 2026-06-20T09:33:32
2 posts
CVE-2026-11911: HIGH severity path traversal in eemitch Simple File List (≤6.3.7). Unauth attackers can delete files via exposed AJAX action, risking RCE. Restrict admin-ajax.php or disable plugin. Details: https://radar.offseq.com/threat/cve-2026-11911-cwe-22-improper-limitation-of-a-pat-c1bb6257a58c2645 #OffSeq #WordPress #Security
##CVE-2026-11911: HIGH severity path traversal in eemitch Simple File List (≤6.3.7). Unauth attackers can delete files via exposed AJAX action, risking RCE. Restrict admin-ajax.php or disable plugin. Details: https://radar.offseq.com/threat/cve-2026-11911-cwe-22-improper-limitation-of-a-pat-c1bb6257a58c2645 #OffSeq #WordPress #Security
##updated 2026-06-20T09:16:15.460000
2 posts
1 repos
CVE-2026-11912: HIGH severity vulnerability in eemitch Simple File List ≤6.3.7 lets unauthenticated attackers modify/delete server files due to missing auth checks. No patch yet — restrict or disable plugin. https://radar.offseq.com/threat/cve-2026-11912-cwe-862-missing-authorization-in-ee-9819171d864aac20 #OffSeq #WordPress #vuln
##CVE-2026-11912: HIGH severity vulnerability in eemitch Simple File List ≤6.3.7 lets unauthenticated attackers modify/delete server files due to missing auth checks. No patch yet — restrict or disable plugin. https://radar.offseq.com/threat/cve-2026-11912-cwe-862-missing-authorization-in-ee-9819171d864aac20 #OffSeq #WordPress #vuln
##updated 2026-06-20T02:16:26.910000
2 posts
CVE-2026-9843: HIGH severity (CVSS 8.1) path traversal in crmperks Database for Contact Form 7, WPforms, Elementor forms (≤1.5.1). Unauthenticated file deletion possible if admin interacts with malicious entries. Restrict access, monitor logs. https://radar.offseq.com/threat/cve-2026-9843-cwe-22-improper-limitation-of-a-path-a3dfc4d21233784d #OffSeq #WordPress #CVE20269843 #BlueTeam
##CVE-2026-9843: HIGH severity (CVSS 8.1) path traversal in crmperks Database for Contact Form 7, WPforms, Elementor forms (≤1.5.1). Unauthenticated file deletion possible if admin interacts with malicious entries. Restrict access, monitor logs. https://radar.offseq.com/threat/cve-2026-9843-cwe-22-improper-limitation-of-a-path-a3dfc4d21233784d #OffSeq #WordPress #CVE20269843 #BlueTeam
##updated 2026-06-20T00:34:15
2 posts
🟠 CVE-2026-56082 - High (7.5)
Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.record_build_time, which is granted to the anon role and callable with only the public Supabase publishabl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56082/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-56082 - High (7.5)
Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.record_build_time, which is granted to the anon role and callable with only the public Supabase publishabl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56082/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-20T00:34:14
4 posts
CRITICAL: Cap-go capgo (<12.128.2) hit by CVE-2026-56081. Attackers can register with victim emails pre-verification, enable 2FA, and fully take over accounts — including org policy control. No patch confirmed. Monitor new signups. https://radar.offseq.com/threat/cve-2026-56081-weak-password-recovery-mechanism-fo-0cc6e5efaf2e4722 #OffSeq #CVE202656081 #Infosec
##🔴 CVE-2026-56081 - Critical (9.1)
Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email address before that email is verified. By enabling two-factor authentication on the pre-registered account...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56081/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CRITICAL: Cap-go capgo (<12.128.2) hit by CVE-2026-56081. Attackers can register with victim emails pre-verification, enable 2FA, and fully take over accounts — including org policy control. No patch confirmed. Monitor new signups. https://radar.offseq.com/threat/cve-2026-56081-weak-password-recovery-mechanism-fo-0cc6e5efaf2e4722 #OffSeq #CVE202656081 #Infosec
##🔴 CVE-2026-56081 - Critical (9.1)
Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email address before that email is verified. By enabling two-factor authentication on the pre-registered account...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56081/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-20T00:34:09
4 posts
2 repos
🔴 CVE-2026-11551 - Critical (9.8)
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is due to the plugin not properly validating a user's identity prior to updating their password. This mak...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-11551/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-11551: CRITICAL (CVSS 9.8) privilege escalation in wpmudev Branda ≤3.4.29. Weak password recovery lets unauthenticated attackers reset admin passwords. No patch. Restrict or disable plugin, monitor activity. https://radar.offseq.com/threat/cve-2026-11551-cwe-640-weak-password-recovery-mech-4f398affc6b799d5 #OffSeq #WordPress #Vuln #BlueTeam
##🔴 CVE-2026-11551 - Critical (9.8)
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is due to the plugin not properly validating a user's identity prior to updating their password. This mak...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-11551/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-11551: CRITICAL (CVSS 9.8) privilege escalation in wpmudev Branda ≤3.4.29. Weak password recovery lets unauthenticated attackers reset admin passwords. No patch. Restrict or disable plugin, monitor activity. https://radar.offseq.com/threat/cve-2026-11551-cwe-640-weak-password-recovery-mech-4f398affc6b799d5 #OffSeq #WordPress #Vuln #BlueTeam
##updated 2026-06-20T00:34:08
2 posts
CVE-2026-56073 (CRITICAL) affects Cap-go capgo <12.128.2: Insufficient data authenticity checks allow OTP bypass, enabling attackers to activate 2FA & take over accounts. No patch yet — monitor vendor updates. https://radar.offseq.com/threat/cve-2026-56073-insufficient-verification-of-data-a-d7403d6896f5b084 #OffSeq #CVE #Infosec #AppSec
##CVE-2026-56073 (CRITICAL) affects Cap-go capgo <12.128.2: Insufficient data authenticity checks allow OTP bypass, enabling attackers to activate 2FA & take over accounts. No patch yet — monitor vendor updates. https://radar.offseq.com/threat/cve-2026-56073-insufficient-verification-of-data-a-d7403d6896f5b084 #OffSeq #CVE #Infosec #AppSec
##updated 2026-06-19T21:16:58.720000
1 posts
CVE-2026-47645 - Open redirect in Microsoft 365 Copilot. CVSS 8.8. Privilege escalation via untrusted URL redirection. No patch available. Monitor activity and restrict access. #CVE #Microsoft #infosec
##updated 2026-06-19T21:16:42.893000
1 posts
⚪️ Critical Copilot bug allowed theft of two-factor authentication codes
🗨️ In early June, Microsoft engineers announced that they had fixed a critical vulnerability, CVE-2026-42824. Now specialists from Varonis have revealed the details of this issue and described an attack that has been dubbed SearchLeak. As it turned out, the vulnerability…
##updated 2026-06-19T20:48:07
1 posts
🟠 CVE-2026-12398 - High (7.5)
A command injection vulnerability was found in galaxy_ng. The do_git_checkout() function in the legacy role import API (v1) interpolates unsanitized git ref names (branch/tag names) into shell commands executed via subprocess.run() with shell=True...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12398/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-19T18:33:37
2 posts
OpenBSD MPLS kernel stack leaks remotely (CVE-2026-56099) https://pop.argus-systems.ai/advisory/adv-040.html
##OpenBSD MPLS kernel stack leaks remotely (CVE-2026-56099) https://pop.argus-systems.ai/advisory/adv-040.html
##updated 2026-06-19T16:59:28
1 posts
CVE-2026-11718 (CRITICAL): Google MCP Toolbox for Databases v1.0.0 has an auth bypass flaw in token validation. Issuer checks can be skipped, enabling unauthorized access. Avoid v1.0.0 & monitor for fixes. https://radar.offseq.com/threat/cve-2026-11718-cwe-287-improper-authentication-in--680f47148b06b96d #OffSeq #CVE202611718 #infosec #oauth2
##updated 2026-06-19T16:58:23
1 posts
CVE-2026-11717: CRITICAL vuln in googleapis/mcp-toolbox v1.0.0. Improper auth check lets tokens without 'active' field bypass controls — unauthorized access risk. Patch unconfirmed, monitor advisories: https://radar.offseq.com/threat/cve-2026-11717-cwe-287-improper-authentication-in--13893f570bf80e27 #OffSeq #CVE202611717 #OAuth2 #CloudSecurity
##updated 2026-06-19T13:16:30.457000
1 posts
CVE-2026-43495 is a slab out-of-bounds read in the Linux kernel MediaTek t7xx WWAN driver. The function t7xx_port_enum_msg_handler() fails to check that the buffer length covers the space implied by port_count, so a malicious modem payload can read roughly 262 KB beyond allocated memory. Affected versions run from v5.18-rc1 through mainline, with a claimed CVSS of 8.8. Laptops and devices with cellular modems run this code. Should WWAN drivers get more security review?
##updated 2026-06-19T08:16:16.840000
1 posts
CVE-2026-46461 - Dell Server Hardware Manager improper access control. Low-privileged local user can gain elevated privileges. CVSS 7.8. No patch yet. Restrict local access immediately. #CVE #Dell #infosec
##updated 2026-06-19T06:32:02
2 posts
CVE-2026-8713: The Silent WordPress Plugin Flaw That Could Erase Your Entire Website in Seconds + Video
A Hidden Danger Inside One of WordPress’ Most Popular Builders In the vast ecosystem of WordPress plugins, few tools are as widely used for page design and form building as the Avada Builder plugin, developed for the popular WordPress environment. With nearly one million active installations, it powers countless business websites, portfolios, and online platforms.…
##CVE-2026-8713: CRITICAL path traversal (CVSS 9.1) in Avada (Fusion) Builder ≤3.15.3. Unauthenticated file deletion possible; RCE risk if wp-config.php is removed. Restrict access, monitor usage, check vendor for fixes. https://radar.offseq.com/threat/cve-2026-8713-cwe-22-improper-limitation-of-a-path-82beab53eaced0fc #OffSeq #WordPress #Infosec
##updated 2026-06-19T06:32:02
1 posts
2 repos
CVE-2026-7515 | CRITICAL LFI in BetterDocs Pro ≤3.8.0: Unauthenticated attackers can execute arbitrary PHP via doc_style, risking full server compromise. Patch status unknown — check vendor. https://radar.offseq.com/threat/cve-2026-7515-cwe-98-improper-control-of-filename--18dc28a9a40e8b75 #OffSeq #WordPress #Vulnerability #CVE20267515
##updated 2026-06-19T06:32:02
1 posts
CVE-2026-54414: Critical path traversal in FileRise <3.16.0 allows attackers with a valid shared-folder upload link to write files outside the intended dir — can lead to admin takeover & RCE. Patch to 3.16.0+ ASAP. https://radar.offseq.com/threat/cve-2026-54414-cwe-22-improper-limitation-of-a-pat-b161bf82d6c29f3c #OffSeq #vuln #FileRise
##updated 2026-06-19T06:17:09.720000
2 posts
updated 2026-06-19T06:17:09.580000
3 posts
lol. lmao.
https://nvd.nist.gov/vuln/detail/CVE-2026-54103
##The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could change an arbitrary user's password.
https://db.gcve.eu/vuln/cve-2026-54103
https://db.gcve.eu/vuln/cve-2026-54104
:blobcatthinkingglare:
##CVE-2026-54103 (CRITICAL, CVSS 9.8): GAO EPDS & CBCA EDS lack authentication on password change API, enabling remote takeover. No patch yet. Restrict access, monitor logs. Details: https://radar.offseq.com/threat/cve-2026-54103-cwe-306-missing-authentication-for--c02db531e70d9ca2 #OffSeq #Vuln #CVE202654103 #GovSec
##updated 2026-06-19T00:31:46
1 posts
🟠 CVE-2026-12044 - High (8.8)
SQL injection in pgAdmin 4 across every dialog template that renders ``COMMENT ON ... IS ''`` for a user-supplied description field. The Jinja templates for Domains (and their constraints), Foreign Tables, Languages, and Event Triggers, plus the V...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12044/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-19T00:31:41
1 posts
Microsoft Cost Management is affected by CVE-2026-47633 (HIGH, CVSS 7.5) — remote attackers can access sensitive info with no auth or user interaction. Patch available: https://radar.offseq.com/threat/cve-2026-47633-cwe-200-exposure-of-sensitive-infor-9882c245b9fe08eb #OffSeq #Microsoft #CVE #BlueTeam
##updated 2026-06-19T00:16:47.693000
1 posts
🔴 CVE-2026-40624 - Critical (9.8)
Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+
cameras may allow a remote, unauthenticated attacker to achieve
arbitrary code execution via a specially crafted web request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40624/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-19T00:16:47.200000
1 posts
🔴 CVE-2026-12048 - Critical (9.3)
Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Rec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-18T22:16:32.223000
1 posts
Microsoft 365 Copilot hit by CVE-2026-54130 (CRITICAL, CVSS 9.8): Missing authentication lets attackers disclose info over the network. Official fix deployed — verify your cloud service is updated. 📢 https://radar.offseq.com/threat/cve-2026-54130-cwe-306-missing-authentication-for--8486327e51e4c768 #OffSeq #Microsoft365 #CVE #CloudSecurity
##updated 2026-06-18T22:16:31.747000
1 posts
CVE-2026-47647 (CRITICAL, CVSS 9.9) affects Microsoft Dynamics 365: improper access control lets authorized users escalate privileges over the network. Fix applied by Microsoft server-side — admins should confirm updates. Details: https://radar.offseq.com/threat/cve-2026-47647-cwe-284-improper-access-control-in--2000e43e6c3db613 #OffSeq #Microsoft #Infosec #CVE
##updated 2026-06-18T22:16:30.290000
1 posts
CVE-2026-32174: HIGH severity improper authentication in Microsoft Azure AI Bot Service (CVSS 7.7). Privilege escalation possible for authorized users. Microsoft has issued a server-side fix. No active exploits. Details: https://radar.offseq.com/threat/cve-2026-32174-cwe-287-improper-authentication-in--3888a626d33fd2e5 #OffSeq #Azure #Vuln #CloudSec
##updated 2026-06-18T21:32:38
1 posts
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48937) deps: fix...
updated 2026-06-18T21:16:29.920000
1 posts
CVE-2026-49454: szTheory relyra (<1.2.0) has a CRITICAL SAML authentication flaw — improper signature verification lets attackers forge responses & impersonate users. Fixed in v1.2.0. Patch now! https://radar.offseq.com/threat/cve-2026-49454-cwe-287-improper-authentication-in--d880f0af884dcf13 #OffSeq #CVE202649454 #SAML #Elixir #InfoSec
##updated 2026-06-18T21:16:29.643000
1 posts
deepstream.io <10.0.5 has a CRITICAL Prototype Pollution flaw (CVE-2026-49252, CVSS 9.9). Authenticated users with write access can escalate privileges. Patch to 10.0.5+ ASAP! https://radar.offseq.com/threat/cve-2026-49252-cwe-1321-improperly-controlled-modi-de9b0627d448856f #OffSeq #CVE202649252 #deepstreamio #infosec
##updated 2026-06-18T20:36:32
1 posts
🟠 CVE-2026-53849 - High (8.1)
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Discord account identity using mutable display names instead of immutable user IDs. Attackers with Discord accounts can change ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53849/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-18T20:33:23
1 posts
🟠 CVE-2026-53853 - High (8.3)
OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53853/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-18T20:16:14.080000
1 posts
🚨 CRITICAL: CVE-2026-48814 in Jovancoding Network-AI ≤5.7.1 lets unauthenticated users access all 22 MCP tools if default secret is unset. Patch to 5.7.2 now! Details: https://radar.offseq.com/threat/cve-2026-48814-cwe-306-missing-authentication-for--a37c283f4afc7554 #OffSeq #CVE202648814 #Nodejs #Infosec
##updated 2026-06-18T20:12:14
1 posts
🟠 CVE-2026-53855 - High (8.1)
OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell positional parameters. Attackers can combine allowlisted tools with shell positional arguments to pl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53855/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-18T19:16:21.870000
1 posts
🟠 CVE-2026-12317 - High (7.5)
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12317/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-18T19:16:21.527000
1 posts
🟠 CVE-2026-12312 - High (7.5)
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-18T19:16:21.367000
1 posts
🟠 CVE-2026-12310 - High (7.5)
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12310/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-18T18:38:48.913000
1 posts
CRITICAL: CVE-2026-28573 targets Android 14 & 16 via missing permission check, enabling persistent local DoS — no user interaction or privileges needed. Patch status unknown. Stay updated: https://radar.offseq.com/threat/cve-2026-28573-denial-of-service-in-google-android-3a071465298b8ea9 #OffSeq #Android #InfoSec #CVE #Vuln
##updated 2026-06-18T18:35:18
18 posts
3 repos
https://github.com/watchtowrlabs/watchTowr-vs-Splunk-CVE-2026-20253
🚨 Attention Splunk Users: The Threat is Still Active!
Despite security advisories, recent scans reveal that thousands of global Splunk systems remain unpatched against CVE-2026-20253. Threat actors are already actively scanning for this critical flaw.
This dangerous multi-stage exploit abuses the PostgreSQL sidecar service, allowing attackers to achieve full Pre-Auth RCE with zero authentication.
👉 https://denizhalil.com/2026/06/15/cve-2026-20253-splunk-unauthenticated-rce-analysis/
#Cybersecurity #Splunk #Vulnerability #RCE #Infosec #ThreatIntel
##Splunk Enterprise PostgreSQL Sidecar Vulnerability Exploited in the Wild
A critical, actively exploited vulnerability (CVE-2026-20253) in Splunk Enterprise allows anyone on the network to bypass authentication and manipulate files, leading to potential system takeover. Patches are available in versions 10.4.0, 10.2.4, and 10.0.7.
**Check your versions and patch Splunk Enterprise to 10.4.0, 10.2.4, or 10.0.7 immediately. If you cannot patch today, mitigate the risk right now by disabling the PostgreSQL sidecar service. Finally, verify your network architecture: ensure Splunk Web (port 8000) and management ports are restricted by a firewall, placed on an isolated network segment, and only accessible remotely via a VPN.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/splunk-enterprise-postgresql-sidecar-vulnerability-exploited-in-the-wild-h-u-h-s-6/gD2P6Ple2L
Here's a summary of recent geopolitical, technology, and cybersecurity news:
Geopolitical: Western allies pledged $4B military aid to Ukraine (June 18). US-Iran talks stalled, and a Lebanon ceasefire was agreed. France emphasized tech sovereignty, ditching US vendors.
Technology: Anthropic's Fable 5 AI model returned with restricted access after a government-forced shutdown.
Cybersecurity: An unpatchable 'usbliter8' exploit impacts Apple A12/A13 chips. A critical Splunk Enterprise vulnerability (CVE-2026-20253) is actively exploited; CISA urged urgent patching (June 19).
##📰 Splunk Scrambles to Patch Critical 9.8 CVSS Flaw Allowing Unauthenticated RCE
🚨 CRITICAL Splunk Enterprise flaw (CVE-2026-20253) allows unauthenticated RCE! CVSS 9.8. Attackers can execute code via an insecure PostgreSQL endpoint. On-premise versions 10.0.x and 10.2.x are vulnerable. Patch now! #Splunk #RCE #CyberSecurity
🌐 cyber[.]netsecops[.]io
##CVE-2026-20253 Splunk Vulnerability. Active exploitation is confirmed. CROs and Boards must prioritize this directive to secure enterprise assets and prevent privilege escalation. Review our latest C-SUITE intelligence brief now. https://thecybermind.co/xo4x
##Latest Geopolitical: An interim US-Iran agreement aims to de-escalate tensions and reopen the Strait of Hormuz, while Moscow endured its largest Ukrainian drone attack, hitting an oil refinery.
Technology: Anthropic's Claude Fable 5 AI is back online after a six-day shutdown, as Google makes Gemini 2.5 Flash its default model.
Cybersecurity: CISA issued alerts for an actively exploited Splunk vulnerability (CVE-2026-20253) and widespread Fortinet "FortiBleed" attacks. Accenture also acquired key OT security firms.
##CISA Sounds the Alarm as Critical Splunk Enterprise Vulnerability Enters KEV Catalog Amid Active Exploitation + Video
A New Cybersecurity Emergency Unfolds for Splunk Users A fresh cybersecurity threat is forcing security teams into immediate action after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially added a severe Splunk Enterprise vulnerability, tracked as CVE-2026-20253, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw…
##CISA Warns of Active Exploitation of Splunk Enterprise Flaw
A critical vulnerability in Splunk Enterprise, tracked as CVE-2026-20253, allows remote attackers to create or delete files on vulnerable systems without needing any login credentials. This security flaw affects specific versions of Splunk Enterprise, including 10.2.0 through 10.2.3 and 10.0.0 through 10.0.6.
#SplunkEnterprise #Cve202620253 #VulnerabilityExploitation #EmergingThreats #ZeroDay
##Splunk Enterprise PostgreSQL Sidecar Vulnerability Exploited in the Wild
A critical, actively exploited vulnerability (CVE-2026-20253) in Splunk Enterprise allows anyone on the network to bypass authentication and manipulate files, leading to potential system takeover. Patches are available in versions 10.4.0, 10.2.4, and 10.0.7.
**Check your versions and patch Splunk Enterprise to 10.4.0, 10.2.4, or 10.0.7 immediately. If you cannot patch today, mitigate the risk right now by disabling the PostgreSQL sidecar service. Finally, verify your network architecture: ensure Splunk Web (port 8000) and management ports are restricted by a firewall, placed on an isolated network segment, and only accessible remotely via a VPN.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/splunk-enterprise-postgresql-sidecar-vulnerability-exploited-in-the-wild-h-u-h-s-6/gD2P6Ple2L
Here's a summary of recent geopolitical, technology, and cybersecurity news:
Geopolitical: Western allies pledged $4B military aid to Ukraine (June 18). US-Iran talks stalled, and a Lebanon ceasefire was agreed. France emphasized tech sovereignty, ditching US vendors.
Technology: Anthropic's Fable 5 AI model returned with restricted access after a government-forced shutdown.
Cybersecurity: An unpatchable 'usbliter8' exploit impacts Apple A12/A13 chips. A critical Splunk Enterprise vulnerability (CVE-2026-20253) is actively exploited; CISA urged urgent patching (June 19).
##CVE-2026-20253 Splunk Vulnerability. Active exploitation is confirmed. CROs and Boards must prioritize this directive to secure enterprise assets and prevent privilege escalation. Review our latest C-SUITE intelligence brief now. https://thecybermind.co/xo4x
##Latest Geopolitical: An interim US-Iran agreement aims to de-escalate tensions and reopen the Strait of Hormuz, while Moscow endured its largest Ukrainian drone attack, hitting an oil refinery.
Technology: Anthropic's Claude Fable 5 AI is back online after a six-day shutdown, as Google makes Gemini 2.5 Flash its default model.
Cybersecurity: CISA issued alerts for an actively exploited Splunk vulnerability (CVE-2026-20253) and widespread Fortinet "FortiBleed" attacks. Accenture also acquired key OT security firms.
##ACTIVE THREAT: CVE-2026-20253 Splunk Enterprise vulnerability is being exploited in the wild. Our latest TSUITE Brief provides a full SQL injection defense playbook, including n8n automation triggers for your SOC. Secure your infrastructure now. https://thecybermind.co/2yn5
##📢 CVE-2026-20253 : RCE pré-authentifiée dans Splunk Enterprise via le service PostgreSQL Sidecar
📝 ## 🔍 Contexte
Le 12 juin 2026, watchTowr Labs (Piotr Bazy...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-18-cve-2026-20253-rce-pre-authentifiee-dans-splunk-enterprise-via-le-service-postgresql-sidecar/
🌐 source : https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce
#CVE_2026_20253 #IOC #Cyberveille
CVE ID: CVE-2026-20253
Vendor: Splunk
Product: Enterprise
Date Added: 2026-06-18
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20253
🚨 [CISA-2026:0618] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-20253 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20253)
- Name: Splunk Enterprise Missing Authentication for Critical Function Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Splunk
- Product: Enterprise
- Notes: https://advisory.splunk.com/advisories/SVD-2026-0603 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-20253
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260618 #cisa20260618 #cve_2026_20253 #cve202620253
##CISA has added one vulnerability to the KEV catalogue.
- CVE-2026-20253: Splunk Enterprise Missing Authentication for Critical Function Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20253#CISA #infosec #vulnerability
##Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/
##updated 2026-06-18T18:16:19.943000
1 posts
CRITICAL: CVE-2026-54390 in JTL Shop (5.2.0 – 5.7.1) enables unauthenticated template injection. Attackers can extract secrets; RCE possible in 5.4.0+. No patch yet — restrict access & monitor logs. https://radar.offseq.com/threat/cve-2026-54390-improper-neutralization-of-special--56e42e7fa37d20ee #OffSeq #CVE202654390 #infosec #websecurity
##updated 2026-06-18T17:16:34.373000
1 posts
:blobcat_thisisfine:
https://nvd.nist.gov/vuln/detail/CVE-2026-55203
sev:CRIT 9.0 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N
##HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and allowing malicious FastCGI backends to desynchronize the FCGI framing parser, potentially causing request routing errors, response smuggling, or memory safety issues.
updated 2026-06-18T16:16:55.997000
1 posts
🟠 CVE-2026-53864 - High (8.1)
OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to workspace .env files, tool environment overrides, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53864/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-18T14:44:41.247000
1 posts
🟠 CVE-2026-53857 - High (8.1)
OpenClaw before 2026.5.3 contains a policy enforcement vulnerability where Zalo contacts with mutable display metadata could match allowFrom policy entries through display name changes. Attackers with mutable display names could receive agent resp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53857/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-18T14:28:03
1 posts
⚡️ CRITICAL: CVE-2026-47103 in python-statemachine (3.0.0 – <3.2.0) lets attackers execute code remotely via unsanitized eval() in SCXML. Avoid untrusted SCXML until patch. Details: https://radar.offseq.com/threat/cve-2026-47103-improper-neutralization-of-directiv-73074fb6af41b907 #OffSeq #python #security #CVE202647103
##updated 2026-06-18T14:17:35.190000
2 posts
#OT #Advisory VDE-2026-051
iba: Deserialization vulnerability in ibaPDA and ibaDatCoordinator
Remote Code Execution (RCE) running under the service user account, thereby allowing privilege escalation.
#CVE CVE-2026-8024
https://certvde.com/en/advisories/vde-2026-051/
#oCSAF
#CSAF https://iba.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-051.json
New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##updated 2026-06-18T14:17:33.980000
1 posts
🚨 CRITICAL: CVE-2026-55740 in Nur-Alam39 bus-ticket — unauthenticated SQL injection via busid in bus_info.php. Runs as MySQL root/no password! Restrict access & avoid use in production until fixed. Details: https://radar.offseq.com/threat/cve-2026-55740-cwe-89-improper-neutralization-of-s-40562f666d6be857 #OffSeq #SQLInjection #Vuln
##updated 2026-06-18T14:17:23.863000
1 posts
1 repos
🔥 CRITICAL: CVE-2026-12569 in PTC Windchill PDMLink (RCE, CVSS 9.3). Affects versions 11.2.1.0 — 13.1.3.0. No patch yet — restrict access & monitor advisories. Details: https://radar.offseq.com/threat/cve-2026-12569-cwe-20-improper-input-validation-in-d3c6b7768402d666 #OffSeq #CVE202612569 #Vuln #RCE
##updated 2026-06-18T14:17:22.310000
1 posts
🚨 CRITICAL: CVE-2026-12530 impacts AWS Bedrock AgentCore Python SDK (v1.1.3 – 1.6.1). Incomplete input sanitization in install_packages() lets attackers abuse pip flags. Update now! https://radar.offseq.com/threat/cve-2026-12530-improper-neutralization-of-argument-917f42dfcc3cfd56 #OffSeq #AWSSecurity #Python #CVE2026_12530
##updated 2026-06-18T13:46:17.917000
1 posts
🔴 CRITICAL: CVE-2026-12442 — Chrome on Android <149.0.7827.155 has a use-after-free vuln in Passwords. Remote attackers can execute code via crafted HTML. Update Chrome now! https://radar.offseq.com/threat/cve-2026-12442-use-after-free-in-google-chrome-a5d127b6 #OffSeq #Chrome #Android #Vuln #InfoSec
##updated 2026-06-18T04:17:02.430000
1 posts
Oh my.
https://nvd.nist.gov/vuln/detail/CVE-2026-55200
sev:CRIT 9.2 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
updated 2026-06-18T04:17:02.290000
1 posts
🟠 CVE-2026-53866 - High (8.1)
OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell inline-command forms could route through a parse...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53866/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-18T04:17:00.750000
1 posts
🟠 CVE-2026-53843 - High (8.8)
OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53843/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-18T04:16:48.923000
1 posts
Oracle's June 2026 CRITICAL update fixes 245 vulns (incl. CVE-2026-46850) in MySQL Shell, Router, NDB Cluster, Server (8.0.11-8.0.46, 8.4.0-8.4.9, 9.0.0-9.7.0, 2026.2.0+9.6.1). Patch promptly — no exploits yet. https://radar.offseq.com/threat/kwetsbaarheden-verholpen-in-oracle-mysql-producten-948cec13 #OffSeq #MySQL #Oracle #CVE202646850
##updated 2026-06-18T04:16:45
7 posts
📢 Cisco corrige une vulnérabilité critique d'exécution de commandes dans ISE (CVE-2026-20181)
📝 📰 Source : SecurityWeek, publié le 18 juin 2026 par Ionut Arghire.
📖 cyberveille : https://cyberveille.ch/posts/2026-06-19-cisco-corrige-une-vulnerabilite-critique-d-execution-de-commandes-dans-ise-cve-2026-20181/
🌐 source : https://www.securityweek.com/critical-command-execution-vulnerability-patched-in-cisco-ise
#CVE_2026_20181 #CVE_2026_20190 #Cyberveille
New advisory.
This relates to critical CVE-2026-20181 and CVE-2026-20190 vulnerabilities, published on the 17th.
Cisco: CRITICAL: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv @TalosSecurity #Cisco #infosec #vulnerability
##New advisory.
This relates to critical CVE-2026-20181 and CVE-2026-20190 vulnerabilities, published on the 17th.
Cisco: CRITICAL: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv @TalosSecurity #Cisco #infosec #vulnerability
##Cisco Patches Critical Root RCE and Credential Theft Flaws in ISE
Cisco patched a critical root RCE vulnerability (CVE-2026-20181) and a high-severity information disclosure flaw (CVE-2026-20190) in its Identity Services Engine. These vulnerabilities allow authenticated root access or theft of hashed credentials.
**Make sure your Cisco ISE and ISE-PIC systems are isolated from the internet and reachable only from trusted management networks. Apply the latest patches immediately (ISE 3.3 Patch 11, 3.4 Patch 6, or 3.5 Patch 3) and for the 3.5 command-execution fix, request the hotfix from Cisco TAC now. Don't wait for Patch 4 in August 2026.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisco-patches-critical-root-rce-and-credential-theft-flaws-in-ise-o-v-f-q-7/gD2P6Ple2L
CVE-2026-20181: Cisco ISE/ISE-PIC critical command execution vuln lets authenticated admins run arbitrary OS commands & escalate to root. Patch ISE 3.3/3.4/3.5 ASAP. No active exploitation reported. https://radar.offseq.com/threat/critical-command-execution-vulnerability-patched-i-a05f1533b3fe52d4 #OffSeq #Cisco #Vuln #Infosec
##New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##🚨 CRITICAL: CVE-2026-20181 in Cisco ISE (v3.1 – 3.5) allows authenticated attackers to run OS commands & escalate to root, risking DoS. Restrict admin access & monitor for patches. https://radar.offseq.com/threat/cve-2026-20181-improper-limitation-of-a-pathname-t-3c6d1c8d7d1de462 #OffSeq #Cisco #Vuln #BlueTeam
##updated 2026-06-17T20:20:10.920000
1 posts
1 repos
CVE-2026-3894 (CRITICAL, CVSS 9.2): Out-of-bounds read in RTI Connext Professional (versions 7.4.0, 7.0.0, 6.1.0, 6.0.0, 5.3.0, 5.0.0). Remote exploitation possible, no patch yet. Monitor vendor updates! https://radar.offseq.com/threat/cve-2026-3894-cwe-125-out-of-bounds-read-in-rti-co-970a787b05fc31ca #OffSeq #CVE20263894 #ICS #vuln
##updated 2026-06-17T20:17:50.620000
1 posts
🚨 CRITICAL: CVE-2026-20266 in Splunk AI Toolkit 5.7 lets admins run arbitrary OS commands due to unsafe shell execution. Restrict admin roles & monitor for abuse until patched. Details: https://radar.offseq.com/threat/cve-2026-20266-the-software-constructs-all-or-part-32c0ef3d9fc0383c #OffSeq #Splunk #Vuln #CommandInjection
##updated 2026-06-17T19:18:10.363000
1 posts
⚠️ CRITICAL: nv-tlabs GEN3C has a remote code execution bug (CVE-2026-53805). Unauthenticated attackers can run code via /request-inference & /seed-model endpoints using pickle.loads(). No patch yet — restrict access! https://radar.offseq.com/threat/cve-2026-53805-deserialization-of-untrusted-data-i-8f7f573a4ff60cff #OffSeq #CVE202653805 #NVIDIA #infosec
##updated 2026-06-17T19:18:08.253000
1 posts
🟠 CVE-2026-47747 - High (7.8)
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47747/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T18:36:17
10 posts
7 repos
https://github.com/0xBlackash/CVE-2026-48907
https://github.com/87achrafg-stack/CVE-2026-48907
https://github.com/ywh-jfellus/CVE-2026-48907
https://github.com/HORKimhab/CVE-2026-48907
https://github.com/webshellseo8/CVE-2026-48907-Unauthenticated-RCE-in-JCE
https://github.com/g0thamRabb1t/joomla-jce-cve-2026-48907-detection
CVE-2026-48907 and LiteSpeed cPanel Plugin Flaws Come Under Active Attack
Attackers are exploiting CVE-2026-48907 in Joomla JCE and a LiteSpeed cPanel plugin flaw, enabling PHP code execution and privilege escalation.
🔗️ [Thecyberexpress] https://link.is.it/SGbmfn
##CVE-2026-48907 and LiteSpeed cPanel Plugin Flaws Come Under Active Attack
Attackers are exploiting CVE-2026-48907 in Joomla JCE and a LiteSpeed cPanel plugin flaw, enabling PHP code execution and privilege escalation.
🔗️ [Thecyberexpress] https://link.is.it/SGbmfn
##⚠️ CRITICAL: Joomla, LiteSpeed Vulnerabilities Exploited in Attacks
Attackers are actively exploiting CVE-2026-48907 in Joomla Content Editor (JCE) to upload malicious PHP files and execute arbitrary code on all versions before 2.9.99.5. CVE-2026-54420 in LiteSpeed's cPanel plugin allows privilege escalation to root on shared hosting environments. Both vulnerabilit…
##Joomla Content Editor Flaw Allows Unauthenticated Remote Code Execution
A critical vulnerability in the Joomla Content Editor (JCE) extension (CVE-2026-48907) allows unauthenticated attackers to create rogue profiles and execute PHP code. CISA has confirmed active exploitation.
**If you run the JCE extension on your Joomla site, this is urgent. Attackers are actively taking over sites through this flaw. Update it to version 2.9.99.6 or later right away (or apply the free stopgap patch if you're on an older 2.7.x–2.9.x version). Patching alone won't remove malware already planted, so also check for rogue editor profiles and unexpected PHP files in your /images, /media, and /tmp folders, delete anything suspicious, run a full malware scan, and change all admin passwords and database credentials.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/joomla-content-editor-flaw-allows-unauthenticated-remote-code-execution-1-i-2-w-m/gD2P6Ple2L
Alert: CVE-2026-48907. A severe access control flaw in Widget Factory Joomla Content Editor allows unauthenticated PHP script execution. Lock down your CMS. Read our tactical engineering runbook for full IOCs and endpoint hardening steps. https://thecybermind.co/unjv
##URGENT: CVE-2026-48907 is seeing active exploitation in Joomla! JCE extensions. This critical RCE flaw allows unauthenticated attackers to take full control. Read our executive remediation brief to harden your environment now.
https://thecybermind.co/ic6z
#CyberSecurity #Joomla #Infosec #KEV
⚠️ Vous administrez un site Joomla ?
Petit point sécurité : la faille CVE-2026-48907 touche l’extension **JCE / Joomla Content Editor **et elle est déjà exploitée automatiquement sur Internet.
👇 🩹
https://www.joomlacontenteditor.net/news/jce-security-update-and-a-free-patch-for-older-sites
En clair : un site vulnérable peut être compromis même sans compte public ni inscription ouverte.
À faire dès que possible:
• mettre JCE à jour en 2.9.99.6 ou plus récent
• vérifier les profils/comptes suspects
• changer les mots de passe admin, base de données et hébergement
• lancer un scan serveur
(La mise à jour ferme la porte, mais ne nettoie pas forcément ce qui aurait déjà été déposé.)
##🚨 New critical improper access control vulnerability tagged CVE-2026-48907, affecting Widget Factory Joomla Content Editor is seeing active exploitation in the wild as reported by CISA.
Vulnerability detection script available below:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-48907.yaml
Patches and mitigations are available:
https://www.sentinelone.com/vulnerability-database/cve-2026-48907/
🚨 [CISA-2026:0616] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-48907 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48907)
- Name: Widget Factory Joomla Content Editor Improper Access Control Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Widget Factory
- Product: Joomla Content Editor
- Notes: https://www.joomlacontenteditor.net/news/jce-security-update-and-a-free-patch-for-older-sites ; https://www.joomlacontenteditor.net/support/changelog/editor ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-48907
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260616 #cisa20260616 #cve_2026_48907 #cve202648907
##CVE ID: CVE-2026-48907
Vendor: Widget Factory
Product: Joomla Content Editor
Date Added: 2026-06-16
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-48907
updated 2026-06-17T18:36:07
7 posts
3 repos
https://github.com/0xBlackash/CVE-2026-42530
Use-after-free in the QPACK encoder of nginx HTTP/3 - CVE-2026-42530 https://cystack.net/vi/research/cve-2026-42530-nginx-en
##@c0dec0dec0de RCEs this time, not DoS. CVE-2026-42530 & CVE-2026-42055
##Use-after-free in the QPACK encoder of nginx HTTP/3 - CVE-2026-42530 https://cystack.net/vi/research/cve-2026-42530-nginx-en
##@c0dec0dec0de RCEs this time, not DoS. CVE-2026-42530 & CVE-2026-42055
##F5 Patches Critical Remote Code Execution Flaws in NGINX Open Source and Plus
F5 addressed two critical vulnerabilities (CVE-2026-42530 and CVE-2026-42055) in NGINX that allow unauthenticated remote code execution or denial-of-service. The flaws affect NGINX Open Source, NGINX Plus, and several related gateway and controller products.
**If you run NGINX (Open Source, Plus, Ingress Controller, Gateway Fabric, Instance Manager, or App Protect WAF), update immediately to the fixed versions F5 released: NGINX Open Source 1.31.2 or 1.30.3, and NGINX Plus 37.0.2.1 or R36 P6. If you can't patch right away, temporarily disable HTTP/3 by removing "quic" from all listen directives, and remove the "ignore_invalid_headers off" directive or shrink "large_client_header_buffers" to block these attacks until you update.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/f5-patches-critical-remote-code-execution-flaws-in-nginx-open-source-and-plus-q-l-g-f-a/gD2P6Ple2L
⚠️ CRITICAL: F5 Patches Critical, High-Severity NGINX Vulnerabilities
F5 released patches for critical unauthenticated RCE and DoS vulnerabilities in NGINX (CVE-2026-42530, CVE-2026-42055) affecting NGINX Plus, Controller, and related products. Attackers can exploit heap buffer overflows and use-after-free flaws without credentials to crash services or execute arbitr…
##CVE-2026-42530: Use after free in nginx HTTP/3 QUIC module https://lobste.rs/s/pbvqlz #security
https://www.cve.org/CVERecord?id=CVE-2026-42530
updated 2026-06-17T18:36:07
4 posts
New advisory.
This relates to critical CVE-2026-20181 and CVE-2026-20190 vulnerabilities, published on the 17th.
Cisco: CRITICAL: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv @TalosSecurity #Cisco #infosec #vulnerability
##New advisory.
This relates to critical CVE-2026-20181 and CVE-2026-20190 vulnerabilities, published on the 17th.
Cisco: CRITICAL: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv @TalosSecurity #Cisco #infosec #vulnerability
##Cisco Patches Critical Root RCE and Credential Theft Flaws in ISE
Cisco patched a critical root RCE vulnerability (CVE-2026-20181) and a high-severity information disclosure flaw (CVE-2026-20190) in its Identity Services Engine. These vulnerabilities allow authenticated root access or theft of hashed credentials.
**Make sure your Cisco ISE and ISE-PIC systems are isolated from the internet and reachable only from trusted management networks. Apply the latest patches immediately (ISE 3.3 Patch 11, 3.4 Patch 6, or 3.5 Patch 3) and for the 3.5 command-execution fix, request the hotfix from Cisco TAC now. Don't wait for Patch 4 in August 2026.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisco-patches-critical-root-rce-and-credential-theft-flaws-in-ise-o-v-f-q-7/gD2P6Ple2L
New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##updated 2026-06-17T18:36:07
4 posts
1 repos
@c0dec0dec0de RCEs this time, not DoS. CVE-2026-42530 & CVE-2026-42055
##@c0dec0dec0de RCEs this time, not DoS. CVE-2026-42530 & CVE-2026-42055
##F5 Patches Critical Remote Code Execution Flaws in NGINX Open Source and Plus
F5 addressed two critical vulnerabilities (CVE-2026-42530 and CVE-2026-42055) in NGINX that allow unauthenticated remote code execution or denial-of-service. The flaws affect NGINX Open Source, NGINX Plus, and several related gateway and controller products.
**If you run NGINX (Open Source, Plus, Ingress Controller, Gateway Fabric, Instance Manager, or App Protect WAF), update immediately to the fixed versions F5 released: NGINX Open Source 1.31.2 or 1.30.3, and NGINX Plus 37.0.2.1 or R36 P6. If you can't patch right away, temporarily disable HTTP/3 by removing "quic" from all listen directives, and remove the "ignore_invalid_headers off" directive or shrink "large_client_header_buffers" to block these attacks until you update.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/f5-patches-critical-remote-code-execution-flaws-in-nginx-open-source-and-plus-q-l-g-f-a/gD2P6Ple2L
⚠️ CRITICAL: F5 Patches Critical, High-Severity NGINX Vulnerabilities
F5 released patches for critical unauthenticated RCE and DoS vulnerabilities in NGINX (CVE-2026-42530, CVE-2026-42055) affecting NGINX Plus, Controller, and related products. Attackers can exploit heap buffer overflows and use-after-free flaws without credentials to crash services or execute arbitr…
##updated 2026-06-17T18:35:58
1 posts
🔍 CRITICAL: CVE-2026-2467 in RTI Connext Professional (v5.0.0 – 7.4.0) enables heap-based buffer overflow, risking RCE & DoS. No patch yet — monitor vendor updates. CVSS 9.2. Details: https://radar.offseq.com/threat/cve-2026-2467-cwe-122-heap-based-buffer-overflow-i-3103978a721b1a1c #OffSeq #Vuln #CVE20262467 #RTI #Infosec
##updated 2026-06-17T18:35:53
1 posts
🚨 CRITICAL: CVE-2026-12440 in Chrome DigitalCredentials (Windows <149.0.7827.155) allows remote sandbox escape. Patch to 149.0.7827.155 ASAP! Exploitation risk is high. https://radar.offseq.com/threat/cve-2026-12440-use-after-free-in-google-chrome-c0fe93a4 #OffSeq #Chrome #InfoSec #Vulnerability
##updated 2026-06-17T18:35:53
1 posts
🔒 CRITICAL: CVE-2026-12441 in Chrome <149.0.7827.155 on Linux — use-after-free in File Input. Remote attacker can trigger heap corruption via crafted HTML. Update Chrome ASAP! https://radar.offseq.com/threat/cve-2026-12441-use-after-free-in-google-chrome-643def61 #OffSeq #Chrome #Linux #Vuln
##updated 2026-06-17T18:35:53
1 posts
🚩 CRITICAL: Chrome Web Authentication use-after-free (CVE-2026-12443) enables remote code execution in versions <149.0.7827.155. Patch immediately to stay secure. Vendor fix available. https://radar.offseq.com/threat/cve-2026-12443-use-after-free-in-google-chrome-564c6d01 #OffSeq #Chrome #InfoSec #Vuln
##updated 2026-06-17T17:16:43.687000
2 posts
Command injection and hardcoded creds in Radiflow iSAP Smart Collector. Nice.
##🔴 CVE-2026-22313 - Critical (9.1)
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send
arbitrary commands to the device that are executed with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T16:28:34.830000
1 posts
🚨 CRITICAL: CVE-2026-48745 in traccar-client <=9.7.19 allows silent GPS data redirection via crafted deep links — no user prompt, persists after restart. Update to 9.7.20 now! https://radar.offseq.com/threat/cve-2026-48745-cwe-940-improper-verification-of-so-6b0c4b37 #OffSeq #Infosec #MobileSecurity #CVE202648745
##updated 2026-06-17T16:21:32.403000
1 posts
CVE-2026-5667: Unauthenticated Remote Control of Mitsubishi MAC-577IF-2E WiFi Adapters via Probe Request Reconnaissance https://innerfirez.github.io/posts/the-secret-life-of-probe-requests/
##updated 2026-06-17T14:17:56.423000
1 posts
🟠 CVE-2026-48780 - High (8.2)
Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48780/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T13:20:42.017000
1 posts
🟠 CVE-2026-47964 - High (7.8)
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47964/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T13:20:10.417000
3 posts
New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##🟠 CVE-2026-24155 - High (7.8)
NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24155/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Nvidia has a new advisory relating to CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228, all high-severity:
Security Bulletin: NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia
Broadcom:
Seven advisories addressing one critical vulnerability and several high-severity flaws: You'll need a login for details.
CRITICAL: MICS 14.3, 14.4, and 14.5 Vulnerabilities
More: https://support.broadcom.com/web/ecx/security-advisory #Broadcom
Yesterday:
Google:
Chrome Dev for Desktop Update https://chromereleases.googleblog.com/ #Google #Chrome
Dell:
Update for a critical vulnerability yesterday that encompasses multiple CVEs:
Security Update for Dell PowerProtect DP Series Appliance (IDPA) Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000368282/dsa-2025-300-security-update-for-dell-powerprotect-dp-series-appliance-idpa-multiple-third-party-component-vulnerabilities #Dell #infosec #vulnerability
##updated 2026-06-17T13:20:06.023000
2 posts
Command injection and hardcoded creds in Radiflow iSAP Smart Collector. Nice.
##🟠 CVE-2026-22312 - High (8.6)
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration
and execute some commands (e.g. system reboot).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:58:13.830000
1 posts
4 repos
https://github.com/Resellnom/litespeed-cpanel-cve-2026-54420-fix
https://github.com/mahfuzreham/litespeed-cpanel-cve-2026-54420-fix
https://github.com/fevar54/CVE-2026-54420-LiteSpeed-Symlink-Exploit
⚠️ CRITICAL: Joomla, LiteSpeed Vulnerabilities Exploited in Attacks
Attackers are actively exploiting CVE-2026-48907 in Joomla Content Editor (JCE) to upload malicious PHP files and execute arbitrary code on all versions before 2.9.99.5. CVE-2026-54420 in LiteSpeed's cPanel plugin allows privilege escalation to root on shared hosting environments. Both vulnerabilit…
##updated 2026-06-17T10:57:46.373000
1 posts
8 repos
https://github.com/hlkysipv/CVE-2026-50751-Check-Point-IKEv1-Authentication-Bypass
https://github.com/WadesWeaponShed/CheckPoint-CVE-Webscanner
https://github.com/bolubey/CVE-2026-50751
https://github.com/fernstedt/CVE-2026-50751
https://github.com/fevar54/CVE-2026-50751---Check-Point-IKEv1-Authentication-Bypass-Exploit
https://github.com/watchtowrlabs/watchTowr-vs-Check-Point-CVE-2026-50751
https://github.com/WadesWeaponShed/CVE-2026-50751-Mitigation-Scripts
Marking Your Own Homework (Check Point Remote Access VPN IKEv1 Authentication Bypass CVE-2026-50751) https://labs.watchtowr.com/marking-your-own-homework-check-point-remote-access-vpn-ikev1-authentication-bypass-cve-2026-50751/
##updated 2026-06-17T10:56:20.347000
1 posts
Q: Am I counting these?
('https://https:', {'https://https://docs.tenable.com/release-notes/Content/security-center/2026.htm', 'https://https://www.asustor.com/security/security_advisory_detail?id=55', 'https://https://www.tenable.com/security/tns-2026-07', 'https://https://talosintelligence.com/vulnerability_reports/', 'https://https://mail.python.org/archives/list/security-announce@python.org/thread/JIFOBO7UX3LY4VJKJUOKYJV62CFR2IRH/', 'https://https://www.geovision.com.tw/cyber_security.php', 'https://https://nvd.nist.gov/vuln/detail/CVE-2026-4272', 'https://https://github.com/videolan/vlc-android/releases/tag/3.7.0', 'https://https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504'})
updated 2026-06-17T10:55:52.033000
5 posts
Critical WordPress Security Alert: Gravity SMTP Vulnerability Could Expose API Keys and Email Credentials Across 100,000+ Websites, Dark Web Recent Claims + Video
Introduction: A New WordPress Threat Raises Concerns Across the Website Security Community A newly reported cybersecurity warning is drawing attention from researchers and website administrators after claims emerged that attackers are actively exploiting a vulnerability identified as CVE-2026-4020 in Gravity…
##Solid breakdown by @honeylabs of the opportunistic activity against CVE-2026-4020
~560 IPs rotating through ~3,300 UAs
Rly important to heed the info further down in the article re: "attacking the CVE" vs "added yet-another-cred path to existing scans".
https://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020
##Most of the CVE-2026-4020 attackers are the same client - https://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020
##🤔 Ah, the classic "same client" saga with CVE-2026-4020—because who needs originality in #hacking when you have a Google Cloud fleet playing dress-up with 3,299 user agents? 🌍📬 Apparently, exploiting Gravity #SMTP is a team sport, but only if your team is a single IP address with a personality disorder. What a performance! 🎭💻
https://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020 #CVE20264020 #GoogleCloud #SecurityFlaw #Cybersecurity #HackerNews #ngated
Most of the CVE-2026-4020 attackers are the same client
https://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020
#HackerNews #CVE20264020 #cybersecurity #cloudfleet #attackers #analysis
##updated 2026-06-17T10:55:31.270000
1 posts
🟠 CVE-2026-49112 - High (7.5)
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:31.073000
1 posts
🟠 CVE-2026-49110 - High (7.5)
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49110/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:30.877000
1 posts
🔴 CVE-2026-49106 - Critical (9.8)
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49106/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:30.777000
1 posts
1 repos
🔴 CVE-2026-49105 - Critical (9.8)
Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49105/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:30.680000
1 posts
1 repos
🔴 CVE-2026-49104 - Critical (9.8)
Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49104/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:29.337000
1 posts
🟠 CVE-2026-49068 - High (7.5)
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49068/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:29.237000
1 posts
🔴 CVE-2026-49067 - Critical (9.3)
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49067/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:29.137000
1 posts
🟠 CVE-2026-49066 - High (7.5)
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49066/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:29.037000
1 posts
🟠 CVE-2026-49065 - High (8.2)
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49065/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:28.650000
1 posts
🟠 CVE-2026-49061 - High (7.5)
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49061/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:05.230000
2 posts
📢 ~14 000 serveurs SimpleHelp exposés via un contournement d'authentification critique (CVE-2026-48558)
📝 📰 **Source** : CybersecurityNews.com — **Date de publication** : 16 juin 2026
...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-18-14-000-serveurs-simplehelp-exposes-via-un-contournement-d-authentification-critique-cve-2026-48558/
🌐 source : https://cybersecuritynews.com/simplehelp-servers-exposed-authentication-bypass-disclosure/
#CVE_2026_48558 #IOC #Cyberveille
📢 CVE-2026-48558 : Contournement d'authentification critique dans SimpleHelp via OIDC
📝 ## 🔍 Contexte
Le 12 juin 2026, Horizon3.ai publie une divulgation technique concernant **CVE-2026-4855...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-17-cve-2026-48558-contournement-d-authentification-critique-dans-simplehelp-via-oidc/
🌐 source : https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/
#CVE_2026_48558 #IOC #Cyberveille
updated 2026-06-17T10:54:50.997000
1 posts
1 repos
Just two recent examples of vulnerablities from 7-Zip and RAR.
Also keep in mind that distros are not always great at updating and if you installed one of these yourself, it is also on you (plus neither autoupdate on Windows or macOS).
##updated 2026-06-17T10:54:39.427000
1 posts
🟠 CVE-2026-47749 - High (7.8)
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORT_BINUNICODE parsin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47749/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:54:37.403000
1 posts
🟠 CVE-2026-47684 - High (7.7)
Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses (e.g. ::ffff:...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47684/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:47:36.560000
1 posts
2 repos
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html
##updated 2026-06-17T10:31:39.420000
1 posts
1 repos
Q: Am I counting these?
('https://https:', {'https://https://docs.tenable.com/release-notes/Content/security-center/2026.htm', 'https://https://www.asustor.com/security/security_advisory_detail?id=55', 'https://https://www.tenable.com/security/tns-2026-07', 'https://https://talosintelligence.com/vulnerability_reports/', 'https://https://mail.python.org/archives/list/security-announce@python.org/thread/JIFOBO7UX3LY4VJKJUOKYJV62CFR2IRH/', 'https://https://www.geovision.com.tw/cyber_security.php', 'https://https://nvd.nist.gov/vuln/detail/CVE-2026-4272', 'https://https://github.com/videolan/vlc-android/releases/tag/3.7.0', 'https://https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504'})
updated 2026-06-17T10:14:12.300000
1 posts
Perl's GD module released 2.86 to fix CVE-2026-11526, a command-injection flaw where GD::Image constructors passed untrusted filenames to Perl's 2-argument open(), so a name beginning or ending with a pipe, or starting with a redirect, ran as a shell command or truncated a file. The fix opens filenames with a 3-argument read open. In-memory Data constructors were never affected. Is 2-arg open() still lurking in your dependencies?
#Perl #security
updated 2026-06-17T10:11:29.160000
1 posts
https://www.cve.org/CVERecord?id=CVE-2026-0843 - do I dare click that reference... :neocat_scream_scared:
##updated 2026-06-17T10:06:17.243000
1 posts
31 repos
https://github.com/nhattanhh/CVE-2025-8088
https://github.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC
https://github.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition
https://github.com/pescada-dev/-CVE-2025-8088
https://github.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC
https://github.com/hexsecteam/CVE-2025-8088-Winrar-Tool
https://github.com/ilhamrzr/RAR-Anomaly-Inspector
https://github.com/undefined-name12/CVE-2025-8088-Winrar
https://github.com/xi0onamdev/WinRAR-CVE-2025-8088-Exploitation-Toolkit
https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder
https://github.com/lennertdefauw/CVE-2025-8088
https://github.com/pentestfunctions/best-CVE-2025-8088
https://github.com/ghostn4444/CVE-2025-8088
https://github.com/nuky-alt/CVE-2025-8088
https://github.com/hbesljx/CVE-2025-8088-EXP
https://github.com/IsmaelCosma/CVE-2025-8088
https://github.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal
https://github.com/shaheeryasirofficial/CVE-2025-8088
https://github.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit-
https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool
https://github.com/techcorp/CVE-2025-8088-Exploit
https://github.com/aldisakti2/CVE-2025-8088-BUILDER-Winrar-Tool
https://github.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR
https://github.com/pentestfunctions/CVE-2025-8088-Multi-Document
https://github.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui
https://github.com/starfallreverie/winrar-exploit
https://github.com/Shinkirou789/Cve-2025-8088-WinRar-vulnerability
https://github.com/walidpyh/CVE-2025-8088
https://github.com/jordan922/CVE-2025-8088
https://github.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC
Just two recent examples of vulnerablities from 7-Zip and RAR.
Also keep in mind that distros are not always great at updating and if you installed one of these yourself, it is also on you (plus neither autoupdate on Windows or macOS).
##updated 2026-06-17T10:03:58.203000
1 posts
🟠 CVE-2025-71261 - High (8.6)
An attacker with network-level access between the SUSE Virtualization
and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it
to bypass TLS as a security control.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71261/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T08:20:48.370000
1 posts
🚨 EUVD-2026-38043
📊 Score: 7.4/10 (CVSS v3.1)
📅 Updated: 2026-06-19
📝 A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730.
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38043
##updated 2026-06-16T21:33:05
1 posts
🔴 CVE-2026-12316 - Critical (9.1)
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12316/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:33:05
1 posts
🟠 CVE-2026-12314 - High (7.5)
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12314/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:33:04
1 posts
🟠 CVE-2026-12305 - High (7.5)
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12305/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:31:57
5 posts
1 repos
Windows. Neuer Proof-of-Concept-Exploit von Chaotic Eclipse (aka Nightmare Eclipse) für
RoguePlanet ZeroDay in Defender.
Microsoft bestätigt, dass der RoguePlanet Zero-Day Microsoft Defender betrifft und als CVE-2026-50656 (CVSS-Score von 7,8) getrackt wird. Die Sicherheitslücke ermöglicht eine Rechteausweitung über die Microsoft Malware Protection Engine.
##Windows Defender Vulnerability Exposed as RoguePlanet PoC Spreads Online
A newly disclosed Windows Defender vulnerability, tracked as CVE-2026-50656 and dubbed RoguePlanet, has raised concerns across the cybersecurity...
🔗️ [Thecyberexpress] https://link.is.it/k5s4I4
##New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##🟠 CVE-2026-50656 - High (7.8)
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnera...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-50656/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Nightmare Eclipses RoguePlanet now has a CVE 🎉: https://nvd.nist.gov/vuln/detail/cve-2026-50656
Not any new detail in there & no fix yet (has only been a week, give them some time...).
Much less relevant but annoying me personally: It taking them a week to ... sorry, shit this out. Broken description in the CVE form & even in the MSRC page it's pretty obvious no one even proofread the non-description. Also empty Acknoledgement section despite link to the Github (not the first time btw)... at least they didn't have it taken down this time? 🙃
##updated 2026-06-16T21:31:56
2 posts
Who is affected by CVE-2026-12003? Anyone running CPython on Windows across 3.11.15, 3.12.13, 3.13.14, 3.14.6, 3.15.0b2 and earlier. Jake Yamaki of Bishop Fox showed that a low-privilege user can create a path CPython checks for in-tree builds and inject malicious library folders to escalate privileges. It is rated CVSSv4 5.3. With this many affected versions, how do you even inventory every CPython on a Windows fleet?
#Python #Security
Jake Yamaki of Bishop Fox disclosed CVE-2026-12003 in CPython. The interpreter's VPATH variable, combined with a Modules/setup.local landmark used to locate in-tree builds, lets a low-privilege Windows user create that path outside the install directory and inject malicious library folders, escalating privileges. Rated CVSSv4 5.3, it affects 3.11.15, 3.12.13, 3.13.14, 3.14.6, 3.15.0b2 and earlier. Should build-detection logic ever survive into a release binary?
#Python #Security
updated 2026-06-16T21:31:56
1 posts
🔴 CVE-2026-12315 - Critical (9.1)
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12315/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:31:56
1 posts
🟠 CVE-2026-10649 - High (8.6)
A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacke...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10649/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:31:55
1 posts
🔴 CVE-2026-12304 - Critical (9.1)
Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12304/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T18:33:40
1 posts
🔴 CVE-2026-11832 - Critical (9.1)
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce.
The default nonce was generated using an MD5 hash of the epoch time, which is predictable.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-11832/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T18:33:40
1 posts
🔴 CVE-2026-12087 - Critical (9.1)
Socket versions before 2.041 for Perl have an out-of-bounds heap read.
In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12087/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T18:33:40
1 posts
🔴 CVE-2026-12205 - Critical (9.1)
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.
Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it.
The first sign() on a Key object p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12205/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T18:33:40
1 posts
🟠 CVE-2026-12161 - High (8.8)
Improper input validation in the SSH Elevate Shell feature in
Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user
with permission to create or modify a shared SSH entry to execute
arbitrary commands on a remote SSH host usi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12161/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T18:33:39
1 posts
🟠 CVE-2026-12289 - High (8.8)
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T18:32:44
3 posts
New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##🟠 CVE-2026-24228 - High (7.8)
NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and informatio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24228/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Nvidia has a new advisory relating to CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228, all high-severity:
Security Bulletin: NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia
Broadcom:
Seven advisories addressing one critical vulnerability and several high-severity flaws: You'll need a login for details.
CRITICAL: MICS 14.3, 14.4, and 14.5 Vulnerabilities
More: https://support.broadcom.com/web/ecx/security-advisory #Broadcom
Yesterday:
Google:
Chrome Dev for Desktop Update https://chromereleases.googleblog.com/ #Google #Chrome
Dell:
Update for a critical vulnerability yesterday that encompasses multiple CVEs:
Security Update for Dell PowerProtect DP Series Appliance (IDPA) Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000368282/dsa-2025-300-security-update-for-dell-powerprotect-dp-series-appliance-idpa-multiple-third-party-component-vulnerabilities #Dell #infosec #vulnerability
##updated 2026-06-16T18:32:44
1 posts
🟠 CVE-2026-44932 - High (8.8)
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44932/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T18:32:38
1 posts
🟠 CVE-2026-12328 - High (8.1)
Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12328/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T12:32:07
1 posts
🟠 CVE-2025-68045 - High (7.5)
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T09:32:42
1 posts
🟠 CVE-2026-8444 - High (8.8)
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $_POST['curselrevs'] ra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8444/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:30:58
1 posts
🔴 CVE-2026-49109 - Critical (9.8)
Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49109/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:30:58
1 posts
1 repos
🔴 CVE-2026-49085 - Critical (9.8)
Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49085/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:30:42
1 posts
@iamleot Of course, requests to add links were sent in the follow-up email regarding the publication. I noticed that the original links were missing for some CVE entries, but my process hasn't changed recently.
full-context:
https://www.cve.org/CVERecord?id=CVE-2025-60485
truncated:
https://www.cve.org/CVERecord?id=CVE-2025-55649
updated 2026-06-12T18:31:50
2 posts
3 repos
https://github.com/HORKimhab/CVE-2026-35273
Oracle Patches 245 Vulnerabilities Including Actively Exploited PeopleSoft Zero-Day
Oracle's June 2026 monthly Critical Security Patch Update delivers 245 patches across eleven product families, roughly 120 rated critical including eleven maximum-severity (CVSS 10.0) remotely exploitable unauthenticated flaws concentrated in Fusion Middleware (Coherence, WebCenter, WebLogic) plus Solaris, alongside the fix for a PeopleSoft code-injection vulnerability (CVE-2026-35273) that's reportedly exploited in the wild.
**If you are using Oracle products, review the advisory in detail. Prioritize the maximum-severity (CVSS 10.0) flaws in Fusion Middleware products like Coherence, WebCenter, and WebLogic, since these can be exploited remotely without any login. Pay urgent attention to the PeopleSoft fix (CVE-2026-35273), as attackers are already actively breaking into organizations. Use isolation from the internet and reduced user privileges only as a temporary fix until you can fully patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/oracle-patches-245-vulnerabilities-including-actively-exploited-peoplesoft-zero-day-1-m-q-9-5/gD2P6Ple2L
Europarat gehackt – dank Oracle.
Die Besetzungsliste: ShinyHunters, Oracle, der Europarat. Die Handlung: Vor mehr als zwanzig Jahren hat Oracle* nach einer wahren Übernahmeschlacht die Firma PeopleSoft geschluckt. Deren Software wird vor allem in den USA eingesetzt, aber eben auch im Europarat. Die Software enthielt eine Zero-Day Sicherheitslücke CVE-2026-35273, die von ShinyHunters ausgenutzt wurde. Die Hackergruppe will darüber mehr als 100 Institutionen gehackt haben, darunter den Europarat. Dabei seien fast 300 GByte an Daten in die Hände der Erpresser gefallen, darunter Personalakten, Gehaltsabrechnungen, Einkäufe; Lebensläufe, Gehälter,
https://www.pc-fluesterer.info/wordpress/2026/06/16/europarat-gehackt-dank-oracle/
#0day #closedsource #cybercrime #datenleck #datenschutz #exploits #sicherheit #UnplugOracle #UnplugTrump #zeroday
##updated 2026-06-09T18:30:47
1 posts
2 repos
⚠️ CRITICAL: Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Fortinet FortiSandbox is under active exploitation for three critical unauthenticated RCE vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089). All three bypass authentication and allow arbitrary command execution via HTTP requests. Organizations running FortiSandbox are at immediate ri…
##updated 2026-06-02T06:30:33
2 posts
3 repos
https://github.com/rootdirective-sec/CVE-2026-8206-Lab
🚨 KTRYTYCZNA PODSTNOŚĆ WE WTYCZCE #WORDPRESS!
Jak podaje #Sekurak, we wtyczce #Kirki wykryto lukę, pozwalającą na przejęcie dowolnego konta, w tym administratora.
Jeśli masz to rozszerzenie, zaktualizuj je natychmiast do najnowszej wersji!
CVE-2026-8206
CVSS: 9.8
Błąd w popularnej wtyczce do WordPressa pozwala na przejęcie konta administratora (CVE-2026-8206 – Kirki)
WordPress to niewątpliwie najpopularniejszy na świecie system do zarządzania treścią (CMS) typu open source. Pozwala na łatwe tworzenie i zarządzanie stronami internetowymi bez konieczności znajomości programowania. O ile krytyczne błędy w samym silniku zdarzają się niezwykle rzadko, o tyle platforma wspiera wiele zewnętrznych pluginów, co zwiększa płaszczyznę ataku. TLDR: Tym...
##updated 2026-06-02T00:31:54
1 posts
@iamleot Of course, requests to add links were sent in the follow-up email regarding the publication. I noticed that the original links were missing for some CVE entries, but my process hasn't changed recently.
full-context:
https://www.cve.org/CVERecord?id=CVE-2025-60485
truncated:
https://www.cve.org/CVERecord?id=CVE-2025-55649
updated 2026-05-27T22:51:19
2 posts
🚨 CVE-2026-47717: Dive into my deep technical analysis of the FUXA SCADA API logic flaw that allows unauthenticated attackers to leak critical project configurations and operational data.
Read the full analysis here: 👇 https://denizhalil.com/2026/06/19/cve-2026-47717-fuxa-scada-data-disclosure/
##🚨 CVE-2026-47717: Dive into my deep technical analysis of the FUXA SCADA API logic flaw that allows unauthenticated attackers to leak critical project configurations and operational data.
Read the full analysis here: 👇 https://denizhalil.com/2026/06/19/cve-2026-47717-fuxa-scada-data-disclosure/
##updated 2026-05-26T23:10:40
1 posts
🟠 CVE-2026-42089 - High (8.6)
Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without us...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42089/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-13T13:38:50
1 posts
the moment you visit cve.org you are loading 1.xMB of data. This includes everything except binary data (images etc) and CVE data itself.
You wanna learn more about the board? the DOM is built from that one script & populated from a json blob in that script. Well, a string which is then decoded
Wanna look up the contact method for NVIDIAs CNA? Every website on the path to get there is built from that script & already contained in that script as a json blob.
Want to know the geometry of Antarctica? You bet there is a couple of polygons in that script! (I don't know where they are used).
Every linked youtube video that explains something? It's in there!!
Or in other words: You are downloading 1.xMB of data (uncompressed: 4MB) that is probably not very cacheable data past the current session & of which you probably aren't gonna use much of anyway - you just clicked a link to see whats up with CVE-2026-42069 & now you downloaded 400kB of CNA data!
##updated 2026-04-24T20:52:07
1 posts
🚨 EUVD-2026-38057
📊 Score: 7.4/10 (CVSS v3.1)
📦 Product: CMS, CMS
🏢 Vendor: statamic
📅 Updated: 2026-06-19
📝 Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sort...
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-38057
##updated 2026-04-22T15:32:37
1 posts
6 repos
https://github.com/samu-delucas/CVE-2026-39808
https://github.com/error-inside/CVE-2026-39808
https://github.com/ynsmroztas/FortiSandbox-RCE-Exploit-CVE-2026-39808
https://github.com/0xBlackash/CVE-2026-39808
⚠️ CRITICAL: Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Fortinet FortiSandbox is under active exploitation for three critical unauthenticated RCE vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089). All three bypass authentication and allow arbitrary command execution via HTTP requests. Organizations running FortiSandbox are at immediate ri…
##updated 2026-04-14T18:30:41
1 posts
2 repos
⚠️ CRITICAL: Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Fortinet FortiSandbox is under active exploitation for three critical unauthenticated RCE vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089). All three bypass authentication and allow arbitrary command execution via HTTP requests. Organizations running FortiSandbox are at immediate ri…
##updated 2025-08-04T21:31:49
2 posts
Apple Patches Beats Studio Buds Eavesdropping Flaw
Apple patched a high-severity flaw (CVE-2025-20701) in Beats Studio Buds that allowed nearby attackers to eavesdrop via the microphone.
**Update your Beats Studio Buds firmware immediately to version 1B211 to prevent unauthorized microphone access.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apple-patches-beats-studio-buds-eavesdropping-flaw-4-l-h-1-u/gD2P6Ple2L
Apple Patches Beats Studio Buds Eavesdropping Flaw
Apple patched a high-severity flaw (CVE-2025-20701) in Beats Studio Buds that allowed nearby attackers to eavesdrop via the microphone.
**Update your Beats Studio Buds firmware immediately to version 1B211 to prevent unauthorized microphone access.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apple-patches-beats-studio-buds-eavesdropping-flaw-4-l-h-1-u/gD2P6Ple2L
NI grpc-device ≤2.17.0 hit by CRITICAL vuln (CVE-2026-9142, CVSS 9.1) 🛡️ Missing authentication when TLS isn't set & server exposed beyond loopback. Unauthenticated LAN access possible. Mitigate by enabling TLS & restricting binding. https://radar.offseq.com/threat/cve-2026-9142-cwe-306-missing-authentication-for-c-f718635a9d1e7a48 #OffSeq #NI #Vuln
##CVE-2026-9142 - Critical RCE in Ni grpc-device. Insecure default credentials allow unauthenticated network access. CVSS 9.1. Update immediately. #CVE #infosec #cybersecurity
##NI grpc-device ≤2.17.0 hit by CRITICAL vuln (CVE-2026-9142, CVSS 9.1) 🛡️ Missing authentication when TLS isn't set & server exposed beyond loopback. Unauthenticated LAN access possible. Mitigate by enabling TLS & restricting binding. https://radar.offseq.com/threat/cve-2026-9142-cwe-306-missing-authentication-for-c-f718635a9d1e7a48 #OffSeq #NI #Vuln
##ProxySQL (2.0.18 – 3.0.8) hit by CRITICAL CVE-2026-48773: pre-auth heap memory corruption (CWE-787) allows remote unauthenticated attackers to trigger out-of-bounds write. Upgrade to 3.0.9 ASAP. https://radar.offseq.com/threat/cve-2026-48773-cwe-787-out-of-bounds-write-in-syso-7cef27326cf25a33 #OffSeq #ProxySQL #CVE202648773 #infosec
##ProxySQL (2.0.18 – 3.0.8) hit by CRITICAL CVE-2026-48773: pre-auth heap memory corruption (CWE-787) allows remote unauthenticated attackers to trigger out-of-bounds write. Upgrade to 3.0.9 ASAP. https://radar.offseq.com/threat/cve-2026-48773-cwe-787-out-of-bounds-write-in-syso-7cef27326cf25a33 #OffSeq #ProxySQL #CVE202648773 #infosec
##CVE-2026-47846 - Critical supply chain attack in Bitnami Cassandra containers. Default superuser cassandra:cassandra retained after custom admin setup. CVSS 9.8. Update all affected images immediately. #CVE #Bitnami #infosec
##Bitnami Cassandra container images (4.0.0, 4.1.0, 5.0.0) have a CRITICAL flaw (CVE-2026-47846): default cassandra:cassandra superuser may remain after custom admin setup. Update urgently! https://radar.offseq.com/threat/cve-2026-47846-cwe-798-use-of-hard-coded-credentia-ebcf63185c71b6d0 #OffSeq #Cassandra #Vuln #CloudSecurity
##Security Advisory: CVE-2025-60467 - Use-After-Free in GPAC MP4Box Filter PID Cleanup
A use-after-free vulnerability exists in GPAC MP4Box when processing a crafted MPEG-2 TS/MP4 file. The issue is triggered during filter teardown in `gf_filter_pid_inst_swap_delete_task()` and can cause MP4Box to crash.
Summary:
AddressSanitizer confirms a heap-use-after-free in `filter_core/filter_pid.c:580`, where code reads from a PID instance object after it has already been freed during swap/delete cleanup.
The crafted file contains malformed MPEG-2 TS structures, including broken PMT descriptors and invalid PID metadata. While MP4Box processes the file with `-info`, the filter core performs PID instance cleanup. During this cleanup path, a PID instance is freed and later accessed again by `gf_filter_pid_inst_swap_delete_task()`.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:580
Function: gf_filter_pid_inst_swap_delete_task()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
```
2.5-DEV-rev1593-gfe88c3545-master
Commit: fe88c3545aadd597b250ccf23271d5d3de50ccc8
```
Attack Conditions:
An attacker supplies a crafted input file that is processed by MP4Box. The issue can be reproduced locally with:
```
./MP4Box -info 39_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_580
```
The prepared CVSS vector:
```
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
```
Impact:
denial of service via application crash; local triage notes also identify potential arbitrary code execution risk
Fix / mitigation status:
Users should update to a fixed GPAC release or apply the vendor-confirmed patch. Verify the final vendor fix commit before public release if the advisory is published independently.
References:
- Issue: https://github.com/gpac/gpac/issues/3290
- Fix: https://github.com/gpac/gpac/commit/aed9c94e92e8ba362ddb29c767c519478f46f195
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/39/39_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_580
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60467
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60467 - Use-After-Free in GPAC MP4Box PID Swap Delete Task
Processing a crafted media file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_inst_swap_delete_task()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_inst_swap_delete_task()` function in `filter_core/filter_pid.c` can access a `GF_FilterPidInstance` object after it has already been freed by `gf_filter_pid_inst_swap_delete()`. Crafted input that exercises filter reconfiguration and deferred teardown paths can cause the scheduler to process a delete task with a stale pointer.
AddressSanitizer reports a `heap-use-after-free` at `filter_core/filter_pid.c:574`, with a `READ of size 4` from a previously freed 336-byte heap region.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:574
Function: gf_filter_pid_inst_swap_delete_task()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77` should be considered affected if they contain the vulnerable deferred PID swap delete task path.
Attack Conditions:
An attacker supplies a crafted media file or filter graph input that is processed by MP4Box through the info/import path and triggers PID reconfiguration and deferred teardown. The issue can be reproduced locally with:
```
./MP4Box -info 37_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_574
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77
```
Users should update to a GPAC build containing this commit or later. The affected deferred task path should ensure that `GF_FilterPidInstance` lifetime remains valid before a scheduled delete task accesses it.
References:
- Issue: https://github.com/gpac/gpac/issues/3286
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/37/37_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_574
- Fix: https://github.com/gpac/gpac/commit/976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60467
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60467 - Use-After-Free in GPAC MP4Box Filter PID Cleanup
A use-after-free vulnerability exists in GPAC MP4Box when processing a crafted MPEG-2 TS/MP4 file. The issue is triggered during filter teardown in `gf_filter_pid_inst_swap_delete_task()` and can cause MP4Box to crash.
Summary:
AddressSanitizer confirms a heap-use-after-free in `filter_core/filter_pid.c:580`, where code reads from a PID instance object after it has already been freed during swap/delete cleanup.
The crafted file contains malformed MPEG-2 TS structures, including broken PMT descriptors and invalid PID metadata. While MP4Box processes the file with `-info`, the filter core performs PID instance cleanup. During this cleanup path, a PID instance is freed and later accessed again by `gf_filter_pid_inst_swap_delete_task()`.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:580
Function: gf_filter_pid_inst_swap_delete_task()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
```
2.5-DEV-rev1593-gfe88c3545-master
Commit: fe88c3545aadd597b250ccf23271d5d3de50ccc8
```
Attack Conditions:
An attacker supplies a crafted input file that is processed by MP4Box. The issue can be reproduced locally with:
```
./MP4Box -info 39_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_580
```
The prepared CVSS vector:
```
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
```
Impact:
denial of service via application crash; local triage notes also identify potential arbitrary code execution risk
Fix / mitigation status:
Users should update to a fixed GPAC release or apply the vendor-confirmed patch. Verify the final vendor fix commit before public release if the advisory is published independently.
References:
- Issue: https://github.com/gpac/gpac/issues/3290
- Fix: https://github.com/gpac/gpac/commit/aed9c94e92e8ba362ddb29c767c519478f46f195
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/39/39_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_580
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60467
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60467 - Use-After-Free in GPAC MP4Box PID Swap Delete Task
Processing a crafted media file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_inst_swap_delete_task()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_inst_swap_delete_task()` function in `filter_core/filter_pid.c` can access a `GF_FilterPidInstance` object after it has already been freed by `gf_filter_pid_inst_swap_delete()`. Crafted input that exercises filter reconfiguration and deferred teardown paths can cause the scheduler to process a delete task with a stale pointer.
AddressSanitizer reports a `heap-use-after-free` at `filter_core/filter_pid.c:574`, with a `READ of size 4` from a previously freed 336-byte heap region.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:574
Function: gf_filter_pid_inst_swap_delete_task()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77` should be considered affected if they contain the vulnerable deferred PID swap delete task path.
Attack Conditions:
An attacker supplies a crafted media file or filter graph input that is processed by MP4Box through the info/import path and triggers PID reconfiguration and deferred teardown. The issue can be reproduced locally with:
```
./MP4Box -info 37_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_574
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77
```
Users should update to a GPAC build containing this commit or later. The affected deferred task path should ensure that `GF_FilterPidInstance` lifetime remains valid before a scheduled delete task accesses it.
References:
- Issue: https://github.com/gpac/gpac/issues/3286
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/37/37_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_574
- Fix: https://github.com/gpac/gpac/commit/976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60467
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60474 - Heap Buffer Overflow in GPAC MP4Box Media Import
A heap buffer overflow vulnerability exists in GPAC MP4Box when processing a crafted media file with the `-info` option. The issue occurs in `gf_media_import()` in `media_tools/media_import.c` and can be triggered by supplying a malformed input file to MP4Box.
Summary:
AddressSanitizer confirms an out-of-bounds read at `media_tools/media_import.c:1297`. The vulnerable code reads 1 byte at offset `[1]` from a 1-byte heap buffer allocated from an empty string via `strdup("")`, where only offset `[0]` is valid.
The crafted input reaches MP4Box media import handling and causes `gf_media_import()` to access memory immediately after a 1-byte heap allocation. The allocation originates from property handling for an empty string and is later read out of bounds during media import processing.
CWE:
CWE-122 - Heap-based Buffer Overflow
Affected Component:
```
media_tools/media_import.c:1297
Function: gf_media_import()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
```
2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
Attack Conditions:
An attacker supplies a crafted input file that is processed by MP4Box. The issue can be reproduced locally with:
```
./MP4Box -info 38_gf_media_import_media_tools_media_import_c_1297
```
The prepared CVSS vector:
```
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
```
Impact:
denial of service via application crash; local triage notes also identify potential code execution risk
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
bd7fd6be546e0cd9e599c6b262c338c5f2ecec5c
```
Users should update to a GPAC build containing this commit or later.
References:
- Issue: https://github.com/gpac/gpac/issues/3287
- Fix: https://github.com/gpac/gpac/commit/bd7fd6be546e0cd9e599c6b262c338c5f2ecec5c
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/38/38_gf_media_import_media_tools_media_import_c_1297
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60474
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60474 - Heap Buffer Overflow in GPAC MP4Box Media Import
A heap buffer overflow vulnerability exists in GPAC MP4Box when processing a crafted media file with the `-info` option. The issue occurs in `gf_media_import()` in `media_tools/media_import.c` and can be triggered by supplying a malformed input file to MP4Box.
Summary:
AddressSanitizer confirms an out-of-bounds read at `media_tools/media_import.c:1297`. The vulnerable code reads 1 byte at offset `[1]` from a 1-byte heap buffer allocated from an empty string via `strdup("")`, where only offset `[0]` is valid.
The crafted input reaches MP4Box media import handling and causes `gf_media_import()` to access memory immediately after a 1-byte heap allocation. The allocation originates from property handling for an empty string and is later read out of bounds during media import processing.
CWE:
CWE-122 - Heap-based Buffer Overflow
Affected Component:
```
media_tools/media_import.c:1297
Function: gf_media_import()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
```
2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
Attack Conditions:
An attacker supplies a crafted input file that is processed by MP4Box. The issue can be reproduced locally with:
```
./MP4Box -info 38_gf_media_import_media_tools_media_import_c_1297
```
The prepared CVSS vector:
```
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
```
Impact:
denial of service via application crash; local triage notes also identify potential code execution risk
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
bd7fd6be546e0cd9e599c6b262c338c5f2ecec5c
```
Users should update to a GPAC build containing this commit or later.
References:
- Issue: https://github.com/gpac/gpac/issues/3287
- Fix: https://github.com/gpac/gpac/commit/bd7fd6be546e0cd9e599c6b262c338c5f2ecec5c
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/38/38_gf_media_import_media_tools_media_import_c_1297
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60474
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##CVE-2026-48772 (CRITICAL): ProxySQL 2.0.0 – 3.0.8 lets attackers spoof source IPs via PROXY protocol v1, bypassing routing & ACLs. Upgrade to 3.0.9 or later. Restrict frontend port access. Details: https://radar.offseq.com/threat/cve-2026-48772-cwe-348-use-of-less-trusted-source--40b83fbf2f9ef184 #OffSeq #ProxySQL #CVE202648772 #Security
##CVE-2026-48772 (CRITICAL): ProxySQL 2.0.0 – 3.0.8 lets attackers spoof source IPs via PROXY protocol v1, bypassing routing & ACLs. Upgrade to 3.0.9 or later. Restrict frontend port access. Details: https://radar.offseq.com/threat/cve-2026-48772-cwe-348-use-of-less-trusted-source--40b83fbf2f9ef184 #OffSeq #ProxySQL #CVE202648772 #Security
##Security Advisory: CVE-2025-60473 - NULL Pointer Dereference in GPAC MP4Box Filter Parent Chain
Processing a crafted media file with MP4Box `-info` can trigger a NULL pointer dereference in `gf_filter_in_parent_chain()`, causing a Denial of Service.
Summary:
The `gf_filter_in_parent_chain()` function in `filter_core/filter_pid.c` does not sufficiently validate a parent filter pointer before dereferencing it. When MP4Box processes a specially crafted media file with malformed MPEG-2 TS data and a corrupted PID/filter chain, the vulnerable path can attempt to read from address `0x000000000008`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
filter_core/filter_pid.c:2145
Function: gf_filter_in_parent_chain()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `b8d80b44718de10b101e1d7fc17c84d69feb092e` should be considered affected if they contain the vulnerable filter parent-chain validation path.
Attack Conditions:
An attacker supplies a crafted media file with malformed MPEG-2 TS packet data and a corrupted PID/filter chain. The issue can be reproduced locally with:
```
./MP4Box -info 36_gf_filter_in_parent_chain_filter_core_filter_pid_c_2145
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. The local MITRE/BDU data also notes potential arbitrary code execution, although the available ASAN evidence shows a NULL pointer dereference crash.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
b8d80b44718de10b101e1d7fc17c84d69feb092e
```
Users should update to a GPAC build containing this commit or later. The affected filter graph code should validate parent filter pointers before dereferencing them during PID initialization.
References:
- Issue: https://github.com/gpac/gpac/issues/3285
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/36/36_gf_filter_in_parent_chain_filter_core_filter_pid_c_2145
- Fix: https://github.com/gpac/gpac/commit/b8d80b44718de10b101e1d7fc17c84d69feb092e
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60473
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60473 - NULL Pointer Dereference in GPAC MP4Box Filter Parent Chain
Processing a crafted media file with MP4Box `-info` can trigger a NULL pointer dereference in `gf_filter_in_parent_chain()`, causing a Denial of Service.
Summary:
The `gf_filter_in_parent_chain()` function in `filter_core/filter_pid.c` does not sufficiently validate a parent filter pointer before dereferencing it. When MP4Box processes a specially crafted media file with malformed MPEG-2 TS data and a corrupted PID/filter chain, the vulnerable path can attempt to read from address `0x000000000008`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
filter_core/filter_pid.c:2145
Function: gf_filter_in_parent_chain()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `b8d80b44718de10b101e1d7fc17c84d69feb092e` should be considered affected if they contain the vulnerable filter parent-chain validation path.
Attack Conditions:
An attacker supplies a crafted media file with malformed MPEG-2 TS packet data and a corrupted PID/filter chain. The issue can be reproduced locally with:
```
./MP4Box -info 36_gf_filter_in_parent_chain_filter_core_filter_pid_c_2145
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. The local MITRE/BDU data also notes potential arbitrary code execution, although the available ASAN evidence shows a NULL pointer dereference crash.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
b8d80b44718de10b101e1d7fc17c84d69feb092e
```
Users should update to a GPAC build containing this commit or later. The affected filter graph code should validate parent filter pointers before dereferencing them during PID initialization.
References:
- Issue: https://github.com/gpac/gpac/issues/3285
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/36/36_gf_filter_in_parent_chain_filter_core_filter_pid_c_2145
- Fix: https://github.com/gpac/gpac/commit/b8d80b44718de10b101e1d7fc17c84d69feb092e
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60473
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60466 - Expired Pointer Dereference in GPAC MP4Box Packet Retrieval
Processing a crafted media file with MP4Box `-info` can trigger an expired pointer dereference in `gf_filter_pid_get_packet()`, causing a heap use-after-free crash and potential code execution.
Summary:
The `gf_filter_pid_get_packet()` function in `filter_core/filter_pid.c` may operate on an invalidated Packet ID (PID) object after it has been freed by `gf_filter_pid_del()`. When MP4Box processes a specially crafted media file through the filter graph, the `inspect` filter can request packets from a stale PID object, leading to access to freed heap memory.
CWE:
CWE-825 - Expired Pointer Dereference
Affected Component:
```
filter_core/filter_pid.c:6827
Function: gf_filter_pid_get_packet()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `4a7ea06dd1b2cc65fe0dabc60189eb6bc814f7bb` should be considered affected if they contain the vulnerable PID packet retrieval path.
Attack Conditions:
An attacker supplies a crafted media file that is processed by MP4Box through the info/import path and drives the inspect/filter pipeline through PID deletion and packet retrieval paths. The issue can be reproduced locally with:
```
./MP4Box -info 35_gf_filter_pid_get_packet_filter_core_filter_pid_c_6827
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free / expired pointer dereference, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
4a7ea06dd1b2cc65fe0dabc60189eb6bc814f7bb
```
Users should update to a GPAC build containing this commit or later. The fix adds checks to ignore tasks when PID or filter objects have been removed or finalized, preventing stale object use.
References:
- Issue: https://github.com/gpac/gpac/issues/3284
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/35/35_gf_filter_pid_get_packet_filter_core_filter_pid_c_6827
- Fix: https://github.com/gpac/gpac/commit/4a7ea06dd1b2cc65fe0dabc60189eb6bc814f7bb
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60466
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60466 - Expired Pointer Dereference in GPAC MP4Box Packet Retrieval
Processing a crafted media file with MP4Box `-info` can trigger an expired pointer dereference in `gf_filter_pid_get_packet()`, causing a heap use-after-free crash and potential code execution.
Summary:
The `gf_filter_pid_get_packet()` function in `filter_core/filter_pid.c` may operate on an invalidated Packet ID (PID) object after it has been freed by `gf_filter_pid_del()`. When MP4Box processes a specially crafted media file through the filter graph, the `inspect` filter can request packets from a stale PID object, leading to access to freed heap memory.
CWE:
CWE-825 - Expired Pointer Dereference
Affected Component:
```
filter_core/filter_pid.c:6827
Function: gf_filter_pid_get_packet()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `4a7ea06dd1b2cc65fe0dabc60189eb6bc814f7bb` should be considered affected if they contain the vulnerable PID packet retrieval path.
Attack Conditions:
An attacker supplies a crafted media file that is processed by MP4Box through the info/import path and drives the inspect/filter pipeline through PID deletion and packet retrieval paths. The issue can be reproduced locally with:
```
./MP4Box -info 35_gf_filter_pid_get_packet_filter_core_filter_pid_c_6827
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free / expired pointer dereference, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
4a7ea06dd1b2cc65fe0dabc60189eb6bc814f7bb
```
Users should update to a GPAC build containing this commit or later. The fix adds checks to ignore tasks when PID or filter objects have been removed or finalized, preventing stale object use.
References:
- Issue: https://github.com/gpac/gpac/issues/3284
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/35/35_gf_filter_pid_get_packet_filter_core_filter_pid_c_6827
- Fix: https://github.com/gpac/gpac/commit/4a7ea06dd1b2cc65fe0dabc60189eb6bc814f7bb
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60466
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60465 - Use-After-Free in GPAC MP4Box PID Instance Swap
Processing a crafted media file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_inst_swap()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_inst_swap()` function in `filter_core/filter_pid.c` does not reset `ctx->pid_inst` to NULL after freeing the PID instance. Subsequent PID configuration and reconfiguration steps can reuse this dangling pointer, leading to access to freed heap memory.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:633
Function: gf_filter_pid_inst_swap()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `55b351bd078c950592544ab4c708a613c1725b9b` should be considered affected if they contain the vulnerable PID instance swap path.
Attack Conditions:
An attacker supplies a crafted media or MPEG-2 TS input that is processed by MP4Box through the info/import path and triggers filter PID reconfiguration. The issue can be reproduced locally with:
```
./MP4Box -info 34_gf_filter_pid_inst_swap_filter_core_filter_pid_c_633
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
55b351bd078c950592544ab4c708a613c1725b9b
```
Users should update to a GPAC build containing this commit or later. The affected PID instance swap path should clear `ctx->pid_inst` after freeing it and avoid later use of stale PID object pointers.
References:
- Issue: https://github.com/gpac/gpac/issues/3283
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/34/34_gf_filter_pid_inst_swap_filter_core_filter_pid_c_633
- Fix: https://github.com/gpac/gpac/commit/55b351bd078c950592544ab4c708a613c1725b9b
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60465
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60465 - Use-After-Free in GPAC MP4Box PID Instance Swap
Processing a crafted media file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_inst_swap()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_inst_swap()` function in `filter_core/filter_pid.c` does not reset `ctx->pid_inst` to NULL after freeing the PID instance. Subsequent PID configuration and reconfiguration steps can reuse this dangling pointer, leading to access to freed heap memory.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:633
Function: gf_filter_pid_inst_swap()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `55b351bd078c950592544ab4c708a613c1725b9b` should be considered affected if they contain the vulnerable PID instance swap path.
Attack Conditions:
An attacker supplies a crafted media or MPEG-2 TS input that is processed by MP4Box through the info/import path and triggers filter PID reconfiguration. The issue can be reproduced locally with:
```
./MP4Box -info 34_gf_filter_pid_inst_swap_filter_core_filter_pid_c_633
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
55b351bd078c950592544ab4c708a613c1725b9b
```
Users should update to a GPAC build containing this commit or later. The affected PID instance swap path should clear `ctx->pid_inst` after freeing it and avoid later use of stale PID object pointers.
References:
- Issue: https://github.com/gpac/gpac/issues/3283
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/34/34_gf_filter_pid_inst_swap_filter_core_filter_pid_c_633
- Fix: https://github.com/gpac/gpac/commit/55b351bd078c950592544ab4c708a613c1725b9b
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60465
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60471 - Use-After-Free in GPAC MP4Box PID Reconfiguration
Processing a crafted media file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_reconfigure_task_discard()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_reconfigure_task_discard()` function in `filter_core/filter_pid.c` can access a freed Packet ID (PID) object during filter reconfiguration cleanup. When MP4Box processes a specially crafted file with malformed MPEG-2 TS packet data, broken PMT descriptors, unsupported stream types, and invalid packet structure, the vulnerable path may free a PID instance through `gf_filter_pid_inst_swap()` and later dereference it during reconfiguration task discard.
AddressSanitizer reports a `heap-use-after-free` at `filter_core/filter_pid.c:1346`, with a `READ of size 8` from a freed 336-byte heap region.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:1346
Function: gf_filter_pid_reconfigure_task_discard()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
Builds before the fix commit `48b0f505679ee41004cb521ac3b76b610650c0cb` should be considered affected if they contain the vulnerable PID reconfiguration cleanup path.
Attack Conditions:
An attacker supplies a crafted media file that is processed by MP4Box through the info/import path. The issue can be reproduced locally with:
```
./MP4Box -info 33_gf_filter_pid_reconfigure_task_discard_filter_core_filter_pid_c_1346
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
48b0f505679ee41004cb521ac3b76b610650c0cb
```
Users should update to a GPAC build containing this commit or later. The affected PID reconfiguration path should ensure that PID object lifetime remains valid before discard logic accesses the object.
References:
- Issue: https://github.com/gpac/gpac/issues/3282
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/33/33_gf_filter_pid_reconfigure_task_discard_filter_core_filter_pid_c_1346
- Fix: https://github.com/gpac/gpac/commit/48b0f505679ee41004cb521ac3b76b610650c0cb
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60471
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60471 - Use-After-Free in GPAC MP4Box PID Reconfiguration
Processing a crafted MPEG-2 TS file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_reconfigure_task_discard()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_reconfigure_task_discard()` function in `filter_core/filter_pid.c` can access a freed `pid_inst` structure during PID reconfiguration task disposal. When MP4Box processes a specially crafted MPEG-2 Transport Stream file containing broken PMT descriptors, missing packet sync markers, unsupported stream types, and invalid packet data, a PID instance can be freed by `gf_filter_pid_inst_swap_delete()` and later accessed in `gf_filter_pid_reconfigure_task_discard()`.
AddressSanitizer reports a `heap-use-after-free` at `filter_core/filter_pid.c:1341`, with a `READ of size 8` from a freed 336-byte heap region.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:1341
Function: gf_filter_pid_reconfigure_task_discard()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1557-g62714f27c-master
Commit: 62714f27c64a3d1eb7e880f9eed2d38673cb43ce
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Local MITRE data also describes affected GPAC MP4Box 2.4 and earlier, including development branches that contain the vulnerable PID reconfiguration lifecycle handling.
Builds before the fix commit `868c6801c226e9964cace54cfd5a759f152780b4` should be considered affected if they contain the vulnerable path.
Attack Conditions:
An attacker supplies a crafted MPEG-2 TS file with corrupted PMT descriptors and invalid packet data. The issue can be reproduced locally with:
```
./MP4Box -info 31_gf_filter_pid_reconfigure_task_discard_filter_core_filter_pid_c_1341
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
868c6801c226e9964cace54cfd5a759f152780b4
```
Users should update to a GPAC build containing this commit or later. The affected filter PID reconfiguration path should ensure that PID instance lifetime is valid before task discard logic accesses the object.
References:
- Issue: https://github.com/gpac/gpac/issues/3279
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/31/31_gf_filter_pid_reconfigure_task_discard_filter_core_filter_pid_c_1341
- Fix: https://github.com/gpac/gpac/commit/868c6801c226e9964cace54cfd5a759f152780b4
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60471
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60471 - Use-After-Free in GPAC MP4Box PID Reconfiguration
Processing a crafted media file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_reconfigure_task_discard()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_reconfigure_task_discard()` function in `filter_core/filter_pid.c` can access a freed Packet ID (PID) object during filter reconfiguration cleanup. When MP4Box processes a specially crafted file with malformed MPEG-2 TS packet data, broken PMT descriptors, unsupported stream types, and invalid packet structure, the vulnerable path may free a PID instance through `gf_filter_pid_inst_swap()` and later dereference it during reconfiguration task discard.
AddressSanitizer reports a `heap-use-after-free` at `filter_core/filter_pid.c:1346`, with a `READ of size 8` from a freed 336-byte heap region.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:1346
Function: gf_filter_pid_reconfigure_task_discard()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
Builds before the fix commit `48b0f505679ee41004cb521ac3b76b610650c0cb` should be considered affected if they contain the vulnerable PID reconfiguration cleanup path.
Attack Conditions:
An attacker supplies a crafted media file that is processed by MP4Box through the info/import path. The issue can be reproduced locally with:
```
./MP4Box -info 33_gf_filter_pid_reconfigure_task_discard_filter_core_filter_pid_c_1346
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
48b0f505679ee41004cb521ac3b76b610650c0cb
```
Users should update to a GPAC build containing this commit or later. The affected PID reconfiguration path should ensure that PID object lifetime remains valid before discard logic accesses the object.
References:
- Issue: https://github.com/gpac/gpac/issues/3282
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/33/33_gf_filter_pid_reconfigure_task_discard_filter_core_filter_pid_c_1346
- Fix: https://github.com/gpac/gpac/commit/48b0f505679ee41004cb521ac3b76b610650c0cb
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60471
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60471 - Use-After-Free in GPAC MP4Box PID Reconfiguration
Processing a crafted MPEG-2 TS file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_reconfigure_task_discard()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_reconfigure_task_discard()` function in `filter_core/filter_pid.c` can access a freed `pid_inst` structure during PID reconfiguration task disposal. When MP4Box processes a specially crafted MPEG-2 Transport Stream file containing broken PMT descriptors, missing packet sync markers, unsupported stream types, and invalid packet data, a PID instance can be freed by `gf_filter_pid_inst_swap_delete()` and later accessed in `gf_filter_pid_reconfigure_task_discard()`.
AddressSanitizer reports a `heap-use-after-free` at `filter_core/filter_pid.c:1341`, with a `READ of size 8` from a freed 336-byte heap region.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:1341
Function: gf_filter_pid_reconfigure_task_discard()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1557-g62714f27c-master
Commit: 62714f27c64a3d1eb7e880f9eed2d38673cb43ce
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Local MITRE data also describes affected GPAC MP4Box 2.4 and earlier, including development branches that contain the vulnerable PID reconfiguration lifecycle handling.
Builds before the fix commit `868c6801c226e9964cace54cfd5a759f152780b4` should be considered affected if they contain the vulnerable path.
Attack Conditions:
An attacker supplies a crafted MPEG-2 TS file with corrupted PMT descriptors and invalid packet data. The issue can be reproduced locally with:
```
./MP4Box -info 31_gf_filter_pid_reconfigure_task_discard_filter_core_filter_pid_c_1341
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
868c6801c226e9964cace54cfd5a759f152780b4
```
Users should update to a GPAC build containing this commit or later. The affected filter PID reconfiguration path should ensure that PID instance lifetime is valid before task discard logic accesses the object.
References:
- Issue: https://github.com/gpac/gpac/issues/3279
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/31/31_gf_filter_pid_reconfigure_task_discard_filter_core_filter_pid_c_1341
- Fix: https://github.com/gpac/gpac/commit/868c6801c226e9964cace54cfd5a759f152780b4
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60471
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60464 - Use-After-Free in GPAC MP4Box SEI State Handling
Processing a crafted MPEG-2 TS file with MP4Box `-info` can trigger a heap use-after-free in `gf_sei_load_from_state_internal()`, causing a crash and potential code execution.
Summary:
The `gf_sei_load_from_state_internal()` function in `filters/sei_load.c` can access codec/SEI state after the related heap buffer has been freed by the NALU demuxer setup path. When MP4Box processes a specially crafted MPEG-2 Transport Stream file containing malformed AVC/HEVC/VVC NAL units and corrupted PMT descriptors, `naludmx_configure_pid()` can release a state buffer that is later read during SEI state loading.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filters/sei_load.c:225
Function: gf_sei_load_from_state_internal()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1557-g62714f27c-master
Commit: 62714f27c64a3d1eb7e880f9eed2d38673cb43ce
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `8f404bd581e455267482f86272169a742f654b97` should be considered affected if they contain the vulnerable SEI state handling path.
Attack Conditions:
An attacker supplies a crafted MPEG-2 TS file containing malformed AVC/HEVC/VVC bitstream data, corrupted PMT descriptors, and invalid NAL/SEI state. The issue can be reproduced locally with:
```
./MP4Box -info 32_filters_sei_load_c_225_in_gf_sei_load_from_state_internal
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
8f404bd581e455267482f86272169a742f654b97
```
Users should update to a GPAC build containing this commit or later. The affected SEI/NALU handling path should ensure state buffers remain valid before SEI parsing reads from them.
References:
- Issue: https://github.com/gpac/gpac/issues/3278
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/32/32_filters_sei_load_c_225_in_gf_sei_load_from_state_internal
- Fix: https://github.com/gpac/gpac/commit/8f404bd581e455267482f86272169a742f654b97
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60464
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60464 - Use-After-Free in GPAC MP4Box SEI State Handling
Processing a crafted MPEG-2 TS file with MP4Box `-info` can trigger a heap use-after-free in `gf_sei_load_from_state_internal()`, causing a crash and potential code execution.
Summary:
The `gf_sei_load_from_state_internal()` function in `filters/sei_load.c` can access codec/SEI state after the related heap buffer has been freed by the NALU demuxer setup path. When MP4Box processes a specially crafted MPEG-2 Transport Stream file containing malformed AVC/HEVC/VVC NAL units and corrupted PMT descriptors, `naludmx_configure_pid()` can release a state buffer that is later read during SEI state loading.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filters/sei_load.c:225
Function: gf_sei_load_from_state_internal()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1557-g62714f27c-master
Commit: 62714f27c64a3d1eb7e880f9eed2d38673cb43ce
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `8f404bd581e455267482f86272169a742f654b97` should be considered affected if they contain the vulnerable SEI state handling path.
Attack Conditions:
An attacker supplies a crafted MPEG-2 TS file containing malformed AVC/HEVC/VVC bitstream data, corrupted PMT descriptors, and invalid NAL/SEI state. The issue can be reproduced locally with:
```
./MP4Box -info 32_filters_sei_load_c_225_in_gf_sei_load_from_state_internal
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
8f404bd581e455267482f86272169a742f654b97
```
Users should update to a GPAC build containing this commit or later. The affected SEI/NALU handling path should ensure state buffers remain valid before SEI parsing reads from them.
References:
- Issue: https://github.com/gpac/gpac/issues/3278
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/32/32_filters_sei_load_c_225_in_gf_sei_load_from_state_internal
- Fix: https://github.com/gpac/gpac/commit/8f404bd581e455267482f86272169a742f654b97
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60464
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##CVE-2026-48768 - Critical XSS in Typebot. Unauthenticated file upload to arbitrary S3 paths. Malicious HTML/SVG/JS can be injected into other tenants' results. CVSS 9.3. No patch available. Disable file input blocks immediately. #CVE #Typebot #infosec
##⚠️ CRITICAL: CVE-2026-48768 in typebot.io (≤3.16.1) allows unauthenticated path injection — attackers can upload HTML/JS to public paths, risking stored XSS. Upgrade to 3.17.0. https://radar.offseq.com/threat/cve-2026-48768-cwe-22-improper-limitation-of-a-pat-bab741214d20a19d #OffSeq #CVE202648768 #Infosec #PathTraversal
##CVE-2026-48979 - HTTP/2 request smuggling in PHP standard library (PSL). Unvalidated DATA frame bytes allow content overflow. CVSS 7.5. No patch yet; disable PSL H2 servers or upgrade if fix released. #CVE #PHP #infosec
##CVE-2026-48979 - HTTP/2 request smuggling in PHP standard library (PSL). Unvalidated DATA frame bytes allow content overflow. CVSS 7.5. No patch yet; disable PSL H2 servers or upgrade if fix released. #CVE #PHP #infosec
##The item worth reading twice in Node.js's June 18 release is CVE-2026-48618: a TLS wildcard-depth check that a Unicode dot separator can bypass, defeating hostname authentication without any obvious signal. It rides alongside 12 other CVEs across 22.23.0, 24.17.0 and 26.3.1, including a HIGH-rated WebCrypto AES integer overflow. Most teams patch crashers fast and silent auth bypasses slowly. Which kind does your process prioritize?
####This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48615) lib,test:...
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48615) lib,test:...
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48937) deps: fix...
Squidbleed (CVE-2026-47729) - Heartbleed-style vulnerability that leaks internal memory from every version of Squid Proxy, in its default configuration https://blog.calif.io/p/squidbleed-cve-2026-47729
##CVE-2026-49257: startreedata mcp-pinot <=3.0.1 has a CRITICAL auth bypass. MCP server exposes full read/write access to Pinot clusters on 0.0.0.0:8080. Upgrade to 3.1.0 ASAP. https://radar.offseq.com/threat/cve-2026-49257-cwe-306-missing-authentication-for--c0c28b77341e3a12 #OffSeq #Vulnerability #CVE202649257 #Infosec
##I'm more than 25 years into IT at this point, but this is a first for me. Not one I'm proud of, but one I take responsibility for:
My project ansible_jailexec (an Ansible connection plugin for FreeBSD Jails) had a bug that turned out to be a vulnerability. Improper Link Resolution Before File Access (CWE-59), a jail escape. It's been assigned CVE-2026-55074 so people can scan for it (I know it's bundled into Collections out there).
If you're running < 2.0.0: please upgrade. 2.0.0 fixes it.
Advisory: https://github.com/chofstede/ansible_jailexec/security/advisories/GHSA-cxgv-hp74-jj7r
Release: https://github.com/chofstede/ansible_jailexec/releases/tag/v2.0.0
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48615) lib,test:...
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48615) lib,test:...
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48937) deps: fix...
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48615) lib,test:...
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48615) lib,test:...
Security Advisory: CVE-2025-55640 - Heap Buffer Overflow in GPAC MP4Box Sample Size Handling
Processing a crafted MP4 file with MP4Box `-add` can trigger a heap buffer overflow in `stbl_AddSize()`, causing a crash and potential code execution.
Summary:
The `stbl_AddSize()` function in `isomedia/stbl_write.c` does not sufficiently validate sample count boundaries before writing to the sample size table. When MP4Box imports a specially crafted MP4 file containing manipulated sample metadata, corrupted sample counts, invalid aspect ratios, and oversized box declarations, the vulnerable path writes beyond the allocated heap buffer for `stbl->sampleSize->sizes`.
AddressSanitizer reports a `heap-buffer-overflow` at `isomedia/stbl_write.c:492`, with a `WRITE of size 4` immediately after a 64-byte heap allocation.
CWE:
CWE-122 - Heap-based Buffer Overflow
Affected Component:
```
isomedia/stbl_write.c:492
Function: stbl_AddSize()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
GPAC MP4Box version 2.4 is affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
027ce139dda498ee95df36db9f9f6f3cadce8ec9
```
Builds before the fix commit `321624f28d19a413449fd1718d1eb59037f8f7fc` should be considered affected if they contain the vulnerable sample size table update path.
Attack Conditions:
An attacker supplies a crafted MP4 file with manipulated sample metadata. The issue can be reproduced locally with:
```
./MP4Box -add 25_poc.mp4 -new /dev/null
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is an out-of-bounds heap write, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
321624f28d19a413449fd1718d1eb59037f8f7fc
```
Users should update to a GPAC build containing this commit or later. The affected sample size table path should validate `sampleCount` and ensure capacity before writing sample size entries.
References:
- Issue: https://github.com/gpac/gpac/issues/3261
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/25/25_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/321624f28d19a413449fd1718d1eb59037f8f7fc
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-55640
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-52291 - NULL Pointer Dereference in GPAC MP4Box Movie Info Dumping
Processing a crafted MP4 file with MP4Box `-info` can trigger a NULL pointer dereference in `DumpMovieInfo()`, causing a Denial of Service.
Summary:
The `DumpMovieInfo()` function in `applications/mp4box/filedump.c` does not sufficiently validate metadata tag values before printing them. When MP4Box processes a specially crafted MP4 file containing corrupted metadata tags, a NULL tag value can be passed to `fputs()`.
AddressSanitizer reports a segmentation fault caused by a read from address `0x0` in `strlen()` during `fputs()`, reached from `DumpMovieInfo()` at `applications/mp4box/filedump.c:4230`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
applications/mp4box/filedump.c:4230
Function: DumpMovieInfo()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
GPAC MP4Box version 2.4 is affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
6681656e841649ef91c2b76e561192fe9da791f8
```
Builds before the fix commit `4bbb6e5f7cb827e56f32b2f7a5918b0b8e395eb8` should be considered affected if they contain the vulnerable movie information dumping path.
Attack Conditions:
An attacker supplies a crafted MP4 file with corrupted metadata tags, such as a malformed or NULL `minor_version` tag value. The issue can be reproduced locally with:
```
./MP4Box -info 24_data
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. No evidence of arbitrary code execution was observed in the local crash data.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
4bbb6e5f7cb827e56f32b2f7a5918b0b8e395eb8
```
Users should update to a GPAC build containing this commit or later. The affected metadata dumping path should validate tag pointers and tag values before printing them.
References:
- Issue: https://github.com/gpac/gpac/issues/3255
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/24/24_data
- Fix: https://github.com/gpac/gpac/commit/4bbb6e5f7cb827e56f32b2f7a5918b0b8e395eb8
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-52291
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-55639 - NULL Pointer Dereference in GPAC MP4Box Track Kind Handling
Processing a crafted MP4 file with MP4Box `-add` can trigger a NULL pointer dereference in `gf_isom_add_track_kind()`, causing a Denial of Service.
Summary:
The `gf_isom_add_track_kind()` function in `isomedia/isom_write.c` does not sufficiently validate the `kind` string before passing it to `strdup()`. When MP4Box imports a specially crafted MP4 file containing corrupted MPEG-2 TS PMT descriptors and empty track metadata, a NULL `kind` pointer can reach `gf_isom_add_track_kind()`.
AddressSanitizer reports a segmentation fault caused by a read from address `0x0` in `strlen()` during `strdup()`, reached from `gf_isom_add_track_kind()` at `isomedia/isom_write.c:3153`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
isomedia/isom_write.c:3153
Function: gf_isom_add_track_kind()
``
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box version 2.4 is affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
78c2c9be29a41b38eca2c53d280442088a71dab9
```
Builds before the fix commit `027ce139dda498ee95df36db9f9f6f3cadce8ec9` should be considered affected if they contain the vulnerable track kind handling path.
Attack Conditions:
An attacker supplies a crafted MP4 file with corrupted PMT descriptors in an MPEG-2 TS stream and malformed or empty track metadata. The issue can be reproduced locally with:
```
./MP4Box -add 23_poc.mp4 -new /dev/null
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. No evidence of arbitrary code execution was observed.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
027ce139dda498ee95df36db9f9f6f3cadce8ec9
```
Users should update to a GPAC build containing this commit or later. The affected track metadata path should validate `kind` before duplicating it and fail cleanly when malformed input omits the expected metadata.
References:
- Issue: https://github.com/gpac/gpac/issues/3260
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/23/23_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/027ce139dda498ee95df36db9f9f6f3cadce8ec9
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-55639
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-55654 - Use-After-Free in GPAC MP4Box Packet Filtering
Processing a crafted media file with MP4Box `-nhml` export can trigger a heap use-after-free in `gf_filter_pid_get_packet()`, causing a crash and potential memory corruption.
Summary:
The `gf_filter_pid_get_packet()` function in `filter_core/filter_pid.c` may be called on a `gf_pid_filter_t` object that has already been freed by `gf_filter_pid_del()`. When MP4Box exports a specially crafted file through the `-nhml` path, the file output filter can continue packet processing after the related PID filter object has been released.
AddressSanitizer reports a `heap-use-after-free` at `filter_core/filter_pid.c:6792`, with a `READ of size 8` from a freed 336-byte heap region.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:6792
Function: gf_filter_pid_get_packet()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
63eccc33d4a2b731ebb31581ff5673a2c0b13ad4
```
Builds before the fix commit `0ccd2927c7145f5ab0352c5b15f787757b34eb18` should be considered affected if they contain the vulnerable packet filtering/export path.
Attack Conditions:
An attacker supplies a crafted media file that is processed by MP4Box through the NHML export path. The issue can be reproduced locally with:
```
./MP4Box -nhml trackID 22_data -out /dev/null
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution cannot be ruled out.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
0ccd2927c7145f5ab0352c5b15f787757b34eb18
```
Users should update to a GPAC build containing this commit or later. The affected filtering path should ensure that a PID filter object remains valid before packet retrieval continues.
References:
- Issue: https://github.com/gpac/gpac/issues/3249
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/22/22_data
- Fix: https://github.com/gpac/gpac/commit/0ccd2927c7145f5ab0352c5b15f787757b34eb18
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-55654
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-55653 - Divide by Zero in GPAC MP4Box
Processing a crafted MP4 file containing a zero-denominator fraction string causes gf_parse_lfrac() to divide by zero in utils/error.c:2290, terminating the process with SIGFPE.
Summary:
The gf_parse_lfrac() function in utils/error.c parses fractional timestamp or rate values extracted from media file metadata during file list processing. When a crafted MP4 causes filelist_next_url() to supply a fraction string whose denominator is zero, gf_parse_lfrac() performs the division at line 2290 without first validating that the divisor is non-zero. The resulting SIGFPE (floating-point exception) immediately kills the process with no possibility of recovery.
CWE:
CWE-369 - Divide by Zero
Affected Component:
```
utils/error.c:2290
Function: gf_parse_lfrac()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box 2.4 and earlier; tested at commit 63eccc33d4a2b731ebb31581ff5673a2c0b13ad4
Attack Conditions:
An attacker supplies a locally accessible crafted MP4 file containing an invalid fractional value with a zero denominator in its metadata. The victim runs MP4Box -add ./21_poc.mp4 -new /dev/null on the file. No elevated privileges are required.
Impact:
The division by zero causes an immediate fatal crash (Denial of Service). No evidence of arbitrary code execution was observed.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
4bbb6e5f7cb827e56f32b2f7a5918b0b8e395eb8
```
Users should update to a GPAC build containing this commit or later.
References:
- Issue: https://github.com/gpac/gpac/issues/3247
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/21/21_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/4bbb6e5f7cb827e56f32b2f7a5918b0b8e395eb8
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-55653
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##Nvidia has a new advisory relating to CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228, all high-severity:
Security Bulletin: NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia
Broadcom:
Seven advisories addressing one critical vulnerability and several high-severity flaws: You'll need a login for details.
CRITICAL: MICS 14.3, 14.4, and 14.5 Vulnerabilities
More: https://support.broadcom.com/web/ecx/security-advisory #Broadcom
Yesterday:
Google:
Chrome Dev for Desktop Update https://chromereleases.googleblog.com/ #Google #Chrome
Dell:
Update for a critical vulnerability yesterday that encompasses multiple CVEs:
Security Update for Dell PowerProtect DP Series Appliance (IDPA) Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000368282/dsa-2025-300-security-update-for-dell-powerprotect-dp-series-appliance-idpa-multiple-third-party-component-vulnerabilities #Dell #infosec #vulnerability
##📢 CVE-2026-48558 : Contournement d'authentification critique dans SimpleHelp via OIDC
📝 ## 🔍 Contexte
Le 12 juin 2026, Horizon3.ai publie une divulgation technique concernant **CVE-2026-4855...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-17-cve-2026-48558-contournement-d-authentification-critique-dans-simplehelp-via-oidc/
🌐 source : https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/
#CVE_2026_48558 #IOC #Cyberveille
All* CVE reference URLs are either http, https, or ftp. Y'all need to up your weird protocol games!
*: There is one CVE with a typo in the reference url, https:/ (CVE-2019-25293)
##🚨 CRITICAL vuln in mcp-tool-shop-org backpropagate <1.2.0: Reflex UI lacks real auth, letting anyone trigger training, access datasets, & export models. Patch to 1.2.0 ASAP. CVE-2026-48797 https://radar.offseq.com/threat/cve-2026-48797-cwe-358-improperly-implemented-secu-63bfdfdd #OffSeq #Python #Infosec
##🟠 CVE-2026-47750 - High (7.8)
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap bu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47750/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-53776 - Critical (9.1)
Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validate_exp = false in the verify_decode helper within the stdlib JWT verification pa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53776/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##