| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-4092 | None | 1.01% | 2 | 1 | 2026-03-16T17:08:24 | ### Impact Allows an attacker to perform a "Path Traversal" attack to modify fil | |
| CVE-2026-32302 | 8.1 | 0.01% | 1 | 0 | 2026-03-16T17:07:29 | ## Summary In affected versions of `openclaw`, browser-originated WebSocket conn | |
| CVE-2026-32306 | 10.0 | 0.23% | 1 | 0 | 2026-03-16T17:06:59 | ### Summary The telemetry aggregation API accepts user-controlled `aggregationT | |
| CVE-2026-32308 | 7.6 | 0.03% | 1 | 0 | 2026-03-16T17:06:50 | ### Summary The Markdown viewer component renders Mermaid diagrams with `securi | |
| CVE-2026-32304 | 9.8 | 0.08% | 2 | 0 | 2026-03-16T17:06:44 | ## Summary The `create_function(args, code)` function passes both parameters di | |
| CVE-2026-31882 | 7.5 | 0.19% | 1 | 0 | 2026-03-16T17:06:34 | # SSE Authentication Bypass in Basic Auth Mode ## Summary When Dagu is configu | |
| CVE-2026-26954 | 10.0 | 0.05% | 2 | 0 | 2026-03-16T17:05:29 | ### Summary It is possible to obtain arrays containing `Function`, which allows | |
| CVE-2026-32319 | 7.5 | 0.06% | 1 | 0 | 2026-03-16T16:37:41 | ## Summary Ella Core panics when processing a malformed integrity protected NGA | |
| CVE-2026-31886 | 9.1 | 0.08% | 2 | 0 | 2026-03-16T16:36:36 | ## 1. Vulnerability Summary The `dagRunId` request field accepted by the inline | |
| CVE-2025-62319 | 9.8 | 0.00% | 2 | 0 | 2026-03-16T16:16:13.167000 | Boolean-Based SQL Injection is a type of blind SQL injection where an attacker m | |
| CVE-2026-4227 | 8.8 | 0.04% | 4 | 0 | 2026-03-16T15:30:58 | A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impac | |
| CVE-2026-4226 | 8.8 | 0.04% | 4 | 0 | 2026-03-16T15:30:58 | A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element | |
| CVE-2026-4213 | 8.8 | 0.08% | 2 | 0 | 2026-03-16T15:30:58 | A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS | |
| CVE-2026-4211 | 8.8 | 0.04% | 2 | 0 | 2026-03-16T15:30:58 | A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D | |
| CVE-2026-4206 | 6.3 | 0.43% | 2 | 0 | 2026-03-16T15:30:58 | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-32 | |
| CVE-2026-4212 | 8.8 | 0.04% | 4 | 0 | 2026-03-16T15:30:57 | A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L | |
| CVE-2026-4201 | 7.3 | 0.04% | 2 | 0 | 2026-03-16T15:30:57 | A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040f | |
| CVE-2026-4163 | 9.8 | 0.16% | 3 | 0 | 2026-03-16T15:30:57 | A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects th | |
| CVE-2026-4187 | 5.3 | 0.06% | 2 | 0 | 2026-03-16T15:30:56 | A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7. | |
| CVE-2026-4164 | 9.8 | 0.17% | 2 | 0 | 2026-03-16T15:30:56 | A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Del | |
| CVE-2026-4169 | 2.4 | 0.03% | 1 | 0 | 2026-03-16T15:30:56 | A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is | |
| CVE-2026-31386 | 7.2 | 0.16% | 2 | 0 | 2026-03-16T15:30:55 | OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an | |
| CVE-2026-1947 | 7.5 | 0.03% | 3 | 0 | 2026-03-16T15:30:54 | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vuln | |
| CVE-2026-3227 | None | 0.42% | 1 | 0 | 2026-03-16T15:30:44 | A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR8 | |
| CVE-2025-13779 | 8.3 | 0.03% | 1 | 0 | 2026-03-16T14:54:11.293000 | Missing authentication for critical function vulnerability in ABB AWIN GW100 rev | |
| CVE-2026-0955 | 7.8 | 0.01% | 1 | 0 | 2026-03-16T14:54:11.293000 | There is a memory corruption vulnerability due to an out-of-bounds read when loa | |
| CVE-2026-22193 | 8.1 | 0.03% | 2 | 0 | 2026-03-16T14:54:11.293000 | wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubs | |
| CVE-2026-25823 | 9.8 | 0.19% | 1 | 0 | 2026-03-16T14:54:11.293000 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx b | |
| CVE-2026-2890 | 7.5 | 0.05% | 1 | 0 | 2026-03-16T14:54:11.293000 | The Formidable Forms plugin for WordPress is vulnerable to a payment integrity b | |
| CVE-2026-31922 | 8.5 | 0.03% | 1 | 0 | 2026-03-16T14:54:11.293000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32301 | 9.3 | 0.04% | 2 | 0 | 2026-03-16T14:54:11.293000 | Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0 | |
| CVE-2026-32746 | 9.8 | 0.04% | 3 | 0 | 2026-03-16T14:53:46.157000 | telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMO | |
| CVE-2026-32368 | 8.5 | 0.03% | 2 | 0 | 2026-03-16T14:53:46.157000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32358 | 7.6 | 0.03% | 1 | 0 | 2026-03-16T14:53:46.157000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32399 | 8.5 | 0.03% | 1 | 0 | 2026-03-16T14:53:46.157000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-3045 | 7.5 | 0.03% | 2 | 0 | 2026-03-16T14:53:46.157000 | The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordP | |
| CVE-2026-32597 | 7.5 | 0.01% | 1 | 0 | 2026-03-16T14:53:46.157000 | PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does | |
| CVE-2026-4181 | 9.8 | 0.06% | 4 | 0 | 2026-03-16T14:53:07.390000 | A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an | |
| CVE-2026-4183 | 9.8 | 0.06% | 6 | 0 | 2026-03-16T14:53:07.390000 | A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected | |
| CVE-2026-4188 | 8.8 | 0.04% | 6 | 0 | 2026-03-16T14:53:07.390000 | A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected ele | |
| CVE-2026-4167 | 8.8 | 0.04% | 5 | 0 | 2026-03-16T14:53:07.390000 | A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the funct | |
| CVE-2026-4184 | 9.8 | 0.06% | 4 | 0 | 2026-03-16T14:53:07.390000 | A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulne | |
| CVE-2026-4182 | 9.8 | 0.06% | 4 | 0 | 2026-03-16T14:53:07.390000 | A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unkn | |
| CVE-2026-4214 | 8.8 | 0.04% | 4 | 0 | 2026-03-16T14:53:07.390000 | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, | |
| CVE-2026-4255 | 0 | 0.02% | 2 | 0 | 2026-03-16T14:53:07.390000 | A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Win | |
| CVE-2026-4172 | 7.2 | 0.04% | 1 | 0 | 2026-03-16T14:53:07.390000 | A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an un | |
| CVE-2026-4170 | 9.8 | 0.15% | 1 | 0 | 2026-03-16T14:53:07.390000 | A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerabil | |
| CVE-2026-32720 | 0 | 0.04% | 1 | 0 | 2026-03-16T14:53:07.390000 | The CTFer.io Monitoring component is in charge of the collection, process and st | |
| CVE-2026-26794 | 8.8 | 0.17% | 1 | 0 | 2026-03-16T14:18:27.400000 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerabil | |
| CVE-2026-26792 | 9.8 | 0.68% | 3 | 0 | 2026-03-16T14:18:27.230000 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection | |
| CVE-2025-47813 | 4.3 | 0.55% | 4 | 0 | template | 2026-03-16T14:17:58.880000 | loginok.html in Wing FTP Server before 7.4.4 discloses the full local installati |
| CVE-2026-3909 | 8.8 | 27.12% | 15 | 0 | 2026-03-13T21:32:59 | Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a re | |
| CVE-2025-70245 | 9.8 | 0.05% | 1 | 0 | 2026-03-13T21:32:53 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2026-26791 | 9.8 | 0.68% | 4 | 0 | 2026-03-13T21:32:49 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulner | |
| CVE-2026-26795 | 9.8 | 0.68% | 4 | 0 | 2026-03-13T21:32:49 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulner | |
| CVE-2025-66956 | 10.0 | 0.10% | 1 | 1 | 2026-03-13T21:32:49 | Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Assec | |
| CVE-2026-3910 | 8.8 | 21.89% | 11 | 0 | 2026-03-13T21:32:01 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allow | |
| CVE-2026-3891 | 9.8 | 0.13% | 3 | 1 | 2026-03-13T21:32:01 | The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file upl | |
| CVE-2026-32458 | 7.6 | 0.03% | 1 | 0 | 2026-03-13T21:32:01 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32426 | 7.5 | 0.11% | 3 | 0 | 2026-03-13T21:32:00 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-32422 | 8.5 | 0.03% | 3 | 0 | 2026-03-13T21:32:00 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32418 | 7.6 | 0.03% | 1 | 0 | 2026-03-13T21:32:00 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32433 | 8.5 | 0.03% | 1 | 0 | 2026-03-13T21:32:00 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32459 | 8.5 | 0.03% | 1 | 0 | 2026-03-13T21:32:00 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-4111 | 7.5 | 0.04% | 1 | 0 | 2026-03-13T21:32:00 | A flaw was identified in the RAR5 archive decompression logic of the libarchive | |
| CVE-2026-32366 | 8.5 | 0.03% | 1 | 0 | 2026-03-13T21:31:59 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-32400 | 7.5 | 0.11% | 1 | 0 | 2026-03-13T21:31:59 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22202 | 8.1 | 0.01% | 1 | 0 | 2026-03-13T21:31:58 | wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that | |
| CVE-2026-25818 | 9.1 | 0.02% | 1 | 0 | 2026-03-13T21:31:58 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx b | |
| CVE-2026-31917 | 8.5 | 0.03% | 1 | 0 | 2026-03-13T21:31:58 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-0957 | 7.8 | 0.01% | 1 | 0 | 2026-03-13T21:31:57 | There is a memory corruption vulnerability due to an out-of-bounds write when lo | |
| CVE-2026-0956 | 7.8 | 0.01% | 1 | 0 | 2026-03-13T21:31:57 | There is a memory corruption vulnerability due to an out-of-bounds read when loa | |
| CVE-2026-0954 | 7.8 | 0.01% | 1 | 0 | 2026-03-13T21:31:57 | There is a memory corruption vulnerability due to an out-of-bounds write when lo | |
| CVE-2026-22182 | 7.5 | 0.08% | 1 | 0 | 2026-03-13T21:31:57 | wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerabili | |
| CVE-2026-25817 | 8.8 | 0.26% | 1 | 0 | 2026-03-13T21:31:57 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx b | |
| CVE-2026-25819 | 7.5 | 0.22% | 1 | 0 | 2026-03-13T21:31:57 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx b | |
| CVE-2025-13777 | 8.3 | 0.03% | 1 | 0 | 2026-03-13T21:31:49 | Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, A | |
| CVE-2026-32621 | 9.9 | 0.03% | 1 | 0 | 2026-03-13T20:51:15 | ### Impact A vulnerability exists in query plan execution within the gateway th | |
| CVE-2026-26123 | 5.5 | 0.04% | 1 | 0 | 2026-03-13T20:45:13.817000 | Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized a | |
| CVE-2026-2229 | 7.5 | 0.07% | 1 | 0 | 2026-03-13T20:41:44 | ### Impact The undici WebSocket client is vulnerable to a denial-of-service att | |
| CVE-2026-32133 | 9.1 | 0.04% | 1 | 0 | 2026-03-13T20:20:31.943000 | 2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and gener | |
| CVE-2026-1528 | 7.5 | 0.06% | 1 | 0 | 2026-03-13T20:07:26 | ### Impact A server can reply with a WebSocket frame using the 64-bit length for | |
| CVE-2026-1526 | 7.5 | 0.04% | 1 | 0 | 2026-03-13T20:06:54.667000 | The undici WebSocket client is vulnerable to a denial-of-service attack via unbo | |
| CVE-2026-32260 | 8.1 | 0.18% | 1 | 0 | 2026-03-13T20:02:20 | ## Summary A command injection vulnerability exists in Deno's `node:child_pro | |
| CVE-2026-32141 | 7.5 | 0.04% | 1 | 0 | 2026-03-13T19:54:40.363000 | flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function us | |
| CVE-2026-28792 | 9.6 | 0.26% | 1 | 0 | 2026-03-13T19:54:32.090000 | Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI d | |
| CVE-2026-31899 | 7.5 | 0.04% | 1 | 1 | 2026-03-13T18:57:34 | ## Summary Kozea/CairoSVG has exponential denial of service via recursive `<use | |
| CVE-2026-3914 | 8.8 | 0.07% | 1 | 0 | 2026-03-13T18:32:42 | Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remo | |
| CVE-2026-3913 | 8.8 | 0.07% | 2 | 0 | 2026-03-13T18:32:41 | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a | |
| CVE-2026-3931 | 8.8 | 0.07% | 1 | 0 | 2026-03-13T18:32:41 | Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a r | |
| CVE-2026-32137 | 8.8 | 0.05% | 1 | 0 | 2026-03-13T16:03:02.080000 | Dataease is an open source data visualization analysis tool. Prior to 2.10.20, T | |
| CVE-2026-26793 | 9.8 | 0.68% | 3 | 0 | 2026-03-13T16:02:22.993000 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulner | |
| CVE-2026-32121 | 7.7 | 0.17% | 1 | 0 | 2026-03-13T15:49:20.827000 | OpenEMR is a free and open source electronic health records and medical practice | |
| CVE-2026-32123 | 7.7 | 0.09% | 1 | 0 | 2026-03-13T15:47:50.460000 | OpenEMR is a free and open source electronic health records and medical practice | |
| CVE-2026-3919 | 8.8 | 0.03% | 1 | 0 | 2026-03-13T15:43:22.277000 | Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an | |
| CVE-2026-3915 | 8.8 | 0.07% | 1 | 0 | 2026-03-13T15:43:00.290000 | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a | |
| CVE-2026-3922 | 8.8 | 0.11% | 1 | 0 | 2026-03-13T15:42:22.127000 | Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a | |
| CVE-2026-3923 | 8.8 | 0.10% | 1 | 0 | 2026-03-13T15:42:16.763000 | Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remo | |
| CVE-2026-3926 | 8.8 | 0.08% | 1 | 0 | 2026-03-13T15:41:12.790000 | Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remot | |
| CVE-2026-32248 | None | 0.06% | 2 | 0 | 2026-03-13T13:36:16 | ### Impact An unauthenticated attacker can take over any user account that was | |
| CVE-2026-32242 | None | 0.06% | 1 | 0 | 2026-03-13T13:36:11 | ### Impact Parse Server's built-in OAuth2 auth adapter exports a singleton inst | |
| CVE-2026-32247 | 8.1 | 0.03% | 1 | 0 | 2026-03-13T13:36:06 | ### Summary Graphiti versions before `0.28.2` contained a Cypher injection vuln | |
| CVE-2026-32246 | 8.5 | 0.05% | 1 | 0 | 2026-03-13T13:35:26 | ### Summary The OIDC authorization endpoint allows users with a TOTP-pending se | |
| CVE-2026-3611 | 10.0 | 0.13% | 2 | 0 | 2026-03-12T21:35:01 | The Honeywell IQ4x building management controller, exposes its full web-based HM | |
| CVE-2026-3916 | 9.7 | 0.07% | 1 | 0 | 2026-03-12T21:34:46 | Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed | |
| CVE-2026-3918 | 8.8 | 0.10% | 1 | 0 | 2026-03-12T21:34:46 | Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remot | |
| CVE-2026-32117 | 7.6 | 0.03% | 1 | 0 | 2026-03-12T21:08:22.643000 | The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and | |
| CVE-2026-3970 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T21:07:53.427000 | A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwr | |
| CVE-2026-3973 | 8.8 | 0.09% | 1 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the funct | |
| CVE-2026-3975 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T21:07:53.427000 | A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affect | |
| CVE-2026-3978 | 8.8 | 0.04% | 2 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an | |
| CVE-2026-4008 | 8.8 | 0.09% | 1 | 0 | 2026-03-12T21:07:53.427000 | A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown | |
| CVE-2026-32231 | 8.2 | 0.02% | 1 | 0 | 2026-03-12T21:07:53.427000 | ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channe | |
| CVE-2026-21672 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability allowing local privilege escalation on Windows-based Veeam Backu | |
| CVE-2026-21708 | 9.9 | 0.54% | 1 | 0 | 2026-03-12T21:07:53.427000 | A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) | |
| CVE-2026-28793 | 8.4 | 0.02% | 1 | 0 | 2026-03-12T20:32:29 | ## Summary The TinaCMS CLI development server exposes media endpoints that are v | |
| CVE-2026-28356 | 7.5 | 0.54% | 3 | 0 | 2026-03-12T18:32:23 | ## Summary The `parse_options_header()` function in `multipart.py` uses a regul | |
| CVE-2026-3936 | 8.8 | 0.10% | 1 | 0 | 2026-03-12T18:31:33 | Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 all | |
| CVE-2026-3921 | 8.8 | 0.11% | 1 | 0 | 2026-03-12T15:31:28 | Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a | |
| CVE-2026-21668 | 8.8 | 0.04% | 2 | 0 | 2026-03-12T15:30:32 | A vulnerability allowing an authenticated domain user to bypass restrictions and | |
| CVE-2026-21670 | 7.7 | 0.03% | 1 | 0 | 2026-03-12T15:30:31 | A vulnerability allowing a low-privileged user to extract saved SSH credentials. | |
| CVE-2026-21671 | 9.1 | 0.21% | 3 | 0 | 2026-03-12T15:30:26 | A vulnerability allowing an authenticated user with the Backup Administrator rol | |
| CVE-2026-3924 | 7.5 | 0.11% | 1 | 0 | 2026-03-12T15:30:25 | use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a | |
| CVE-2026-3920 | 8.8 | 0.07% | 1 | 0 | 2026-03-12T15:30:25 | Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 all | |
| CVE-2026-3917 | 8.8 | 0.11% | 1 | 0 | 2026-03-12T15:30:25 | Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remot | |
| CVE-2026-32101 | 7.6 | 0.03% | 1 | 0 | 2026-03-12T14:49:31 | ## Summary The S3 storage manager's `isAuthorized()` function is declared `asyn | |
| CVE-2026-32136 | 9.8 | 0.66% | 2 | 0 | 2026-03-12T14:47:49 | VULNERABILITY: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass ============ | |
| CVE-2026-32110 | 8.3 | 0.04% | 1 | 0 | 2026-03-12T14:23:15 | ### Summary The `/api/network/forwardProxy` endpoint allows authenticated users | |
| CVE-2026-27591 | 10.0 | 0.06% | 1 | 0 | 2026-03-12T14:07:39 | ## Impact Affected versions of Winter CMS allowed authenticated backend users to | |
| CVE-2026-3657 | 7.5 | 0.08% | 1 | 0 | 2026-03-12T03:31:16 | The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `s | |
| CVE-2026-3974 | 8.8 | 0.05% | 1 | 0 | 2026-03-12T03:31:16 | A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability aff | |
| CVE-2026-3971 | 8.8 | 0.09% | 1 | 0 | 2026-03-12T03:31:15 | A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulne | |
| CVE-2026-3972 | 8.8 | 0.03% | 1 | 0 | 2026-03-12T03:31:15 | A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is t | |
| CVE-2026-3976 | 8.8 | 0.09% | 1 | 0 | 2026-03-12T03:31:15 | A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the functi | |
| CVE-2026-26130 | 7.5 | 1.59% | 2 | 0 | 2026-03-11T21:11:31 | # Microsoft Security Advisory CVE-2026-26130 – .NET Denial of Service Vulnerabil | |
| CVE-2025-68613 | 9.9 | 76.93% | 1 | 31 | template | 2026-03-11T19:40:09.533000 | n8n is an open source workflow automation platform. Versions starting with 0.211 |
| CVE-2026-20163 | 7.2 | 0.05% | 1 | 0 | 2026-03-11T18:30:40 | In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splun | |
| CVE-2025-40943 | 9.6 | 0.04% | 1 | 0 | 2026-03-11T13:53:47.157000 | Affected devices do not properly sanitize contents of trace files. This could al | |
| CVE-2026-2413 | 7.5 | 11.89% | 3 | 2 | template | 2026-03-11T06:31:47 | The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to S |
| CVE-2026-25185 | 5.3 | 0.10% | 2 | 0 | 2026-03-10T18:31:30 | Exposure of sensitive information to an unauthorized actor in Windows Shell Link | |
| CVE-2025-14558 | 7.2 | 41.56% | 2 | 2 | 2026-03-09T14:16:05.083000 | The rtsol(8) and rtsold(8) programs do not validate the domain search list optio | |
| CVE-2026-27971 | 9.8 | 13.43% | 1 | 0 | template | 2026-03-05T17:57:37.233000 | Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable |
| CVE-2026-2256 | 6.5 | 2.31% | 1 | 1 | 2026-03-03T21:52:29.877000 | A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 an | |
| CVE-2026-20127 | 10.0 | 2.60% | 2 | 7 | 2026-02-25T18:31:45 | A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controlle | |
| CVE-2026-27190 | 8.1 | 0.78% | 1 | 0 | 2026-02-20T22:20:05 | ## Summary A command injection vulnerability exists in Deno's `node:child_proces | |
| CVE-2025-71243 | 9.8 | 73.51% | 1 | 1 | template | 2026-02-19T18:32:08 | The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 through 5 |
| CVE-2026-25646 | 8.1 | 0.07% | 1 | 0 | 2026-02-13T20:43:44.690000 | LIBPNG is a reference library for use in applications that read, create, and man | |
| CVE-2026-21852 | 7.5 | 0.02% | 2 | 2 | 2026-02-02T15:04:41.717000 | Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in | |
| CVE-2026-24858 | 9.8 | 3.22% | 1 | 5 | 2026-01-28T00:31:41 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-2 | |
| CVE-2025-53773 | 7.8 | 0.64% | 1 | 0 | 2025-08-13T03:30:25 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2024-45163 | 9.1 | 0.11% | 2 | 0 | 2024-08-22T18:31:21 | The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to t | |
| CVE-2026-26969 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-32708 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-32626 | 0 | 0.15% | 1 | 0 | N/A | ||
| CVE-2026-31944 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-32127 | 0 | 0.00% | 1 | 1 | N/A | ||
| CVE-2026-32131 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-32130 | 0 | 0.13% | 1 | 0 | N/A | ||
| CVE-2026-32140 | 0 | 0.31% | 1 | 0 | N/A | ||
| CVE-2026-32251 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-32138 | 0 | 0.06% | 1 | 0 | N/A | ||
| CVE-2026-25529 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-27940 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-21887 | 0 | 0.03% | 1 | 0 | N/A |
updated 2026-03-16T17:08:24
2 posts
1 repos
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
updated 2026-03-16T17:07:29
1 posts
🟠 CVE-2026-32302 - High (8.1)
OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32302/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T17:06:59
1 posts
🔴 CVE-2026-32306 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32306/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T17:06:50
1 posts
🟠 CVE-2026-32308 - High (7.6)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32308/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T17:06:44
2 posts
🔴 CVE-2026-32304 - Critical (9.8)
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the create_function(args, code) function passes both parameters directly to the Function constructor without any sanitization, allowing ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32304/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CRITICAL: CVE-2026-32304 in locutusjs (<3.0.14) enables unauthenticated remote code execution via create_function() and unsanitized inputs. Patch to 3.0.14+ now! Full details: https://radar.offseq.com/threat/cve-2026-32304-cwe-94-improper-control-of-generati-7207fd62 #OffSeq #Vuln #JavaScript #Infosec
##updated 2026-03-16T17:06:34
1 posts
🟠 CVE-2026-31882 - High (7.5)
Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication (DAGU_AUTH_MODE=basic), all Server-Sent Events (SSE) endpoints are accessible without any credentials. This allows...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31882/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T17:05:29
2 posts
🔴 CVE-2026-26954 - Critical (10)
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct {[p]: Fu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26954/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔥 CRITICAL: CVE-2026-26954 in SandboxJS (< 0.8.34) enables sandbox escape via Function & Object.fromEntries. Attackers can run arbitrary code remotely! Upgrade to v0.8.34+ now. Full details: https://radar.offseq.com/threat/cve-2026-26954-cwe-94-improper-control-of-generati-35790079 #OffSeq #CVE202626954 #infosec #sandbox
##updated 2026-03-16T16:37:41
1 posts
🟠 CVE-2026-32319 - High (7.5)
Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can cra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T16:36:36
2 posts
🔴 CVE-2026-31886 - Critical (9.1)
Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any forma...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL vuln: dagu <2.2.4 suffers from path traversal (CVE-2026-31886). Exploit allows deletion of /tmp, causing system-wide DoS. Upgrade to 2.2.4+ or enforce input validation now! https://radar.offseq.com/threat/cve-2026-31886-cwe-22-improper-limitation-of-a-pat-116cb11a #OffSeq #dagu #security #CVE2026_31886
##updated 2026-03-16T16:16:13.167000
2 posts
🔴 CVE-2025-62319 - Critical (9.8)
Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the applica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-62319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-62319 - Critical (9.8)
Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the applica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-62319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:58
4 posts
🟠 CVE-2026-4227 - High (8.8)
A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4227/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4227 - High (8.8)
A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4227/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4227 - High (8.8)
A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4227/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4227 - High (8.8)
A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4227/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:58
4 posts
🟠 CVE-2026-4226 - High (8.8)
A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4226/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4226 - High (8.8)
A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4226/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4226 - High (8.8)
A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4226/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4226 - High (8.8)
A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4226/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:58
2 posts
🟠 CVE-2026-4213 - High (8.8)
A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4213/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4213 - High (8.8)
A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4213/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:58
2 posts
🟠 CVE-2026-4211 - High (8.8)
A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4211/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4211 - High (8.8)
A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4211/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:58
2 posts
CVE-2026-4206: MEDIUM severity command injection in D-Link DNS-120 NAS (20260205). Remote, unauthenticated exploit possible — PoC public, patch ASAP or restrict access. Monitor for suspicious /cgi-bin/dsk_mgr.cgi activity. https://radar.offseq.com/threat/cve-2026-4206-command-injection-in-d-link-dns-120-65477eea #OffSeq #DLink #Vuln
##CVE-2026-4206: MEDIUM severity command injection in D-Link DNS-120 NAS (20260205). Remote, unauthenticated exploit possible — PoC public, patch ASAP or restrict access. Monitor for suspicious /cgi-bin/dsk_mgr.cgi activity. https://radar.offseq.com/threat/cve-2026-4206-command-injection-in-d-link-dns-120-65477eea #OffSeq #DLink #Vuln
##updated 2026-03-16T15:30:57
4 posts
🟠 CVE-2026-4212 - High (8.8)
A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4212/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-4212 (HIGH, CVSS 8.7): D-Link DNS-120 NAS stack buffer overflow in /cgi-bin/download_mgr.cgi enables remote, unauthenticated compromise. Patch or restrict access now. https://radar.offseq.com/threat/cve-2026-4212-stack-based-buffer-overflow-in-d-lin-423aef88 #OffSeq #Vulnerability #DLink #BlueTeam
##🟠 CVE-2026-4212 - High (8.8)
A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4212/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-4212 (HIGH, CVSS 8.7): D-Link DNS-120 NAS stack buffer overflow in /cgi-bin/download_mgr.cgi enables remote, unauthenticated compromise. Patch or restrict access now. https://radar.offseq.com/threat/cve-2026-4212-stack-based-buffer-overflow-in-d-lin-423aef88 #OffSeq #Vulnerability #DLink #BlueTeam
##updated 2026-03-16T15:30:57
2 posts
CVE-2026-4201 (MEDIUM, CVSS 6.9) in glowxq-oj allows remote, unauthenticated file uploads — risk of code execution. No patch, public exploit exists. Restrict upload access, validate files, monitor closely. https://radar.offseq.com/threat/cve-2026-4201-unrestricted-upload-in-glowxq-glowxq-224c8b75 #OffSeq #Vulnerability #CyberSecurity
##CVE-2026-4201 (MEDIUM, CVSS 6.9) in glowxq-oj allows remote, unauthenticated file uploads — risk of code execution. No patch, public exploit exists. Restrict upload access, validate files, monitor closely. https://radar.offseq.com/threat/cve-2026-4201-unrestricted-upload-in-glowxq-glowxq-224c8b75 #OffSeq #Vulnerability #CyberSecurity
##updated 2026-03-16T15:30:57
3 posts
⚠️ CRITICAL: CVE-2026-4163 in Wavlink WL-WN579A3 (220323) enables remote unauthenticated command injection via /cgi-bin/wireless.cgi. Exploit is public — restrict remote admin, monitor logs, and patch ASAP. https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #Vuln #IoTSecurity
##🚨 CVE-2026-4163 (CRITICAL): Wavlink WL-WN579A3 routers (v220323) have a command injection bug in /cgi-bin/wireless.cgi. Public exploit code available — restrict remote mgmt, monitor logs, and patch ASAP. https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #CVE20264163 #infosec #routersecurity
##🚨 CRITICAL: CVE-2026-4163 in Wavlink WL-WN579A3 (220323) enables unauthenticated remote command injection via /cgi-bin/wireless.cgi. Exploit code is public — restrict remote admin & monitor traffic until patched! https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #CVE20264163 #Infosec
##updated 2026-03-16T15:30:56
2 posts
⚠️ MEDIUM severity: Tiandy Easy7 Integrated Management Platform 7.17.0 has a missing authentication bug (CVE-2026-4187) in Device Identifier Handler. Public exploit exists. No vendor fix yet — review exposure & restrict access. https://radar.offseq.com/threat/cve-2026-4187-missing-authentication-in-tiandy-eas-d0083b25 #OffSeq #Vuln #Tiandy #Cybersecurity
##⚠️ MEDIUM severity: Tiandy Easy7 Integrated Management Platform 7.17.0 has a missing authentication bug (CVE-2026-4187) in Device Identifier Handler. Public exploit exists. No vendor fix yet — review exposure & restrict access. https://radar.offseq.com/threat/cve-2026-4187-missing-authentication-in-tiandy-eas-d0083b25 #OffSeq #Vuln #Tiandy #Cybersecurity
##updated 2026-03-16T15:30:56
2 posts
🚩 CVE-2026-4164 (CRITICAL): Wavlink WL-WN578W2 (221110) is vulnerable to remote command injection via POST to /cgi-bin/wireless.cgi. Public exploit is out. Restrict access, monitor logs, and upgrade ASAP. https://radar.offseq.com/threat/cve-2026-4164-command-injection-in-wavlink-wl-wn57-c028dcbd #OffSeq #CVE #RouterSecurity #IoTSecurity
##🚨 CVE-2026-4164 (CRITICAL, CVSS 9.3) in Wavlink WL-WN578W2 (v221110): Unauth'd command injection via /cgi-bin/wireless.cgi. Public exploit released. Patch ASAP or restrict access! https://radar.offseq.com/threat/cve-2026-4164-command-injection-in-wavlink-wl-wn57-c028dcbd #OffSeq #CVE #RouterSecurity #Infosec
##updated 2026-03-16T15:30:56
1 posts
🚨 CVE-2026-4169: MEDIUM XSS in Tecnick TCExam (v16.0 – 16.6.0). Admins can inject JavaScript via XML export. Patch by upgrading to 16.6.1, restrict admin access, and monitor logs. Details: https://radar.offseq.com/threat/cve-2026-4169-cross-site-scripting-in-tecnick-tcex-fd1ffac8 #OffSeq #XSS #Vulnerability #AppSec
##updated 2026-03-16T15:30:55
2 posts
🔒 CVE-2026-31386 (HIGH): All LiteSpeed OpenLiteSpeed/LSWS Enterprise versions are vulnerable to OS command injection by admins. No exploits seen yet, but impact = full system compromise. Tighten admin controls & monitor! https://radar.offseq.com/threat/cve-2026-31386-improper-neutralization-of-special--9aa4ef0e #OffSeq #LiteSpeed #Infosec
##🔒 CVE-2026-31386 (HIGH): All LiteSpeed OpenLiteSpeed/LSWS Enterprise versions are vulnerable to OS command injection by admins. No exploits seen yet, but impact = full system compromise. Tighten admin controls & monitor! https://radar.offseq.com/threat/cve-2026-31386-improper-neutralization-of-special--9aa4ef0e #OffSeq #LiteSpeed #Infosec
##updated 2026-03-16T15:30:54
3 posts
🚨 CVE-2026-1947: HIGH severity in NEX-Forms – Ultimate Forms Plugin for WordPress (all versions ≤9.1.9). Unauthenticated attackers can overwrite form entries via IDOR. Disable plugin or restrict access ASAP! https://radar.offseq.com/threat/cve-2026-1947-cwe-639-authorization-bypass-through-412339ff #OffSeq #WordPress #Vuln #InfoSec
##🚨 CVE-2026-1947: HIGH severity in NEX-Forms – Ultimate Forms Plugin for WordPress (all versions ≤9.1.9). Unauthenticated attackers can overwrite form entries via IDOR. Disable plugin or restrict access ASAP! https://radar.offseq.com/threat/cve-2026-1947-cwe-639-authorization-bypass-through-412339ff #OffSeq #WordPress #Vuln #InfoSec
##🔥 CVE-2026-1947 (HIGH, CVSS 7.5): NEX-Forms – Ultimate Forms Plugin for WordPress allows unauthenticated IDOR, enabling arbitrary form entry overwrite. No patch released. Disable plugin or restrict access ASAP. Details: https://radar.offseq.com/threat/cve-2026-1947-cwe-639-authorization-bypass-through-412339ff #OffSeq #WordPress #Vuln
##updated 2026-03-16T15:30:44
1 posts
🛡️ CVE-2026-3227: HIGH severity OS command injection in TP-Link TL-WR802N v4, TL-WR841N v14, TL-WR840N v6. Authenticated attackers can gain root via crafted config imports. No patch yet — restrict access & monitor uploads! https://radar.offseq.com/threat/cve-2026-3227-cwe-78-improper-neutralization-of-sp-ac440341 #OffSeq #TPLink #Vuln
##updated 2026-03-16T14:54:11.293000
1 posts
🟠 CVE-2025-13779 - High (8.3)
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13779/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:54:11.293000
1 posts
🟠 CVE-2026-0955 - High (7.8)
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0955/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:54:11.293000
2 posts
🟠 CVE-2026-22193 - High (8.1)
wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscrip...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22193/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-22193 in wpDiscuz <7.6.47 enables unauthenticated remote SQL injection. Attackers can access sensitive DB data. Patch ASAP or apply mitigations (WAF, access controls, log monitoring)! https://radar.offseq.com/threat/cve-2026-22193-improper-neutralization-of-special--3f166beb #OffSeq #WordPress #SQLInjection
##updated 2026-03-16T14:54:11.293000
1 posts
🔴 CVE-2026-25823 - Critical (9.8)
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achieve Unauth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25823/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:54:11.293000
1 posts
🟠 CVE-2026-2890 - High (7.5)
The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler (`handle_one_time_stripe_link_return_url`) marking payment records as c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2890/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:54:11.293000
1 posts
🟠 CVE-2026-31922 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <= 1.0.6.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:54:11.293000
2 posts
🔴 CVE-2026-32301 - Critical (9.3)
Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery (SSRF) when configured with a dynamic JWKS endpoint URL using template variables (e.g. {{tenant}}). An unauth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32301/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-32301: Centrifugo < 6.7.0 has a CRITICAL SSRF flaw — unauthenticated attackers can force outbound requests via dynamic JWKS URLs (e.g., using {{tenant}}). Upgrade ASAP & lock down configs! https://radar.offseq.com/threat/cve-2026-32301-cwe-918-server-side-request-forgery-6022b45c #OffSeq #SSRF #Centrifugo #Vuln
##updated 2026-03-16T14:53:46.157000
3 posts
⚠️ CRITICAL: CVE-2026-32746 in GNU inetutils telnetd (<=2.7) enables remote buffer overflow — unauthenticated code execution or DoS possible. Disable telnet, restrict access, monitor for threats. No patch yet! https://radar.offseq.com/threat/cve-2026-32746-cwe-120-buffer-copy-without-checkin-0ceead78 #OffSeq #CVE202632746 #infosec
##🔴 CVE-2026-32746 - Critical (9.8)
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32746/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32746 - Critical (9.8)
telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32746/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:46.157000
2 posts
🟠 CVE-2026-32368 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32368 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through <= 1.0.19.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:46.157000
1 posts
🟠 CVE-2026-32358 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through <= 10.14.15.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:46.157000
1 posts
🟠 CVE-2026-32399 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a thr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32399/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:46.157000
2 posts
🟠 CVE-2026-3045 - High (7.5)
The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3045 - High (7.5)
The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: (1) a non-user-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:46.157000
1 posts
🟠 CVE-2026-32597 - High (7.5)
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understan...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32597/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
4 posts
🔴 CVE-2026-4181 - Critical (9.8)
A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4181/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4181 - Critical (9.8)
A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4181/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4181 - Critical (9.8)
A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4181/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4181 - Critical (9.8)
A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4181/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
6 posts
🔴 CVE-2026-4183 - Critical (9.8)
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer ov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4183/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4183 - Critical (9.8)
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer ov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4183/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 CVE-2026-4183 (CRITICAL, CVSS 9.3): D-Link DIR-816 (v1.10CNB05) stack buffer overflow via /goform/form2WlanBasicSetup.cgi. Exploit code public, no patch. Replace or isolate devices ASAP! https://radar.offseq.com/threat/cve-2026-4183-stack-based-buffer-overflow-in-d-lin-2982ced2 #OffSeq #CVE20264183 #IoTSecurity
##🔴 CVE-2026-4183 - Critical (9.8)
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer ov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4183/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4183 - Critical (9.8)
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer ov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4183/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 CVE-2026-4183 (CRITICAL, CVSS 9.3): D-Link DIR-816 (v1.10CNB05) stack buffer overflow via /goform/form2WlanBasicSetup.cgi. Exploit code public, no patch. Replace or isolate devices ASAP! https://radar.offseq.com/threat/cve-2026-4183-stack-based-buffer-overflow-in-d-lin-2982ced2 #OffSeq #CVE20264183 #IoTSecurity
##updated 2026-03-16T14:53:07.390000
6 posts
🟠 CVE-2026-4188 - High (8.8)
A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4188/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4188 - High (8.8)
A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4188/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-4188: HIGH severity stack-based buffer overflow in D-Link DIR-619L (2.06B01). Allows remote, unauthenticated RCE. Device is unsupported — replace or strictly isolate! Exploit is public. More: https://radar.offseq.com/threat/cve-2026-4188-stack-based-buffer-overflow-in-d-lin-4643e6f2 #OffSeq #Vuln #DLink #InfoSec
##🟠 CVE-2026-4188 - High (8.8)
A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4188/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4188 - High (8.8)
A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4188/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-4188: HIGH severity stack-based buffer overflow in D-Link DIR-619L (2.06B01). Allows remote, unauthenticated RCE. Device is unsupported — replace or strictly isolate! Exploit is public. More: https://radar.offseq.com/threat/cve-2026-4188-stack-based-buffer-overflow-in-d-lin-4643e6f2 #OffSeq #Vuln #DLink #InfoSec
##updated 2026-03-16T14:53:07.390000
5 posts
🟠 CVE-2026-4167 - High (8.8)
A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4167/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH-severity: CVE-2026-4167 stack overflow in Belkin F9K1122 v1.00.33. Remote attackers can exploit /goform/formReboot — no patch, public exploit out. Restrict access, monitor for attack attempts. https://radar.offseq.com/threat/cve-2026-4167-stack-based-buffer-overflow-in-belki-ac4818a6 #OffSeq #CVE20264167 #IoTSecurity
##🟠 CVE-2026-4167 - High (8.8)
A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4167/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH-severity: CVE-2026-4167 stack overflow in Belkin F9K1122 v1.00.33. Remote attackers can exploit /goform/formReboot — no patch, public exploit out. Restrict access, monitor for attack attempts. https://radar.offseq.com/threat/cve-2026-4167-stack-based-buffer-overflow-in-belki-ac4818a6 #OffSeq #CVE20264167 #IoTSecurity
##🚨 HIGH severity: CVE-2026-4167 in Belkin F9K1122 (1.00.33) enables remote code execution via stack buffer overflow — no auth needed, no patch. Isolate, restrict, and monitor now! https://radar.offseq.com/threat/cve-2026-4167-stack-based-buffer-overflow-in-belki-ac4818a6 #OffSeq #infosec #routersecurity #CVE20264167
##updated 2026-03-16T14:53:07.390000
4 posts
🔴 CVE-2026-4184 - Critical (9.8)
A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4184/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: D-Link DIR-816 (1.10CNB05) stack-based buffer overflow via pskValue in /goform/form2Wl5BasicSetup.cgi. Exploit is public, remote code execution possible. Device is EOL — isolate or replace! CVE-2026-4184 https://radar.offseq.com/threat/cve-2026-4184-stack-based-buffer-overflow-in-d-lin-8b4d54d9 #OffSeq #DLink #Vuln
##🔴 CVE-2026-4184 - Critical (9.8)
A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4184/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: D-Link DIR-816 (1.10CNB05) stack-based buffer overflow via pskValue in /goform/form2Wl5BasicSetup.cgi. Exploit is public, remote code execution possible. Device is EOL — isolate or replace! CVE-2026-4184 https://radar.offseq.com/threat/cve-2026-4184-stack-based-buffer-overflow-in-d-lin-8b4d54d9 #OffSeq #DLink #Vuln
##updated 2026-03-16T14:53:07.390000
4 posts
🔴 CVE-2026-4182 - Critical (9.8)
A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4182/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-4182 in D-Link DIR-816 (v1.10CNB05) — stack buffer overflow in /goform/form2Wl5RepeaterStep2.cgi enables remote code execution. No patch, public exploit exists. Replace or isolate devices now! https://radar.offseq.com/threat/cve-2026-4182-stack-based-buffer-overflow-in-d-lin-4b5e9537 #OffSeq #DLink #IoTSecurity
##🔴 CVE-2026-4182 - Critical (9.8)
A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4182/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-4182 in D-Link DIR-816 (v1.10CNB05) — stack buffer overflow in /goform/form2Wl5RepeaterStep2.cgi enables remote code execution. No patch, public exploit exists. Replace or isolate devices now! https://radar.offseq.com/threat/cve-2026-4182-stack-based-buffer-overflow-in-d-lin-4b5e9537 #OffSeq #DLink #IoTSecurity
##updated 2026-03-16T14:53:07.390000
4 posts
🟠 CVE-2026-4214 - High (8.8)
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 202602...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4214 - High (8.8)
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 202602...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4214 - High (8.8)
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 202602...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4214 - High (8.8)
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 202602...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
2 posts
🛡️ HIGH severity alert: CVE-2026-4255 in TR-VISION HOME (≤2.0.5) enables DLL hijacking; local attackers can escalate privileges via side-loading. Restrict write access & monitor for rogue DLLs. https://radar.offseq.com/threat/cve-2026-4255-cwe-829-inclusion-of-functionality-f-64ab002d #OffSeq #Infosec #CVE20264255 #Windows
##🛡️ HIGH severity alert: CVE-2026-4255 in TR-VISION HOME (≤2.0.5) enables DLL hijacking; local attackers can escalate privileges via side-loading. Restrict write access & monitor for rogue DLLs. https://radar.offseq.com/threat/cve-2026-4255-cwe-829-inclusion-of-functionality-f-64ab002d #OffSeq #Infosec #CVE20264255 #Windows
##updated 2026-03-16T14:53:07.390000
1 posts
🚩 HIGH severity: CVE-2026-4172 in TRENDnet TEW-632BRP (v1.010B32) — stack-based buffer overflow in /ping_response.cgi (ping_ipaddr). Public exploit, no patch. Isolate, restrict access, and monitor now! https://radar.offseq.com/threat/cve-2026-4172-stack-based-buffer-overflow-in-trend-df028a4c #OffSeq #Infosec #RouterVuln
##updated 2026-03-16T14:53:07.390000
1 posts
🔴 CRITICAL: CVE-2026-4170 in Topsec TopACM 3.0 enables unauthenticated OS command injection via 'template_path' in /nmc_sync.php. No patch, public exploit out. Restrict access, deploy WAF/IDS, monitor logs urgently! https://radar.offseq.com/threat/cve-2026-4170-os-command-injection-in-topsec-topac-9e1efe11 #OffSeq #vuln #cybersecurity
##updated 2026-03-16T14:53:07.390000
1 posts
CVE-2026-32720 (HIGH): ctfer-io monitoring <0.2.1 has improper access control, allowing lateral movement across Kubernetes namespaces — risks sensitive logs/metrics. Patch to 0.2.1+ ASAP! 🔒 https://radar.offseq.com/threat/cve-2026-32720-cwe-284-improper-access-control-in--c14eb5d2 #OffSeq #Kubernetes #CVE #CloudSecurity
##updated 2026-03-16T14:18:27.400000
1 posts
🟠 CVE-2026-26794 - High (8.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the add_group() function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26794/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:18:27.230000
3 posts
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
🔴 CVE-2026-26792 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set_upgrade function via the modem_url, target_version, current_version, firmware_upload, hash_type, hash_value, and upgrade_type parameters. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26792/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:17:58.880000
4 posts
CVE ID: CVE-2025-47813
Vendor: Wing FTP Server
Product: Wing FTP Server
Date Added: 2026-03-16
Notes: https://www.wftpserver.com/serverhistory.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-47813
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-47813
CISA has updated the KEV catalogue.
- CVE-2025-47813: Wing FTP Server Information Disclosure Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-47813 #CISA #infosec #vulnerability
##CVE ID: CVE-2025-47813
Vendor: Wing FTP Server
Product: Wing FTP Server
Date Added: 2026-03-16
Notes: https://www.wftpserver.com/serverhistory.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-47813
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-47813
CISA has updated the KEV catalogue.
- CVE-2025-47813: Wing FTP Server Information Disclosure Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-47813 #CISA #infosec #vulnerability
##updated 2026-03-13T21:32:59
15 posts
Google Chrome: Zero-Day Exploits 2 und 3 (2026)
Dritter Monat, dritte bereits angegriffene Zero-Day Schwachstelle in Chrome. Wenn wir das extrapolieren, müssten in diesem Jahr zwölf solcher Fälle auftreten. - Google hat gerade Notfall-Updates für Chrome veröffentlicht und das NIST hat die US-Behörden angewiesen, die Updates bis spätestens zum 27. März zu installieren. Beide Sicherheitslücken können bereits beim Besuch einer präparierten Website eine Infektion auslösen, die schlimmstenfalls zu einer vollständigen Übernahme des Systems durch den Angreifer führt.
Die Lücke CVE-2026-3909 steckt in der Grafik-Komponente von Chrome. Deshalb betrifft sie Chrome auf sämtlichen
https://www.pc-fluesterer.info/wordpress/2026/03/16/google-chrome-zero-day-exploits-2-und-3-2026/
#Empfehlung #Warnung #0day #browser #chrome #exploits #google #sicherheit #zeroday
##Google Reports Chrome Zero-Day Vulnerabilities Exploited in the Wild
Google reports two actively exploited zero-day vulnerabilities (CVE-2026-3909 and CVE-2026-3910). One is patched and for the other patch is coming in a future release.
**Another urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome. DONT DELAY! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/google-reports-chrome-zero-day-vulnerabilities-exploited-in-the-wild-u-9-s-o-5/gD2P6Ple2L
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
CISA still lists CVE-2026-3909 as a zero-day, even if Google removed it from its Chrome patch notes
So I presume it's still a zero-day, but patches are coming next week... instead of not being a zero-day in the first place
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html
##Google Reports Chrome Zero-Day Vulnerabilities Exploited in the Wild
Google reports two actively exploited zero-day vulnerabilities (CVE-2026-3909 and CVE-2026-3910). One is patched and for the other patch is coming in a future release.
**Another urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome. DONT DELAY! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/google-reports-chrome-zero-day-vulnerabilities-exploited-in-the-wild-u-9-s-o-5/gD2P6Ple2L
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
CISA still lists CVE-2026-3909 as a zero-day, even if Google removed it from its Chrome patch notes
So I presume it's still a zero-day, but patches are coming next week... instead of not being a zero-day in the first place
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html
##Trivalent 146.0.7680.80 released:
github.com/secureblue/T...
CVE-2026-3909 was originally marked by Google as fixed in the previous upstream release. They have since revised those release notes and released for a third time this week, this time actually containing the fix for CVE-2026-3909.
Release 146.0.7680.80-443379 ·...
@vivaldiversiontracker This includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
##@browserversiontracker For the curious, this includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
And yes, we somehow beat the Chrome team getting this out even though they did the fix. 😂
##🟠 CVE-2026-3909 - High (8.8)
Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3909/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 [CISA-2026:0313] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0313)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-3909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- Name: Google Skia Out-of-Bounds Write Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Skia
- Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html#:~:text=Google%20is%20aware ; https://nvd.nist.gov/vuln/detail/CVE-2026-3909
⚠️ CVE-2026-3910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- Name: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Chromium V8
- Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260313 #cisa20260313 #cve_2026_3909 #cve_2026_3910 #cve20263909 #cve20263910
##CVE ID: CVE-2026-3909
Vendor: Google
Product: Skia
Date Added: 2026-03-13
Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html#:~:text=Google%20is%20aware ; https://nvd.nist.gov/vuln/detail/CVE-2026-3909
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-3909
CISA has updated the KEV catalogue.
- CVE-2026-3909: Google Skia Out-of-Bounds Write Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3909
- CVE-2026-3910: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3910 #CISA #Google #infosec #vulnerability
##Trivalent 145.0.7632.75-442755 released:
github.com/secureblue/T...
Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild.
Release 146.0.7680.75-443342 ·...
updated 2026-03-13T21:32:53
1 posts
🔴 CVE-2025-70245 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizardSelectMode.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70245/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:49
4 posts
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
🔴 CVE-2026-26791 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26791/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26791 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the string port parameter in the enable_echo_server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26791/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:49
4 posts
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
🔴 CVE-2026-26795 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26795/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26795 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the module parameter in the M.get_system_log function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26795/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:49
1 posts
1 repos
🔴 CVE-2025-66956 - Critical (9.9)
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:01
11 posts
Google Reports Chrome Zero-Day Vulnerabilities Exploited in the Wild
Google reports two actively exploited zero-day vulnerabilities (CVE-2026-3909 and CVE-2026-3910). One is patched and for the other patch is coming in a future release.
**Another urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome. DONT DELAY! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/google-reports-chrome-zero-day-vulnerabilities-exploited-in-the-wild-u-9-s-o-5/gD2P6Ple2L
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
Google Reports Chrome Zero-Day Vulnerabilities Exploited in the Wild
Google reports two actively exploited zero-day vulnerabilities (CVE-2026-3909 and CVE-2026-3910). One is patched and for the other patch is coming in a future release.
**Another urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome. DONT DELAY! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/google-reports-chrome-zero-day-vulnerabilities-exploited-in-the-wild-u-9-s-o-5/gD2P6Ple2L
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
@vivaldiversiontracker This includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
##@browserversiontracker For the curious, this includes security fixes for CVE-2026-3909 & CVE-2026-3910 from Chromium 146.0.7680.80.
And yes, we somehow beat the Chrome team getting this out even though they did the fix. 😂
##🟠 CVE-2026-3910 - High (8.8)
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 [CISA-2026:0313] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0313)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-3909 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- Name: Google Skia Out-of-Bounds Write Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Skia
- Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html#:~:text=Google%20is%20aware ; https://nvd.nist.gov/vuln/detail/CVE-2026-3909
⚠️ CVE-2026-3910 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- Name: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Chromium V8
- Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260313 #cisa20260313 #cve_2026_3909 #cve_2026_3910 #cve20263909 #cve20263910
##CVE ID: CVE-2026-3910
Vendor: Google
Product: Chromium V8
Date Added: 2026-03-13
Notes: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-3910
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-3910
CISA has updated the KEV catalogue.
- CVE-2026-3909: Google Skia Out-of-Bounds Write Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3909
- CVE-2026-3910: Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-3910 #CISA #Google #infosec #vulnerability
##Trivalent 145.0.7632.75-442755 released:
github.com/secureblue/T...
Google is aware that exploits for both CVE-2026-3909 & CVE-2026-3910 exist in the wild.
Release 146.0.7680.75-443342 ·...
updated 2026-03-13T21:32:01
3 posts
1 repos
🔴 CVE-2026-3891 - Critical (9.8)
The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3891 - Critical (9.8)
The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-3891 (CRITICAL, CVSS 9.8): Pix for WooCommerce plugin allows unauthenticated file uploads via missing checks, risking RCE. Disable/uninstall or apply mitigations now. Affects all versions. Full details: https://radar.offseq.com/threat/cve-2026-3891-cwe-434-unrestricted-upload-of-file--f5fb3cc6 #OffSeq #WordPress #WooCommerce #Vuln
##updated 2026-03-13T21:32:01
1 posts
🟠 CVE-2026-32458 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <= 1.0.8.7.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32458/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:00
3 posts
🟠 CVE-2026-32426 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through &...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32426 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through &...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32426 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Medilazar Core medilazar-core allows PHP Local File Inclusion.This issue affects Medilazar Core: from n/a through &...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:00
3 posts
🟠 CVE-2026-32422 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32422 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32422 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through <= 5.8.13.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:00
1 posts
🟠 CVE-2026-32418 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32418/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:00
1 posts
🟠 CVE-2026-32433 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: fro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32433/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:00
1 posts
🟠 CVE-2026-32459 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through <= 2.2.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32459/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:32:00
1 posts
🟠 CVE-2026-4111 - High (7.5)
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4111/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:59
1 posts
🟠 CVE-2026-32366 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through <= ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32366/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:59
1 posts
🟠 CVE-2026-32400 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemetechMount Boldman boldman allows PHP Local File Inclusion.This issue affects Boldman: from n/a through <= 7.7.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32400/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:58
1 posts
🟠 CVE-2026-22202 - High (8.1)
wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomme...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22202/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:58
1 posts
🔴 CVE-2026-25818 - Critical (9.1)
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to find the u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25818/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:58
1 posts
🟠 CVE-2026-31917 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through <= 1.16.10.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31917/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:57
1 posts
🟠 CVE-2026-0957 - High (7.8)
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:57
1 posts
🟠 CVE-2026-0956 - High (7.8)
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:57
1 posts
🟠 CVE-2026-0954 - High (7.8)
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0954/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:57
1 posts
🟠 CVE-2026-22182 - High (7.5)
wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. Attackers can repeatedly call the wpdiscuz-ajax....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22182/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:57
1 posts
🟠 CVE-2026-25817 - High (8.8)
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25817/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:57
1 posts
🟠 CVE-2026-25819 - High (7.5)
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25819/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:49
1 posts
🟠 CVE-2025-13777 - High (8.3)
Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13777/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:51:15
1 posts
🚨 CRITICAL: CVE-2026-32621 in @Apollo federation-internals enables prototype pollution — risking code execution & data compromise. Affects versions <2.9.6, <2.10.5, <2.11.6, <2.12.3, <2.13.2. Patch now! https://radar.offseq.com/threat/cve-2026-32621-cwe-1321-improperly-controlled-modi-1de28d7f #OffSeq #CVE202632621 #GraphQL #Security
##updated 2026-03-13T20:45:13.817000
1 posts
Microsoft Authenticator potrebbe divulgare i codici di accesso: se lo stai usando, aggiorna subito l'app
Una vulnerabilità in Microsoft Authenticator per iOS e Android ( CVE-2026-26123 ) potrebbe far trapelare i codici di accesso monouso o i deep link di autenticazione a un'app dannosa sullo stesso dispositivo.
##updated 2026-03-13T20:41:44
1 posts
🟠 CVE-2026-2229 - High (7.5)
ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2229/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:20:31.943000
1 posts
🔴 CVE-2026-32133 - Critical (9.1)
2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32133/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:07:26
1 posts
🟠 CVE-2026-1528 - High (7.5)
ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process.
Patche...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1528/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:06:54.667000
1 posts
🟠 CVE-2026-1526 - High (7.5)
The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses inco...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1526/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:02:20
1 posts
🟠 CVE-2026-32260 - High (8.1)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:child_process polyfill (shell: true mode) that bypasses the fix for CVE-2026-27190. The two-stage argument san...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:40.363000
1 posts
🟠 CVE-2026-32141 - High (7.5)
flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32141/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T19:54:32.090000
1 posts
🔴 CVE-2026-28792 - Critical (9.6)
Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration (Access-Control-Allow-Origin: *) with the path traversal vulnerability (previously reported) to enable a browser-bas...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28792/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T18:57:34
1 posts
1 repos
🟠 CVE-2026-31899 - High (7.5)
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31899/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T18:32:42
1 posts
🟠 CVE-2026-3914 - High (8.8)
Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3914/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T18:32:41
2 posts
🟠 CVE-2026-3913 - High (8.8)
Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3913/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Google Patches Critical WebML Vulnerability and 28 Other Flaws in Chrome 146
Google released Chrome 146 to patch 29 vulnerabilities, including a critical heap memory flaw in the WebML component (CVE-2026-3913) that allows remote code execution via malicious web pages.
**If you are using Google Chrome or other Chromium-based browsers (Edge, Brave, Vivaldi, Opera...) patch your browser ASAP. Google wouldn't push a new update so soon unless it's serious. Even if you want to debate the severity scoring, it's better to just update. Because while you debate, hackers will find a way to exploit them.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-patches-critical-webml-vulnerability-and-28-other-flaws-in-chrome-146-u-5-m-9-g/gD2P6Ple2L
updated 2026-03-13T18:32:41
1 posts
🟠 CVE-2026-3931 - High (8.8)
Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3931/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T16:03:02.080000
1 posts
🟠 CVE-2026-32137 - High (8.8)
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32137/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T16:02:22.993000
3 posts
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
🔴 CVE-2026-26793 - Critical (9.8)
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulnerability via the set_config function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26793/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:49:20.827000
1 posts
🟠 CVE-2026-32121 - High (7.7)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of pat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:47:50.460000
1 posts
🟠 CVE-2026-32123 - High (7.7)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults form_encounter for sensitivity, while grou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:43:22.277000
1 posts
🟠 CVE-2026-3919 - High (8.8)
Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3919/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:43:00.290000
1 posts
🟠 CVE-2026-3915 - High (8.8)
Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3915/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:42:22.127000
1 posts
🟠 CVE-2026-3922 - High (8.8)
Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:42:16.763000
1 posts
🟠 CVE-2026-3923 - High (8.8)
Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3923/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T15:41:12.790000
1 posts
🟠 CVE-2026-3926 - High (8.8)
Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T13:36:16
2 posts
🔴 CVE-2026-32248 - Critical (9.8)
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account that was created with an authentication provider...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32248/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-32248 in parse-server (>=9.0.0, <9.6.0-alpha.12, <8.6.38) allows unauth attackers to hijack accounts if anonymous auth is enabled. MongoDB & PostgreSQL affected. Upgrade ASAP or disable anonymous auth! https://radar.offseq.com/threat/cve-2026-32248-cwe-943-improper-neutralization-of--cc26229b #OffSeq #CVE202632248 #infosec
##updated 2026-03-13T13:36:11
1 posts
🚨 CVE-2026-32242: CRITICAL race condition in parse-server (>=9.0.0 <9.6.0-alpha.11, <8.6.37) lets OAuth2 tokens be validated against wrong provider configs. Patch to 9.6.0-alpha.11/8.6.37! https://radar.offseq.com/threat/cve-2026-32242-cwe-362-concurrent-execution-using--7a67bf5f #OffSeq #parseServer #OAuth2 #RaceCondition
##updated 2026-03-13T13:36:06
1 posts
🟠 CVE-2026-32247 - High (8.1)
Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled lab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32247/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T13:35:26
1 posts
🟠 CVE-2026-32246 - High (8.5)
Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session (password verified, TOTP not yet completed) to obtain authorization codes. An attacker who knows a use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32246/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:35:01
2 posts
🚨 CRITICAL: CVE-2026-3611 impacts Honeywell IQ4E (v3.50_3.44) — missing web HMI authentication lets remote attackers create admin accounts, lock out operators, and control building systems. Restrict access & create user accounts ASAP. https://radar.offseq.com/threat/cve-2026-3611-cwe-306-missing-authentication-for-c-2be1059b #OffSeq #ICS #Honeywell
##🔴 CVE-2026-3611 - Critical (10)
The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Gu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3611/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:34:46
1 posts
🔴 CVE-2026-3916 - Critical (9.6)
Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3916/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:34:46
1 posts
🟠 CVE-2026-3918 - High (8.8)
Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3918/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:08:22.643000
1 posts
🟠 CVE-2026-32117 - High (7.6)
The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign() / window.open() with no scheme validation. An attack...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32117/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-3970 - High (8.8)
A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. Executing a manipulation of the argument index can lead to stack-based buffer overflow. The attack may be launched remotely. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3970/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-3973 - High (8.8)
A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer ov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3973/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-3975 - High (8.8)
A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wl_radio re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3975/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
2 posts
🟠 CVE-2026-3978 - High (8.8)
A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be lau...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3978/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3978 - High (8.8)
A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based buffer overflow. The attack can be lau...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3978/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-4008 - High (8.8)
A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4008/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-32231 - High (8.2)
ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webhook channel trusts caller-supplied identity fields (sender, chat_id) from the request body and applies authorization checks to those untrusted values. Because authentication is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32231/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🟠 CVE-2026-21672 - High (8.8)
A vulnerability allowing local privilege escalation on Windows-based Veeam Backup & Replication servers.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21672/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T21:07:53.427000
1 posts
🔴 CVE-2026-21708 - Critical (9.9)
A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21708/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T20:32:29
1 posts
🟠 CVE-2026-28793 - High (8.4)
Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the inte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28793/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T18:32:23
3 posts
The 'multipart' #python library got an independent #security audit and I only know about that because they found something -> CVE-2026-28356
This is great, actually! Someone looked into it so thoroughly that they found an obscure single-character issue in a regular expression ... and didn't find anything else! Which means I can now be really confident about the security of this library. Nice!
##🟠 CVE-2026-28356 - High (7.5)
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parse_options_header() function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking (...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28356/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T18:31:33
1 posts
🟠 CVE-2026-3936 - High (8.8)
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3936/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:31:28
1 posts
🟠 CVE-2026-3921 - High (8.8)
Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3921/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:30:32
2 posts
🟠 CVE-2026-21668 - High (8.8)
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21668 - High (8.8)
A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:30:31
1 posts
🟠 CVE-2026-21670 - High (7.7)
A vulnerability allowing a low-privileged user to extract saved SSH credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21670/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:30:26
3 posts
🔴 CVE-2026-21671 - Critical (9.1)
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21671/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-21671 - Critical (9.1)
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21671/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-21671 - Critical (9.1)
A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21671/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:30:25
1 posts
🟠 CVE-2026-3924 - High (7.5)
use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3924/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:30:25
1 posts
🟠 CVE-2026-3920 - High (8.8)
Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3920/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T15:30:25
1 posts
🟠 CVE-2026-3917 - High (8.8)
Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3917/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T14:49:31
1 posts
🟠 CVE-2026-32101 - High (7.6)
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized() function is declared async (returns Promise) but is called without await in both the POST and PUT handle...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T14:47:49
2 posts
AdGuard Home Patches Critical Authentication Bypass Vulnerability
AdGuard Home patched a critical authentication bypass (CVE-2026-32136) that allowed unauthenticated attackers to gain full administrative control by exploiting HTTP/2 Cleartext (h2c) upgrade requests.
**Update your AdGuard Home instances to version 0.107.73 and make sure the interfaces are restricted to local network access to minimize the risk of remote exploitation.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/adguard-home-patches-critical-authentication-bypass-vulnerability-v-9-u-7-u/gD2P6Ple2L
🔴 CVE-2026-32136 - Critical (9.8)
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.73, an unauthenticated remote attacker can bypass all authentication in AdGuardHome by sending an HTTP/1.1 request that requests an upgrade to HTTP/2 cleartext (...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32136/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T14:23:15
1 posts
🟠 CVE-2026-32110 - High (8.3)
SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32110/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T14:07:39
1 posts
🔴 CVE-2026-27591 - Critical (9.9)
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27591/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T03:31:16
1 posts
🟠 CVE-2026-3657 - High (7.5)
The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `stickymenu_contact_lead_form` AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3657/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T03:31:16
1 posts
🟠 CVE-2026-3974 - High (8.8)
A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T03:31:15
1 posts
🟠 CVE-2026-3971 - High (8.8)
A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument index/GO leads to stack-based buffer overflow. Remote exploit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3971/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T03:31:15
1 posts
🟠 CVE-2026-3972 - High (8.8)
A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3972/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-12T03:31:15
1 posts
🟠 CVE-2026-3976 - High (8.8)
A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to sta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3976/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-11T21:11:31
2 posts
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
updated 2026-03-11T19:40:09.533000
1 posts
31 repos
https://github.com/AbdulRKB/n8n-RCE
https://github.com/intbjw/CVE-2025-68613-poc-via-copilot
https://github.com/reem-012/poc_CVE-2025-68613
https://github.com/Rishi-kaul/n8n-CVE-2025-68613
https://github.com/GnuTLam/POC-CVE-2025-68613
https://github.com/shibaaa204/CVE-2025-68613
https://github.com/r4j3sh-com/CVE-2025-68613-n8n-lab
https://github.com/intelligent-ears/CVE-2025-68613
https://github.com/JohannesLks/CVE-2025-68613-Python-Exploit
https://github.com/releaseown/analysis-and-poc-n8n-CVE-2025-68613
https://github.com/secjoker/CVE-2025-68613
https://github.com/Ak-cybe/CVE-2025-68613-n8n-rce-analysis
https://github.com/Dlanang/homelab-CVE-2025-68613
https://github.com/ali-py3/Exploit-CVE-2025-68613
https://github.com/manyaigdtuw/CVE-2025-68613_Scanner
https://github.com/TheInterception/n8n_CVE-2025-68613_exploit_payloads
https://github.com/ahmedshamsddin/n8n-RCE-CVE-2025-68613
https://github.com/LingerANR/n8n-CVE-2025-68613
https://github.com/J4ck3LSyN-Gen2/n8n-CVE-2025-68613-TryHackMe
https://github.com/gagaltotal/n8n-cve-2025-68613
https://github.com/nehkark/CVE-2025-68613
https://github.com/mbanyamer/n8n-Authenticated-Expression-Injection-RCE-CVE-2025-68613
https://github.com/Khin-96/n8n-cve-2025-68613-thm
https://github.com/TheStingR/CVE-2025-68613-POC
https://github.com/rxerium/CVE-2025-68613
https://github.com/hackersatyamrastogi/n8n-exploit-CVE-2025-68613-n8n-God-Mode-Ultimate
https://github.com/Victorhugofariasvieir66/relatorio-n8n.md
https://github.com/wioui/n8n-CVE-2025-68613-exploit
https://github.com/h3raklez/CVE-2025-68613
⚠️ CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
「 The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patched by n8n in December 2025 in versions 1.120.4, 1.121.1, and 1.122.0. CVE-2025-68613 is the first n8n vulnerability to be placed in the KEV catalog 」
https://thehackernews.com/2026/03/cisa-flags-actively-exploited-n8n-rce.html
updated 2026-03-11T18:30:40
1 posts
Critical Splunk RCE Vulnerability (CVE-2026–20163) Lets Attackers Run Shell Commands on Your Server
The discovered vulnerability is a Remote Code Execution (RCE) in Splunk, a popular data processing software. The flaw stems from insufficient input validation in the application's search interface. By constructing a crafted search query, an attacker can exploit the vulnerability and execute arbitrary shell commands on the target server. Specifically, an attacker can utilize the 'enableJavaScript' and 'enableCookies' search commands to trigger the RCE. When the search interface receives a request, it inadvertently executes JavaScript provided by the attacker, enabling further exploitation. The impact of this vulnerability is severe, as it allows unauthorized execution of commands with the privileges of the Splunk user, potentially leading to data breaches or unauthorized access. The researcher received a $15,000 bounty from Splunk for reporting this critical issue. To remediate, Splunk suggests implementing input validation and sanitization for user-supplied search queries. Key lesson: Always validate user inputs to prevent RCE attacks. #BugBounty #Cybersecurity #RCE #Splunk #InputValidation
updated 2026-03-11T13:53:47.157000
1 posts
Siemens Patches Critical Code Injection Flaw in SIMATIC S7-1500 Controllers
Siemens reports a critical code injection vulnerability (CVE-2025-40943) in SIMATIC S7-1500 controllers that allows attackers to take full control of devices via malicious trace files. The flaw affects numerous industrial CPUs and requires users to update to version 4.1.2 or restrict web server access.
**If you are using Siemens SIMATIC S7-1500 controllers, make sure they are isolated from the internet, especially the web management interface. If the interface is not actively used, just disable it. Then plan a patch of the controllers. It's going to be a long process, many different models are affected.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/siemens-patches-critical-code-injection-flaw-in-simatic-s7-1500-controllers-n-r-v-k-0/gD2P6Ple2L
updated 2026-03-11T06:31:47
3 posts
2 repos
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
Over 200,000 #WordPress sites are exposed due to an SQL injection flaw in the Ally plugin (CVE-2026-2413), allowing attackers to extract database data. Patch released, but many sites remain vulnerable.
Read: https://hackread.com/sql-injection-vulnerability-ally-wordpress-plugin/
##updated 2026-03-10T18:31:30
2 posts
LnkMeMaybe - A Review of CVE-2026-25185
#CVE_2026_25185
https://trustedsec.com/blog/lnkmemaybe-a-review-of-cve-2026-25185
LnkMeMaybe - A Review of CVE-2026-25185
#CVE_2026_25185
https://trustedsec.com/blog/lnkmemaybe-a-review-of-cve-2026-25185
updated 2026-03-09T14:16:05.083000
2 posts
2 repos
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
updated 2026-03-05T17:57:37.233000
1 posts
📢 CVE-2026-27971 : RCE non authentifiée dans Qwik via désérialisation server$, corrigée en 1.19.1
📝 Selon un avis de sécurité GitHub (dépôt QwikDev/qwik) publié le 2 mars 2026, le package npm @builder.io/qwik e...
📖 cyberveille : https://cyberveille.ch/posts/2026-03-08-cve-2026-27971-rce-non-authentifiee-dans-qwik-via-deserialisation-server-corrigee-en-1-19-1/
🌐 source : https://github.com/QwikDev/qwik/security/advisories/GHSA-p9x5-jp3h-96mm
#CVE_2026_27971 #Qwik #Cyberveille
updated 2026-03-03T21:52:29.877000
1 posts
1 repos
updated 2026-02-25T18:31:45
2 posts
7 repos
https://github.com/leemuun/CVE-2026-20127
https://github.com/BugFor-Pings/CVE-2026-20127_EXP
https://github.com/randeepajayasekara/CVE-2026-20127
https://github.com/sfewer-r7/CVE-2026-20127
https://github.com/abrahamsurf/sdwan-scanner-CVE-2026-20127
https://github.com/yonathanpy/CVE-2026-20127-Cisco-SD-WAN-Preauth-RCE
https://github.com/zerozenxlabs/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE
US agencies face a CISA deadline to secure networks after a critical Cisco SD-WAN flaw (CVE-2026-20127) exposed federal systems to long-term intrusion and admin access.
Read: https://hackread.com/us-agencies-cisa-deadline-critical-cisco-sd-wan-flaw/
##Check your #Cisco #SDWAN deployments about Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20127
How to mitigate #vulnerabilities in Cisco SD-WAN Systems can be found here: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems
##updated 2026-02-20T22:20:05
1 posts
🟠 CVE-2026-32260 - High (8.1)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:child_process polyfill (shell: true mode) that bypasses the fix for CVE-2026-27190. The two-stage argument san...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:08
1 posts
1 repos
No bad luck here! 🍀 The Metasploit weekly wrapup is live with 3 new modules: LeakIX Search, Linux RC4 payload packer, and an unauthenticated RCE for SPIP Saisies (CVE-2025-71243). Plus, check out Metasploit Pro 5.0.0!
Read the full details: https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-13-2026/ #Metasploit
##updated 2026-02-13T20:43:44.690000
1 posts
An update of #gpg4win has been released: Version 5.0.2. See https://gpg4win.org
An update to this version is recommended due to the following security fixes:
- A security bug in GpgOL has been fixed which could result in no warning shown to the user when a signed mail contained a not signed attachment after a signed one. (T8110)
- The libpng component has been updated to version 1.6.55 to fix a security issue (CVE-2026-25646). This is only exploitable in our software if a mail is opened via Kleopatra.
##updated 2026-02-02T15:04:41.717000
2 posts
2 repos
Claude Code Security Analysis: Understanding the CVE-2026-21852 API Key Exfiltration Vulnerability | HackerNoon
https://hackernoon.com/claude-code-security-analysis-understanding-the-cve-2026-21852-api-key-exfiltration-vulnerability?utm_source=flipboard&utm_medium=activitypub
Posted into Hacker Noon @hacker-noon-HackerNoon
##Claude Code Security Analysis: Understanding the CVE-2026-21852 API Key Exfiltration Vulnerability…
#technology #thegeektribune
https://hackernoon.com/claude-code-security-analysis-understanding-the-cve-2026-21852-api-key-exfiltration-vulnerability?source=rss
updated 2026-01-28T00:31:41
1 posts
5 repos
https://github.com/absholi7ly/CVE-2026-24858-FortiCloud-SSO-Authentication-Bypass
https://github.com/m0d0ri205/CVE-2026-24858
https://github.com/gagaltotal/cve-2026-24858
https://github.com/SimoesCTT/SCTT-2026-33-0004-FortiCloud-SSO-Identity-Singularity
Critical Authentication Bypass and Smuggling Flaws Impact Siemens RUGGEDCOM APE1808
Siemens disclosed four vulnerabilities in RUGGEDCOM APE1808 devices, including a critical authentication bypass (CVE-2026-24858) that allows attackers to hijack devices via FortiCloud SSO. The flaws also include HTTP request smuggling and format string vulnerabilities that could lead to unauthorized code execution or policy bypass.
**If you use RUGGEDCOM APE1808 devices with FortiOS, this is now urgent and important. The most critical item is a Fortinet flaw, and Fortinet is very much targeted by hackers. Update to version 7.4.11 ASAP. Isolation is not really a solution for a firewall that's designed operate between an insecure and secure networks.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-and-smuggling-flaws-impact-siemens-ruggedcom-ape1808-y-7-4-o-r/gD2P6Ple2L
updated 2025-08-13T03:30:25
1 posts
----------------
🛡️ Tool — Sec-Context: AI Code Security Anti-Patterns
Sec-Context provides two large, machine-readable anti-pattern documents intended for automated review and model conditioning. The repository consolidates findings from 150+ sources into ANTI_PATTERNS_BREADTH (~65K tokens) and ANTI_PATTERNS_DEPTH (~100K tokens). The breadth file enumerates 25+ anti-patterns with pseudocode bad/good examples, CWE cross-references, severity ratings, and a quick lookup table. The depth file focuses on seven highest-priority vulnerabilities with multiple code examples, attack scenarios, edge cases, and detailed mitigation trade-offs.
Key technical contents reported:
• Document sizes: breadth ≈ 65k tokens, depth ≈ 100k tokens.
• Prioritization metric: Frequency ×2 + Severity ×2 + Detectability.
• Top-ranked anti-patterns include Dependency Risks (Slopsquatting), XSS (86% failure rate reported in AI-generated code), Hardcoded Secrets (rapid scraping after exposure), SQL Injection (thousands of instances in training data), and a real-world referenced CVE: CVE-2025-53773 for Command Injection.
Practical artifacts in the files:
• Pseudocode BAD/GOOD snippets per pattern.
• CWE mappings and severity annotations.
• Multiple concrete attack scenarios and edge cases for high-priority patterns.
• Suggested usage modes: include entire document in large-context models, extract relevant sections for smaller-context workflows, or run a dedicated review agent/skill that checks code against all patterns and returns specific findings.
Limitations and operational notes (as reported):
• Files are intentionally large to be comprehensive and may require models with extended context or chunked-review workflows.
• The guide emphasizes detection and remediation patterns; it does not provide deployment or execution instructions.
Hashtags: #XSS #CVE-2025-53773 #dependency_squatting #LLM
##updated 2024-08-22T18:31:21
2 posts
CVE-2024-45163: Remote DoS in Mirai C2 – research writeup + what it led me to build https://flowtriq.com/blog/cve-2024-45163
##customer sent a CVE code claimed to be from tar… it’s CVE-2026-26969 and it does not even exist :cat_burning:
already having a meltdown from an insurance company with three letters because their scanner is caching old images for some reason and today I have to generate SBOM to prove (for the third time) that we fixed them :cat_fall:
#security #thisshitissoass
customer sent a CVE code claimed to be from tar… it’s CVE-2026-26969 and it does not even exist :cat_burning:
already having a meltdown from an insurance company with three letters because their scanner is caching old images for some reason and today I have to generate SBOM to prove (for the third time) that we fixed them :cat_fall:
#security #thisshitissoass
🚁 CVE-2026-32708 (HIGH): Stack-based buffer overflow in PX4-Autopilot (<1.17.0-rc2) via Zenoh uORB subscriber. Exploitable w/ local privileges; could crash or compromise drones. Upgrade ASAP. https://radar.offseq.com/threat/cve-2026-32708-cwe-121-stack-based-buffer-overflow-a8d143e4 #OffSeq #DroneSecurity #CVE #Infosec
##🚨 CRITICAL: CVE-2026-32626 in AnythingLLM Desktop ≤1.11.1 lets attackers run code via XSS → RCE (CVSS 9.7). No patch yet. Restrict chat, harden Electron, sanitize input. High risk, act now! More: https://radar.offseq.com/threat/cve-2026-32626-cwe-79-improper-neutralization-of-i-a50f3d86 #OffSeq #XSS #RCE #InfoSec
##🟠 CVE-2026-31944 - High (7.6)
LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP (Model Context Protocol) OAuth callback endpoint accepts the redirect from the identity provider and stores OAuth tokens for the user who initiated the flow, w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##1 posts
1 repos
https://github.com/ChrisSub08/CVE-2026-32127_SqlInjectionVulnerabilityOpenEMR8.0.0
🟠 CVE-2026-32127 - High (8.8)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, OpenEMR contains a SQL injection vulnerability in the ajax graphs library that can be exploited by authenticated attackers. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32127/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32131 - High (7.7)
ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token (e.g., project.read, project.gr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32131/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32130 - High (7.5)
ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a System for Cross-domain Identity Management (SCIM) API to provision users from external providers into Zitadel. Request to the API w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32130/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32140 - High (8.8)
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject danger...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32140/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: CVE-2026-32251 in tolgee-platform (<3.166.3) allows authenticated users to exploit XXE for file read & SSRF. Patch to 3.166.3+ ASAP! Limit XML imports & monitor for abuse. Details: https://radar.offseq.com/threat/cve-2026-32251-cwe-611-improper-restriction-of-xml-6ee364da #OffSeq #CVE202632251 #infosec #XXE
##🟠 CVE-2026-32138 - High (8.2)
NEXULEAN is a cybersecurity portfolio & service platform for an Ethical Hacker, AI Enthusiast, and Penetration Tester. Prior to 2.0.0, a security vulnerability was identified where Firebase and Web3Forms API keys were exposed. An attacker could us...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32138/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25529 - High (8.1)
Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25529/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27940 - High (7.8)
llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread() writes 528+ bytes of ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27940/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21887 - High (7.7)
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.8.16, the OpenCTI platform’s data ingestion feature accepts user-supplied URLs without validation and uses the Axios HTTP client with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21887/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##