| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27269 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T21:32:24 | Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vul | |
| CVE-2026-27275 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T21:32:24 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds | |
| CVE-2026-27273 | 7.8 | 0.00% | 2 | 0 | 2026-03-10T21:32:24 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds | |
| CVE-2026-27274 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T21:32:24 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds | |
| CVE-2026-27277 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T21:32:17 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free | |
| CVE-2025-13476 | 9.8 | 0.05% | 1 | 0 | 2026-03-10T21:32:12 | Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0βv25.8.1.0 u | |
| CVE-2026-24457 | 9.1 | 0.19% | 1 | 0 | 2026-03-10T19:52:11.887000 | An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read ar | |
| CVE-2025-45691 | 7.5 | 0.05% | 1 | 0 | 2026-03-10T19:38:22.443000 | An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in | |
| CVE-2025-14675 | 7.2 | 0.68% | 1 | 0 | 2026-03-10T19:34:20 | The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due t | |
| CVE-2026-27280 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T19:17:20.250000 | DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-27279 | 7.8 | 0.00% | 2 | 0 | 2026-03-10T19:17:20.080000 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds | |
| CVE-2026-27276 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T19:17:19.740000 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free | |
| CVE-2026-26801 | 7.5 | 0.00% | 1 | 0 | 2026-03-10T19:17:17.430000 | Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta. | |
| CVE-2026-26738 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T19:17:16.893000 | Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows | |
| CVE-2025-11158 | 9.1 | 0.04% | 1 | 0 | 2026-03-10T19:17:08.173000 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, i | |
| CVE-2026-3703 | 9.8 | 0.07% | 2 | 0 | 2026-03-10T18:55:10.750000 | A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_4 | |
| CVE-2026-3630 | 9.8 | 0.04% | 3 | 0 | 2026-03-10T18:48:52.193000 | Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability. | |
| CVE-2026-27826 | 8.2 | 0.00% | 2 | 1 | 2026-03-10T18:48:50 | ### Summary An unauthenticated attacker who can reach the mcp-atlassian HTTP end | |
| CVE-2026-3823 | 8.8 | 0.14% | 3 | 0 | 2026-03-10T18:46:53.270000 | EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Ov | |
| CVE-2026-30944 | 8.8 | 0.00% | 2 | 0 | 2026-03-10T18:45:50 | ## Summary The /studiocms_api/dashboard/api-tokens endpoint allows any authentic | |
| CVE-2026-30957 | 10.0 | 0.00% | 3 | 0 | 2026-03-10T18:45:14 | ### Summary OneUptime Synthetic Monitors allow a low-privileged authenticated p | |
| CVE-2026-30956 | 10.0 | 0.00% | 1 | 0 | 2026-03-10T18:45:04 | ### Summary A lowβprivileged user can bypass authorization and tenant isolation | |
| CVE-2026-30921 | 10.0 | 0.01% | 2 | 0 | 2026-03-10T18:44:25 | Summary OneUptime Synthetic Monitors allow low-privileged project users to subm | |
| CVE-2026-30869 | 9.3 | 0.43% | 1 | 0 | 2026-03-10T18:43:20 | ### Summary A path traversal vulnerability in the `/export` endpoint allows an a | |
| CVE-2026-28292 | 9.8 | 0.00% | 1 | 0 | 2026-03-10T18:38:58 | ### Summary The `blockUnsafeOperationsPlugin` in `simple-git` fails to block gi | |
| CVE-2026-30910 | 7.5 | 0.01% | 1 | 0 | 2026-03-10T18:32:20 | Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overf | |
| CVE-2026-26130 | 7.5 | 0.00% | 3 | 0 | 2026-03-10T18:31:31 | Allocation of resources without limits or throttling in ASP.NET Core allows an u | |
| CVE-2026-26134 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:31:31 | Integer overflow or wraparound in Microsoft Office allows an authorized attacker | |
| CVE-2026-3845 | 8.8 | 0.00% | 2 | 0 | 2026-03-10T18:31:31 | Heap buffer overflow in the Audio/Video: Playback component in Firefox for Andro | |
| CVE-2026-26141 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:31:30 | Improper authentication in Azure Arc allows an authorized attacker to elevate pr | |
| CVE-2026-26132 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:31:30 | Use after free in Windows Kernel allows an authorized attacker to elevate privil | |
| CVE-2026-26148 | 8.2 | 0.00% | 1 | 0 | 2026-03-10T18:31:30 | External initialization of trusted variables or data stores in Azure Entra ID al | |
| CVE-2026-3847 | 8.8 | 0.00% | 2 | 1 | 2026-03-10T18:31:30 | Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidenc | |
| CVE-2026-1261 | 7.2 | 0.07% | 1 | 0 | 2026-03-10T18:31:26 | The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scriptin | |
| CVE-2026-3585 | 7.5 | 0.06% | 2 | 0 | 2026-03-10T18:31:24 | The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in | |
| CVE-2026-2364 | 7.3 | 0.01% | 2 | 0 | 2026-03-10T18:31:24 | If a legitimate user confirms a self-update prompt or initiate an installation o | |
| CVE-2026-1508 | 4.3 | 0.00% | 1 | 0 | 2026-03-10T18:31:24 | The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check i | |
| CVE-2025-41712 | 6.5 | 0.03% | 2 | 0 | 2026-03-10T18:31:24 | An unauthenticated remote attacker who tricks a user to upload a manipulated HTM | |
| CVE-2025-41711 | 5.3 | 0.02% | 2 | 0 | 2026-03-10T18:31:24 | An unauthenticated remote attacker can use firmware images to extract password h | |
| CVE-2026-0953 | 9.8 | 0.04% | 1 | 0 | 2026-03-10T18:31:24 | The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in | |
| CVE-2026-3843 | 9.8 | 0.46% | 2 | 0 | 2026-03-10T18:19:05.287000 | Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux conta | |
| CVE-2026-3483 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:19:01.720000 | An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local | |
| CVE-2026-30987 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:18:58.003000 | iccDEV provides a set of libraries and tools for working with ICC color manageme | |
| CVE-2026-30979 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:18:56.700000 | iccDEV provides a set of libraries and tools for working with ICC color manageme | |
| CVE-2026-30934 | 8.9 | 0.00% | 1 | 0 | 2026-03-10T18:18:53.257000 | FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3 | |
| CVE-2026-30933 | 7.5 | 0.00% | 4 | 0 | 2026-03-10T18:18:53.070000 | FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3 | |
| CVE-2026-30240 | 9.6 | 0.03% | 2 | 0 | 2026-03-10T18:18:50.127000 | Budibase is a low code platform for creating internal tools, workflows, and admi | |
| CVE-2026-2339 | 7.5 | 0.00% | 1 | 0 | 2026-03-10T18:18:48.393000 | Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Sof | |
| CVE-2026-26144 | 7.5 | 0.00% | 3 | 0 | 2026-03-10T18:18:43.110000 | Improper neutralization of input during web page generation ('cross-site scripti | |
| CVE-2026-26131 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:18:42.393000 | Incorrect default permissions in .NET allows an authorized attacker to elevate p | |
| CVE-2026-26128 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:18:41.903000 | Improper authentication in Windows SMB Server allows an authorized attacker to e | |
| CVE-2026-26127 | 7.5 | 0.00% | 1 | 0 | 2026-03-10T18:18:41.713000 | Out-of-bounds read in .NET allows an unauthorized attacker to deny service over | |
| CVE-2026-26121 | 7.5 | 0.00% | 1 | 0 | 2026-03-10T18:18:41.347000 | Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized | |
| CVE-2026-26118 | 8.8 | 0.00% | 1 | 0 | 2026-03-10T18:18:41.180000 | Server-side request forgery (ssrf) in Azure MCP Server allows an authorized atta | |
| CVE-2026-26117 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:18:41.017000 | Authentication bypass using an alternate path or channel in Azure Windows Virtua | |
| CVE-2026-26113 | 8.4 | 0.00% | 1 | 0 | 2026-03-10T18:18:40.177000 | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacke | |
| CVE-2025-41710 | 6.5 | 0.03% | 2 | 0 | 2026-03-10T18:17:56.187000 | An unauthenticated remote attacker may use hardcodes credentials to get access t | |
| CVE-2025-41709 | 9.8 | 0.05% | 2 | 0 | 2026-03-10T18:17:55.980000 | [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allo | |
| CVE-2026-27944 | 9.8 | 0.05% | 4 | 3 | template | 2026-03-10T18:11:27.450000 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3. |
| CVE-2026-30920 | 8.6 | 0.01% | 2 | 0 | 2026-03-10T17:40:16 | OneUptime is a solution for monitoring and managing online services. Prior to 10 | |
| CVE-2026-27685 | 9.1 | 0.04% | 1 | 0 | 2026-03-10T17:38:10.980000 | SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged use | |
| CVE-2026-1603 | 8.6 | 67.72% | 3 | 0 | template | 2026-03-10T15:31:30 | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allo |
| CVE-2026-3698 | 8.8 | 0.04% | 1 | 0 | 2026-03-10T15:21:52.560000 | A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affect | |
| CVE-2026-27603 | 7.5 | 0.07% | 1 | 0 | 2026-03-10T14:02:36.263000 | Chartbrew is an open-source web application that can connect directly to databas | |
| CVE-2026-3288 | 8.8 | 0.04% | 2 | 1 | 2026-03-10T09:32:52 | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubern | |
| CVE-2026-28693 | 8.1 | 0.04% | 1 | 0 | 2026-03-10T07:43:44.577000 | ImageMagick is free and open-source software used for editing and manipulating d | |
| CVE-2026-28431 | 0 | 0.04% | 1 | 0 | 2026-03-10T07:43:35.600000 | Misskey is an open source, federated social media platform. All Misskey servers | |
| CVE-2025-69219 | 8.8 | 0.03% | 1 | 1 | 2026-03-10T01:21:25 | A user with access to the DB could craft a database entry that would result in e | |
| CVE-2025-70238 | 7.5 | 0.04% | 1 | 0 | 2026-03-09T21:32:45 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2026-3638 | 5.9 | 0.03% | 1 | 0 | 2026-03-09T21:31:49 | Improper access control in user and role restore API endpoints in Devolutions Se | |
| CVE-2025-61612 | 7.5 | 0.15% | 1 | 0 | 2026-03-09T21:31:37 | In nr modem, there is a possible system crash due to improper input validation. | |
| CVE-2025-69278 | 7.5 | 0.15% | 1 | 0 | 2026-03-09T21:31:37 | In nr modem, there is a possible system crash due to improper input validation. | |
| CVE-2025-61616 | 7.5 | 0.15% | 1 | 0 | 2026-03-09T21:31:37 | In nr modem, there is a possible system crash due to improper input validation. | |
| CVE-2025-61614 | 7.5 | 0.15% | 1 | 0 | 2026-03-09T21:31:37 | In nr modem, there is a possible system crash due to improper input validation. | |
| CVE-2025-61613 | 7.5 | 0.15% | 1 | 0 | 2026-03-09T21:31:37 | In nr modem, there is a possible system crash due to improper input validation. | |
| CVE-2025-26399 | 9.8 | 34.23% | 4 | 1 | 2026-03-09T21:31:33 | SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxP | |
| CVE-2021-22054 | 7.5 | 93.74% | 3 | 1 | template | 2026-03-09T21:31:33 | VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20. |
| CVE-2025-61615 | 7.5 | 0.15% | 1 | 0 | 2026-03-09T21:16:12.193000 | In nr modem, there is a possible system crash due to improper input validation. | |
| CVE-2025-61611 | 7.5 | 0.28% | 1 | 0 | 2026-03-09T21:16:11.650000 | In modem, there is a possible improper input validation. This could lead to remo | |
| CVE-2026-0846 | 8.6 | 0.08% | 2 | 0 | 2026-03-09T20:16:05.703000 | A vulnerability in the `filestring()` function of the `nltk.util` module in nltk | |
| CVE-2025-69279 | 7.5 | 0.15% | 1 | 0 | 2026-03-09T20:16:02.263000 | In nr modem, there is a possible system crash due to improper input validation. | |
| CVE-2026-29784 | 7.5 | 0.02% | 1 | 0 | 2026-03-09T20:06:23.960000 | Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, in | |
| CVE-2025-70363 | 7.5 | 0.05% | 1 | 0 | 2026-03-09T19:16:00.890000 | Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ci | |
| CVE-2026-3038 | 7.5 | 0.04% | 1 | 0 | 2026-03-09T18:32:49 | The rtsock_msg_buffer() function serializes routing information into a buffer. | |
| CVE-2026-3588 | 7.5 | 0.02% | 1 | 0 | 2026-03-09T18:31:50 | A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 all | |
| CVE-2025-70047 | 7.5 | 0.04% | 1 | 0 | 2026-03-09T18:31:49 | An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered | |
| CVE-2026-25866 | 7.8 | 0.01% | 1 | 0 | 2026-03-09T18:31:49 | MobaXterm versions prior to 26.1 contain an uncontrolled search path element vul | |
| CVE-2026-30863 | None | 0.07% | 1 | 1 | 2026-03-09T17:42:26 | ### Impact The Google, Apple, and Facebook authentication adapters use JWT veri | |
| CVE-2026-30860 | 9.9 | 0.16% | 1 | 0 | 2026-03-09T17:35:41.243000 | WeKnora is an LLM-powered framework designed for deep document understanding and | |
| CVE-2026-3807 | 8.8 | 0.08% | 1 | 0 | 2026-03-09T16:20:08.637000 | A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impact | |
| CVE-2026-3678 | 8.8 | 0.07% | 1 | 0 | 2026-03-09T16:16:21.987000 | A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function | |
| CVE-2026-30851 | 8.1 | 0.01% | 1 | 0 | 2026-03-09T15:50:55 | ## Summary Caddy's `forward_auth` directive with `copy_headers` generates condi | |
| CVE-2026-30832 | 9.1 | 0.04% | 2 | 0 | 2026-03-09T15:50:39 | While auditing the codebase in the wake of the webhook SSRF fix shipped in v0.11 | |
| CVE-2026-30834 | 7.5 | 0.03% | 1 | 0 | 2026-03-09T15:50:20 | # SSRF with Full Response Exfiltration via Download Handler ### Summary A Serve | |
| CVE-2026-29191 | 9.3 | 0.03% | 1 | 0 | 2026-03-09T15:48:28 | ### Summary A vulnerability was discovered in Zitadel's login V2 interface that | |
| CVE-2026-2919 | 4.3 | 0.01% | 1 | 0 | 2026-03-09T15:30:48 | Malicious scripts could display attacker-controlled web content under spoofed do | |
| CVE-2025-14769 | 7.5 | 0.01% | 1 | 0 | 2026-03-09T15:30:47 | In some cases, the `tcp-setmss` handler may free the packet data and throw an er | |
| CVE-2026-3811 | 8.8 | 0.08% | 2 | 0 | 2026-03-09T15:26:21.790000 | A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the functi | |
| CVE-2026-3728 | 8.8 | 0.08% | 1 | 0 | 2026-03-09T15:24:28.950000 | A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects th | |
| CVE-2026-3729 | 8.8 | 0.08% | 1 | 0 | 2026-03-09T15:24:21.043000 | A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the funct | |
| CVE-2026-3768 | 8.8 | 0.08% | 2 | 0 | 2026-03-09T15:17:08.960000 | A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by th | |
| CVE-2026-2219 | 7.5 | 0.01% | 1 | 0 | 2026-03-09T15:15:57.870000 | It was discovered that dpkg-deb (a component of dpkg, the Debian package managem | |
| CVE-2026-3802 | 8.8 | 0.08% | 1 | 0 | 2026-03-09T15:09:44.737000 | A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue | |
| CVE-2026-3803 | 8.8 | 0.08% | 1 | 0 | 2026-03-09T15:09:33.580000 | A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the funct | |
| CVE-2026-30227 | 0 | 1.01% | 1 | 0 | 2026-03-09T13:35:34.633000 | MimeKit is a C# library which may be used for the creation and parsing of messag | |
| CVE-2025-41758 | 8.8 | 0.18% | 1 | 0 | 2026-03-09T13:35:07.393000 | A low-privileged remote attacker can exploit an arbitrary file write vulnerabili | |
| CVE-2025-41761 | 7.8 | 0.02% | 2 | 0 | 2026-03-09T13:35:07.393000 | A lowβprivileged local attacker who gains access to the UBR service account (e.g | |
| CVE-2025-41756 | 8.1 | 0.10% | 1 | 0 | 2026-03-09T13:35:07.393000 | A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.c | |
| CVE-2026-29779 | 7.5 | 0.03% | 1 | 0 | 2026-03-09T13:35:07.393000 | UptimeFlare is a serverless uptime monitoring & status page solution, powered by | |
| CVE-2026-28678 | 8.1 | 0.03% | 1 | 0 | 2026-03-09T13:35:07.393000 | DSA Study Hub is an interactive educational web application. Prior to commit d52 | |
| CVE-2026-30855 | 9.8 | 0.11% | 1 | 0 | 2026-03-09T13:21:39 | ### Summary An authorization bypass in tenant management endpoints of WeKnora ap | |
| CVE-2026-30861 | 10.0 | 0.22% | 1 | 0 | 2026-03-09T13:14:29 | ### Summary A critical unauthenticated remote code execution (RCE) vulnerabilit | |
| CVE-2026-3814 | 8.8 | 0.04% | 2 | 0 | 2026-03-09T12:31:50 | A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected | |
| CVE-2026-3815 | 8.8 | 0.04% | 2 | 0 | 2026-03-09T12:31:49 | A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects | |
| CVE-2025-41764 | 9.1 | 0.10% | 2 | 0 | 2026-03-09T09:30:37 | Due to insufficient authorization enforcement, an unauthorized remote attacker c | |
| CVE-2025-41765 | 9.1 | 0.06% | 1 | 0 | 2026-03-09T09:30:37 | Due to insufficient authorization enforcement, an unauthorized remote attacker c | |
| CVE-2025-41772 | 7.5 | 0.03% | 1 | 0 | 2026-03-09T09:30:37 | An unauthenticated remote attacker can obtain valid session tokens because they | |
| CVE-2025-41766 | 8.8 | 0.39% | 1 | 0 | 2026-03-09T09:30:37 | A low-privileged remote attacker can trigger a stack-based buffer overflow via a | |
| CVE-2025-41757 | 8.8 | 0.22% | 1 | 0 | 2026-03-09T09:30:36 | A low-privileged remote attacker can abuse the backup restore functionality of U | |
| CVE-2026-3810 | 8.8 | 0.08% | 1 | 0 | 2026-03-09T09:30:36 | A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the f | |
| CVE-2026-3809 | 8.8 | 0.08% | 1 | 0 | 2026-03-09T09:30:30 | A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the | |
| CVE-2026-3808 | 8.8 | 0.09% | 1 | 0 | 2026-03-09T09:30:30 | A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element | |
| CVE-2026-30896 | 7.8 | 0.01% | 1 | 0 | 2026-03-09T06:31:19 | The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic L | |
| CVE-2026-3804 | 8.8 | 0.08% | 2 | 0 | 2026-03-09T06:31:19 | A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerabilit | |
| CVE-2026-3631 | 7.5 | 0.04% | 1 | 0 | 2026-03-09T06:31:19 | Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability. | |
| CVE-2026-3799 | 8.8 | 0.08% | 1 | 0 | 2026-03-09T06:31:19 | A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the function formS | |
| CVE-2026-3801 | 8.8 | 0.09% | 1 | 0 | 2026-03-09T06:31:19 | A vulnerability was found in Tenda i3 1.0.0.6(2204). Affected by this vulnerabil | |
| CVE-2026-3787 | 7.0 | 0.01% | 1 | 0 | 2026-03-09T00:30:19 | A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an u | |
| CVE-2026-3769 | 8.8 | 0.08% | 2 | 0 | 2026-03-08T21:30:22 | A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is th | |
| CVE-2026-3732 | 8.8 | 0.08% | 2 | 0 | 2026-03-08T12:30:35 | A security vulnerability has been detected in Tenda F453 1.0.0.3. This affects t | |
| CVE-2026-3727 | 8.8 | 0.03% | 1 | 0 | 2026-03-08T12:30:27 | A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the | |
| CVE-2026-3726 | 8.8 | 0.09% | 2 | 0 | 2026-03-08T09:30:27 | A vulnerability has been found in Tenda F453 1.0.0.3. This affects the function | |
| CVE-2026-3715 | 8.8 | 0.04% | 2 | 0 | 2026-03-08T09:30:21 | A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the funct | |
| CVE-2026-3701 | 8.8 | 0.04% | 1 | 0 | 2026-03-08T06:31:15 | A security vulnerability has been detected in H3C Magic B1 up to 100R004. Affect | |
| CVE-2026-3699 | 8.8 | 0.04% | 1 | 0 | 2026-03-08T03:30:34 | A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This i | |
| CVE-2026-3700 | 8.8 | 0.04% | 1 | 0 | 2026-03-08T03:30:34 | A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is | |
| CVE-2026-3677 | 8.8 | 0.08% | 1 | 0 | 2026-03-08T00:31:58 | A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function from | |
| CVE-2026-3679 | 8.8 | 0.07% | 1 | 0 | 2026-03-08T00:31:58 | A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerab | |
| CVE-2026-25070 | None | 1.03% | 1 | 0 | 2026-03-07T03:30:29 | XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain | |
| CVE-2026-28802 | None | 0.04% | 1 | 0 | 2026-03-06T21:56:56 | ### Summary After upgrading the library from 1.5.2 to 1.6.0 (and the latest 1.6. | |
| CVE-2026-29058 | 9.8 | 0.10% | 1 | 0 | 2026-03-06T21:56:51 | ## Impact An unauthenticated attacker can execute arbitrary OS commands on the | |
| CVE-2026-24105 | 9.8 | 1.69% | 1 | 0 | 2026-03-06T21:05:36.243000 | An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.1 | |
| CVE-2025-70230 | 9.8 | 0.06% | 1 | 0 | 2026-03-06T17:37:58.670000 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2018-25181 | 7.5 | 0.57% | 1 | 0 | 2026-03-06T15:31:36 | Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticate | |
| CVE-2026-26417 | 8.1 | 0.03% | 1 | 1 | 2026-03-06T12:31:37 | A broken access control vulnerability in the password reset functionality of Tat | |
| CVE-2025-70231 | 9.8 | 0.08% | 1 | 0 | 2026-03-06T12:31:36 | D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When proces | |
| CVE-2025-70229 | 9.8 | 0.06% | 1 | 0 | 2026-03-06T12:31:36 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2025-70616 | 7.8 | 0.01% | 1 | 0 | 2026-03-06T12:31:36 | A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys | |
| CVE-2026-26418 | 7.5 | 0.06% | 1 | 1 | 2026-03-06T12:31:36 | Missing authentication and authorization in the web API of Tata Consultancy Serv | |
| CVE-2025-70233 | 9.8 | 0.06% | 1 | 0 | 2026-03-06T12:30:31 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2025-70232 | 9.8 | 0.06% | 1 | 0 | 2026-03-06T12:30:31 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2026-25921 | 9.3 | 0.02% | 2 | 0 | 2026-03-05T22:28:33 | ### Summary Overwritable LFS object across different repos leads to supply-chain | |
| CVE-2026-26478 | 9.8 | 1.22% | 1 | 0 | 2026-03-04T18:32:01 | A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012 | |
| CVE-2026-21385 | 7.8 | 0.38% | 2 | 1 | 2026-03-04T18:13:00.207000 | Memory corruption while using alignments for memory allocation. | |
| CVE-2026-2256 | 6.5 | 2.31% | 1 | 1 | 2026-03-03T21:52:29.877000 | A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 an | |
| CVE-2024-47886 | 7.2 | 0.89% | 1 | 0 | 2026-03-03T19:11:21.227000 | Chamilo is a learning management system. Chamillo is affected by a post-authenti | |
| CVE-2026-24107 | 9.8 | 1.13% | 1 | 0 | 2026-03-03T03:33:44 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the | |
| CVE-2026-24101 | 9.8 | 1.13% | 1 | 0 | 2026-03-02T18:31:44 | An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_mul | |
| CVE-2026-27611 | 6.5 | 0.03% | 4 | 0 | 2026-02-27T21:42:55 | ### Summary When users share password-protected files, the recipient can complet | |
| CVE-2026-27739 | None | 0.05% | 1 | 0 | 2026-02-25T22:42:37 | A [Server-Side Request Forgery (SSRF)](https://developer.mozilla.org/en-US/docs/ | |
| CVE-2026-20127 | 10.0 | 2.60% | 3 | 6 | 2026-02-25T18:31:45 | A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controlle | |
| CVE-2026-20841 | 7.8 | 0.11% | 1 | 12 | 2026-02-25T14:32:14.467000 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-25253 | 8.8 | 0.05% | 1 | 7 | 2026-02-13T17:41:02.987000 | OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value f | |
| CVE-2026-2138 | 8.8 | 0.08% | 1 | 0 | 2026-02-08T06:31:53 | A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the | |
| CVE-2025-14338 | 0 | 0.01% | 1 | 0 | 2026-01-14T16:25:12.057000 | Polkit authentication dis isabled by default and a race condition in the Polkit | |
| CVE-2025-66005 | None | 0.02% | 1 | 0 | 2026-01-14T12:31:39 | Lack of authorization of the InputManager D-Bus interface in InputPlumber versio | |
| CVE-2025-0037 | 6.6 | 0.03% | 1 | 0 | 2025-06-10T00:30:36 | In AMD Versal Adaptive SoC devices, the lack of address validation when executin | |
| CVE-2022-25912 | 8.1 | 43.30% | 11 | 0 | 2025-04-22T21:15:42.690000 | The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RC | |
| CVE-2022-25860 | 8.1 | 41.35% | 11 | 0 | 2025-04-01T16:15:15.807000 | Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code E | |
| CVE-2026-30983 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-30978 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-30985 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-31795 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-31792 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-31796 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-30918 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-27005 | 0 | 0.12% | 1 | 0 | N/A | ||
| CVE-2026-30929 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-28691 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-30862 | 0 | 0.04% | 1 | 1 | N/A | ||
| CVE-2026-31816 | 0 | 0.10% | 2 | 0 | N/A | ||
| CVE-2026-25737 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2025-62166 | 0 | 0.08% | 1 | 0 | N/A | ||
| CVE-2026-28514 | 0 | 0.11% | 1 | 0 | N/A |
updated 2026-03-10T21:32:24
1 posts
π CVE-2026-27269 - High (7.8)
Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to ex...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27269/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:24
1 posts
π CVE-2026-27275 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27275/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:24
2 posts
π CVE-2026-27273 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27273/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-27273 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27273/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:24
1 posts
π CVE-2026-27274 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27274/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:17
1 posts
π CVE-2026-27277 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27277/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:12
1 posts
π΄ CVE-2025-13476 - Critical (9.8)
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0βv25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block p...
π https://www.thehackerwire.com/vulnerability/CVE-2025-13476/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T19:52:11.887000
1 posts
π΄ CVE-2026-24457 - Critical (9.1)
An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQβs host OS. In some scenarios RCE could be achieved.
π https://www.thehackerwire.com/vulnerability/CVE-2026-24457/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T19:38:22.443000
1 posts
π CVE-2025-45691 - High (7.5)
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter wh...
π https://www.thehackerwire.com/vulnerability/CVE-2025-45691/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T19:34:20
1 posts
π CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-10T19:17:20.250000
1 posts
π CVE-2026-27280 - High (7.8)
DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27280/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T19:17:20.080000
2 posts
π CVE-2026-27279 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27279/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-27279 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27279/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T19:17:19.740000
1 posts
π CVE-2026-27276 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27276/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T19:17:17.430000
1 posts
π CVE-2026-26801 - High (7.5)
Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces t...
π https://www.thehackerwire.com/vulnerability/CVE-2026-26801/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T19:17:16.893000
1 posts
π CVE-2026-26738 - High (7.8)
Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26738/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T19:17:08.173000
1 posts
π΄ CVE-2025-11158 - Critical (9.1)
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.
π https://www.thehackerwire.com/vulnerability/CVE-2025-11158/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:55:10.750000
2 posts
π΄ CVE-2026-3703 - Critical (9.8)
A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exp...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3703/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π¨ CRITICAL: CVE-2026-3703 in Wavlink NU516U1 (firmware 251208) allows remote, unauthenticated out-of-bounds write via /cgi-bin/login.cgi. Public exploit available β patch immediately! Monitor for abnormal ipaddr activity. https://radar.offseq.com/threat/cve-2026-3703-out-of-bounds-write-in-wavlink-nu516-a93ca55c #OffSeq #Vuln #RouterSecurity #Wavlink
##updated 2026-03-10T18:48:52.193000
3 posts
π CVE-2026-3630: CRITICAL stack-based buffer overflow in DeltaWW COMMGR2 (CVSS 9.8). Remote, unauthenticated RCE risk β no patch yet. Segment & restrict network access, monitor for exploits. More: https://radar.offseq.com/threat/cve-2026-3630-cwe-121-stack-based-buffer-overflow--c00e7f15 #OffSeq #ICS #Vulnerability #OTsecurity
##π΄ CVE-2026-3630: CRITICAL stack-based buffer overflow in DeltaWW COMMGR2 (ver 0) enables unauthenticated RCE. No patch available. Segment networks, enable IDS/IPS, & monitor for exploitation. Details: https://radar.offseq.com/threat/cve-2026-3630-cwe-121-stack-based-buffer-overflow--c00e7f15 #OffSeq #ICS #Vuln #CyberSecurity
##π΄ CVE-2026-3630 - Critical (9.8)
Delta Electronics COMMGR2 has
Stack-based Buffer Overflow vulnerability.
π https://www.thehackerwire.com/vulnerability/CVE-2026-3630/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:48:50
2 posts
1 repos
π CVE-2026-27826 - High (8.2)
MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound H...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27826/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-27826 - High (8.2)
MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound H...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27826/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:46:53.270000
3 posts
π¨ CRITICAL: CVE-2026-3823 exposes Atop EHG2408 switches to unauthenticated RCE via stack-based buffer overflow. No patch yet β segment, restrict access, and monitor traffic. Full device compromise risk. https://radar.offseq.com/threat/cve-2026-3823-cwe-121-stack-based-buffer-overflow--68d582bc #OffSeq #ICS #Vuln #OTSecurity
##π CVE-2026-3823 - High (8.8)
EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
π https://www.thehackerwire.com/vulnerability/CVE-2026-3823/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CRITICAL: CVE-2026-3823 in Atop EHG2408 switches β stack-based buffer overflow allows unauth'd remote code exec. No patch yet. Segment, monitor & restrict access ASAP! π‘οΈ https://radar.offseq.com/threat/cve-2026-3823-cwe-121-stack-based-buffer-overflow--68d582bc #OffSeq #CVE20263823 #ICS #Vulnerability
##updated 2026-03-10T18:45:50
2 posts
π CVE-2026-30944 - High (8.8)
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user (at least Editor) to generate API tokens for any other user, incl...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30944 - High (8.8)
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user (at least Editor) to generate API tokens for any other user, incl...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:45:14
3 posts
π΄ CVE-2026-30957 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-30957 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-30957 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:45:04
1 posts
π΄ CVE-2026-30956 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a lowβprivileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by sending a forged is-multi-tenant-query header togethe...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:44:25
2 posts
π΄ CVE-2026-30921 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30921/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-30921 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30921/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:43:20
1 posts
π¨ CRITICAL: CVE-2026-30869 affects SiYuan (< 3.5.10) β path traversal via /export lets attackers read sensitive files (API tokens, keys). Patch to 3.5.10+ now! No auth needed. All admins review configs. https://radar.offseq.com/threat/cve-2026-30869-cwe-22-improper-limitation-of-a-pat-98459c9d #OffSeq #CVE202630869 #infosec
##updated 2026-03-10T18:38:58
1 posts
π΄ CVE-2026-28292 - Critical (9.8)
`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code e...
π https://www.thehackerwire.com/vulnerability/CVE-2026-28292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:32:20
1 posts
π CVE-2026-30910 - High (7.5)
Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows.
Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:31
3 posts
π CVE-2026-26130 - High (7.5)
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26130/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-26130 - High (7.5)
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26130/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-26130 - A denial of service attack against SignalR. Update your runtime, restart your SignalR apps.
github.com/dotnet/annou...
(2/5)
Microsoft Security Advisory CV...
updated 2026-03-10T18:31:31
1 posts
π CVE-2026-26134 - High (7.8)
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26134/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:31
2 posts
π CVE-2026-3845 - High (8.8)
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2.
π https://www.thehackerwire.com/vulnerability/CVE-2026-3845/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-3845 - High (8.8)
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2.
π https://www.thehackerwire.com/vulnerability/CVE-2026-3845/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:30
1 posts
π CVE-2026-26141 - High (7.8)
Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26141/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:30
1 posts
π CVE-2026-26132 - High (7.8)
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26132/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:30
1 posts
π CVE-2026-26148 - High (8.1)
External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26148/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:30
2 posts
1 repos
π CVE-2026-3847 - High (8.8)
Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 14...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3847/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-3847 - High (8.8)
Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 14...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3847/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:26
1 posts
π¨ CVE-2026-1261: HIGH-severity stored XSS in all Wpmet MetForm Pro versions (Quiz feature). Unauthenticated attackers can inject persistent scripts, risking user data and site integrity. Disable Quiz & monitor for patches. https://radar.offseq.com/threat/cve-2026-1261-cwe-79-improper-neutralization-of-in-3b7ad624 #OffSeq #WordPress #XSS
##updated 2026-03-10T18:31:24
2 posts
π CVE-2026-3585 - High (7.5)
The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajax_create_import' function. This makes it possible for authenticated attackers, with Author-level access and abov...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3585/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π¨ CVE-2026-3585 (HIGH): Path traversal in stellarwp The Events Calendar plugin lets Author+ users read any files on WordPress servers up to v6.15.17. Restrict access, monitor logs, and patch ASAP. Details: https://radar.offseq.com/threat/cve-2026-3585-cwe-22-improper-limitation-of-a-path-57fec669 #OffSeq #WordPress #Vuln #Cybersecurity
##updated 2026-03-10T18:31:24
2 posts
π© CVE-2026-2364: HIGH severity TOCTOU flaw in CODESYS Installer (all versions) lets local attackers escalate privileges via user-initiated updates. Restrict access & monitor until patch. No active exploits yet. https://radar.offseq.com/threat/cve-2026-2364-cwe-367-time-of-check-time-of-use-to-5eb858d5 #OffSeq #CODESYS #ICS #Vuln
###OT #Advisory VDE-2026-012
CODESYS Installer - Possible Privilege Escalation
Exploitation of this vulnerability can lead to a privilege escalation on the host system.
#CVE CVE-2026-2364
https://certvde.com/en/advisories/vde-2026-012/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-01_vde-2026-012.json
##updated 2026-03-10T18:31:24
1 posts
π CVE-2026-1508 (HIGH): Court Reservation WordPress plugin <1.10.9 has a CSRF flaw β admins can be tricked into deleting events via crafted requests. No live exploits yet. Update ASAP or add nonce checks! https://radar.offseq.com/threat/cve-2026-1508-cwe-352-cross-site-request-forgery-c-cd03c8c6 #OffSeq #WordPress #CSRF #Infosec
##updated 2026-03-10T18:31:24
2 posts
#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230
An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/
#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json
###OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E
An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json
updated 2026-03-10T18:31:24
2 posts
#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230
An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/
#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json
###OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E
An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json
updated 2026-03-10T18:31:24
1 posts
π¨ CRITICAL: CVE-2026-0953 impacts all versions of themeum Tutor LMS Pro for WordPress. Flawed Social Login lets attackers bypass authentication using valid OAuth tokens + victimβs email. Admin accounts at risk. Patch or restrict access! https://radar.offseq.com/threat/cve-2026-0953-cwe-287-improper-authentication-in-t-965fa126 #OffSeq #WordPress #Infosec
##updated 2026-03-10T18:19:05.287000
2 posts
π΄ CVE-2026-3843 - Critical (9.8)
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3843/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-3843 - Critical (9.8)
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3843/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:19:01.720000
1 posts
π CVE-2026-3483 - High (7.8)
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges.
π https://www.thehackerwire.com/vulnerability/CVE-2026-3483/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:58.003000
1 posts
π CVE-2026-30987 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum::GetValues() causing stack memory corruption or crash. This vulnerability is fixed in 2.3...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30987/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:56.700000
1 posts
π CVE-2026-30979 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() triggered with local user interaction causing memory corrupt...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30979/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:53.257000
1 posts
π CVE-2026-30934 - High (8.9)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields (e.g., title, description) that are rendered into HTML for /public/share/ without context-aw...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30934/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:53.070000
4 posts
π CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:50.127000
2 posts
π΄ CVE-2026-30240 - Critical (9.6)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA (Progressive Web App) ZIP processing endpoint (POST /api/pwa/process-zip) allows an authenti...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-30240 - Critical (9.6)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA (Progressive Web App) ZIP processing endpoint (POST /api/pwa/process-zip) allows an authenti...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:48.393000
1 posts
π CVE-2026-2339 - High (7.5)
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This issue affects Liderahenk: before v3.4.0.
π https://www.thehackerwire.com/vulnerability/CVE-2026-2339/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:43.110000
3 posts
And don't miss our bug of the month! Each patch Tuesday we'll be selecting our very favorite patch to highlight. This month, it CVE-2026-26144 - a Critical-rated info disclosure in Excel that uses the Copilot Agent to exfiltrate data. Neat! https://youtube.com/shorts/r4EjP3JxYRk?feature=share
##And don't miss our bug of the month! Each patch Tuesday we'll be selecting our very favorite patch to highlight. This month, it CVE-2026-26144 - a Critical-rated info disclosure in Excel that uses the Copilot Agent to exfiltrate data. Neat! https://youtube.com/shorts/r4EjP3JxYRk?feature=share
##π CVE-2026-26144 - High (7.5)
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26144/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:42.393000
1 posts
π CVE-2026-26131 - High (7.8)
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26131/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:41.903000
1 posts
π CVE-2026-26128 - High (7.8)
Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26128/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:41.713000
1 posts
π CVE-2026-26127 - High (7.5)
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26127/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:41.347000
1 posts
π CVE-2026-26121 - High (7.5)
Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:41.180000
1 posts
π CVE-2026-26118 - High (8.8)
Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26118/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:41.017000
1 posts
π CVE-2026-26117 - High (7.8)
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26117/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:40.177000
1 posts
π CVE-2026-26113 - High (8.4)
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26113/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:17:56.187000
2 posts
#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230
An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/
#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json
###OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E
An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json
updated 2026-03-10T18:17:55.980000
2 posts
#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230
An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/
#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json
###OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E
An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json
updated 2026-03-10T18:11:27.450000
4 posts
3 repos
https://github.com/weefunker/CVE-2026-27944-Lab
Critical Nginx UI flaw CVE-2026-27944 exposes server backups https://securityaffairs.com/189123/security/critical-nginx-ui-flaw-cve-2026-27944-exposes-server-backups.html
##Critical Nginx UI Vulnerability Exposes Server Backups and Sensitive Data
https://thecyberexpress.com/cve-2026-27944-nginx-ui-backup-vulnerability/?utm_source=flipboard&utm_medium=activitypub
Posted into Cybersecurity Today @cybersecurity-today-rhudaur
##Critical Nginx UI Vulnerability Exposes Server Backups and Sensitive Data
A newly disclosed vulnerability in Nginx UI, tracked as CVE-2026-27944, has raised major security concerns after researchers confirmed that...
ποΈ [Thecyberexpress] https://link.is.it/HfceZC
##Critical Nginx UI Flaw Allows Unauthenticated Backup Theft and Decryption
Nginx UI version 2.3.3 patches a critical vulnerability (CVE-2026-27944) that allows unauthenticated attackers to download and decrypt full server backups. The flaw exposes sensitive data including SSL private keys, admin credentials, and server configurations via an unprotected API endpoint.
**If you are using Nginx UI, first make sure they are isolated from the internet. Then patch to version 2.3.3 immediately because the exploit is trivial - especially if your Nginix UI is exposed to the internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-nginx-ui-flaw-allows-unauthenticated-backup-theft-and-decryption-l-t-k-6-p/gD2P6Ple2L
updated 2026-03-10T17:40:16
2 posts
π CVE-2026-30920 - High (8.6)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installation_id values and updates Project.gitHubAppInstallationId with isRoot: true withou...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30920/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30920 - High (8.6)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installation_id values and updates Project.gitHubAppInstallationId with isRoot: true withou...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30920/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T17:38:10.980000
1 posts
π¨ CRITICAL: CVE-2026-27685 in SAP NetWeaver EP-RUNTIME 7.50 (Admin) enables privileged users to upload malicious serialized data β risking full system compromise. Restrict uploads, monitor privileged actions, patch ASAP! https://radar.offseq.com/threat/cve-2026-27685-cwe-502-deserialization-of-untruste-36704129 #OffSeq #SAP #CVE #InfoSec
##updated 2026-03-10T15:31:30
3 posts
π¨ [CISA-2026:0309] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0309)
CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2021-22054 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22054)
- Name: Omnissa Workspace ONE Server-Side Request Forgery
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Omnissa
- Product: Workspace One UEM
- Notes: https://web.archive.org/web/20211222154335/https://www.vmware.com/security/advisories/VMSA-2021-0029.html ; https://nvd.nist.gov/vuln/detail/CVE-2021-22054
β οΈ CVE-2025-26399 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-26399)
- Name: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 ; https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-26399
β οΈ CVE-2026-1603 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- Name: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ivanti
- Product: Endpoint Manager (EPM)
- Notes: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260309 #cisa20260309 #cve_2021_22054 #cve_2025_26399 #cve_2026_1603 #cve202122054 #cve202526399 #cve20261603
##CVE ID: CVE-2026-1603
Vendor: Ivanti
Product: Endpoint Manager (EPM)
Date Added: 2026-03-09
Notes: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-1603
CISA has updated the KEV catalogue https://www.cisa.gov/news-events/alerts/2026/03/09/cisa-adds-three-known-exploited-vulnerabilities-catalog
- CVE-2021-22054: Omnissa Workspace ONE Server-Side Request Forgery
- CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- CVE-2026-1603 Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability #CISA #infosec #vulnerability
##updated 2026-03-10T15:21:52.560000
1 posts
π CVE-2026-3698 - High (8.8)
A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affects the function strcpy of the file /goform/NTP. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and m...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3698/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T14:02:36.263000
1 posts
π CVE-2026-27603 - High (7.5)
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the chart filter endpoint POST /project/:project_id/chart/:chart_id/filter is missing both verif...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27603/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T09:32:52
2 posts
1 repos
[Security Advisory] CVE-2026-3288: ingress-nginx rewrite-target nginx configuration injection #devopsish https://groups.google.com/a/kubernetes.io/g/dev/c/NoW4Ollgoxc/m/m1to2nAqAAAJ?utm_medium=email&utm_source=footer
##π CVE-2026-3288 - High (8.8)
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-ngin...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3288/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T07:43:44.577000
1 posts
π CVE-2026-28693 - High (8.1)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1...
π https://www.thehackerwire.com/vulnerability/CVE-2026-28693/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T07:43:35.600000
1 posts
π¨ CVE-2026-28431 (CRITICAL, CVSS 9.2) in Misskey (8.45.0 β <2026.3.1): Improper authorization allows unauthenticated data access. Patch to 2026.3.1 now! Review access controls and monitor logs. https://radar.offseq.com/threat/cve-2026-28431-cwe-285-improper-authorization-in-m-e4688f7e #OffSeq #Misskey #Vuln #InfoSec
##updated 2026-03-10T01:21:25
1 posts
1 repos
π CVE-2025-69219 - High (8.8)
A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airfl...
π https://www.thehackerwire.com/vulnerability/CVE-2025-69219/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:32:45
1 posts
π CVE-2025-70238 - High (7.5)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52.
π https://www.thehackerwire.com/vulnerability/CVE-2025-70238/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:31:49
1 posts
CVE-2026-3638 (HIGH): Devolutions Server β€ 2025.3.11.0 has missing authorization in restore APIs β low-priv users can reinstate deleted accounts, risking privilege escalation. Restrict API access & monitor logs! https://radar.offseq.com/threat/cve-2026-3638-cwe-862-missing-authorization-in-dev-87162fbb #OffSeq #Devolutions #AppSec
##updated 2026-03-09T21:31:37
1 posts
π CVE-2025-61612 - High (7.5)
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π https://www.thehackerwire.com/vulnerability/CVE-2025-61612/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:31:37
1 posts
π CVE-2025-69278 - High (7.5)
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π https://www.thehackerwire.com/vulnerability/CVE-2025-69278/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:31:37
1 posts
π CVE-2025-61616 - High (7.5)
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π https://www.thehackerwire.com/vulnerability/CVE-2025-61616/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:31:37
1 posts
π CVE-2025-61614 - High (7.5)
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π https://www.thehackerwire.com/vulnerability/CVE-2025-61614/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:31:37
1 posts
π CVE-2025-61613 - High (7.5)
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π https://www.thehackerwire.com/vulnerability/CVE-2025-61613/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:31:33
4 posts
1 repos
CISA shortens patch deadline for critical Ivanti, SolarWinds bugs
The Cybersecurity and Infrastructure Security Agency (CISA) gave all federal civilian agencies until Thursday to patch CVE-2025-26399 β a critical...
ποΈ [Therecord] https://link.is.it/pp8jNp
##π¨ [CISA-2026:0309] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0309)
CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2021-22054 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22054)
- Name: Omnissa Workspace ONE Server-Side Request Forgery
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Omnissa
- Product: Workspace One UEM
- Notes: https://web.archive.org/web/20211222154335/https://www.vmware.com/security/advisories/VMSA-2021-0029.html ; https://nvd.nist.gov/vuln/detail/CVE-2021-22054
β οΈ CVE-2025-26399 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-26399)
- Name: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 ; https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-26399
β οΈ CVE-2026-1603 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- Name: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ivanti
- Product: Endpoint Manager (EPM)
- Notes: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260309 #cisa20260309 #cve_2021_22054 #cve_2025_26399 #cve_2026_1603 #cve202122054 #cve202526399 #cve20261603
##CVE ID: CVE-2025-26399
Vendor: SolarWinds
Product: Web Help Desk
Date Added: 2026-03-09
Notes: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 ; https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-26399
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-26399
CISA has updated the KEV catalogue https://www.cisa.gov/news-events/alerts/2026/03/09/cisa-adds-three-known-exploited-vulnerabilities-catalog
- CVE-2021-22054: Omnissa Workspace ONE Server-Side Request Forgery
- CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- CVE-2026-1603 Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability #CISA #infosec #vulnerability
##updated 2026-03-09T21:31:33
3 posts
1 repos
π¨ [CISA-2026:0309] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0309)
CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2021-22054 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22054)
- Name: Omnissa Workspace ONE Server-Side Request Forgery
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Omnissa
- Product: Workspace One UEM
- Notes: https://web.archive.org/web/20211222154335/https://www.vmware.com/security/advisories/VMSA-2021-0029.html ; https://nvd.nist.gov/vuln/detail/CVE-2021-22054
β οΈ CVE-2025-26399 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-26399)
- Name: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 ; https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-26399
β οΈ CVE-2026-1603 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- Name: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ivanti
- Product: Endpoint Manager (EPM)
- Notes: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260309 #cisa20260309 #cve_2021_22054 #cve_2025_26399 #cve_2026_1603 #cve202122054 #cve202526399 #cve20261603
##CVE ID: CVE-2021-22054
Vendor: Omnissa
Product: Workspace One UEM
Date Added: 2026-03-09
Notes: https://web.archive.org/web/20211222154335/https://www.vmware.com/security/advisories/VMSA-2021-0029.html ; https://nvd.nist.gov/vuln/detail/CVE-2021-22054
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2021-22054
CISA has updated the KEV catalogue https://www.cisa.gov/news-events/alerts/2026/03/09/cisa-adds-three-known-exploited-vulnerabilities-catalog
- CVE-2021-22054: Omnissa Workspace ONE Server-Side Request Forgery
- CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- CVE-2026-1603 Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability #CISA #infosec #vulnerability
##updated 2026-03-09T21:16:12.193000
1 posts
π CVE-2025-61615 - High (7.5)
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π https://www.thehackerwire.com/vulnerability/CVE-2025-61615/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:16:11.650000
1 posts
π CVE-2025-61611 - High (7.5)
In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed..
π https://www.thehackerwire.com/vulnerability/CVE-2025-61611/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T20:16:05.703000
2 posts
π¨ CVE-2026-0846: HIGH severity absolute path traversal in nltk v3.9.2 (filestring()). Remote attackers can read files if user input isnβt sanitized. Patch when available & validate inputs! https://radar.offseq.com/threat/cve-2026-0846-cwe-36-absolute-path-traversal-in-nl-799595df #OffSeq #nltk #vuln #infosec
##π CVE-2026-0846 - High (8.6)
A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, en...
π https://www.thehackerwire.com/vulnerability/CVE-2026-0846/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T20:16:02.263000
1 posts
π CVE-2025-69279 - High (7.5)
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π https://www.thehackerwire.com/vulnerability/CVE-2025-69279/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T20:06:23.960000
1 posts
π CVE-2026-29784 - High (7.5)
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might hav...
π https://www.thehackerwire.com/vulnerability/CVE-2026-29784/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T19:16:00.890000
1 posts
π CVE-2025-70363 - High (7.5)
Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs.
π https://www.thehackerwire.com/vulnerability/CVE-2025-70363/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T18:32:49
1 posts
π CVE-2026-3038 - High (7.5)
The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length field had already been val...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3038/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T18:31:50
1 posts
π CVE-2026-3588 - High (7.5)
A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.
π https://www.thehackerwire.com/vulnerability/CVE-2026-3588/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T18:31:49
1 posts
π CVE-2025-70047 - High (7.5)
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2.
π https://www.thehackerwire.com/vulnerability/CVE-2025-70047/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T18:31:49
1 posts
π CVE-2026-25866 - High (7.8)
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25866/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T17:42:26
1 posts
1 repos
π΄ CVE-2026-30863 - Critical (9.8)
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30863/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T17:35:41.243000
1 posts
π΄ CVE-2026-30860 - Critical (9.9)
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution (RCE) vulnerability exists in the application's database query functionality. The validation syst...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30860/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T16:20:08.637000
1 posts
π CVE-2026-3807 - High (8.8)
A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow....
π https://www.thehackerwire.com/vulnerability/CVE-2026-3807/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T16:16:21.987000
1 posts
π CVE-2026-3678 - High (8.8)
A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function sub_3C434 of the file /goform/AdvSetWan. This manipulation of the argument wanmode/PPPOEPassword causes stack-based buffer overflow. It is possible to initiate the att...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3678/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T15:50:55
1 posts
π CVE-2026-30851 - High (8.1)
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forward_auth copy_headers does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has b...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30851/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T15:50:39
2 posts
π΄ CVE-2026-30832 - Critical (9.1)
Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30832/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CRITICAL CVE-2026-30832: charmbracelet soft-serve (0.6.0 β 0.11.4) allows authenticated SSH users to exploit SSRF via repo import, exposing internal resources. Update to 0.11.4+ now. More: https://radar.offseq.com/threat/cve-2026-30832-cwe-918-server-side-request-forgery-01aea4d4 #OffSeq #SSRF #Vulnerability
##updated 2026-03-09T15:50:20
1 posts
π CVE-2026-30834 - High (7.5)
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Prior to version 0.7.7, a Server-Side Request Forgery (SSRF) vulnerability in the /download endpoint allows any user with API access to induce the Pinc...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30834/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T15:48:28
1 posts
Critical 1-Click Account Takeover Vulnerability Patched in ZITADEL IAM Platform
ZITADEL patched a critical XSS vulnerability (CVE-2026-29191) that allows unauthenticated attackers to take over user accounts via a single-click malicious link. The flaw can lead to unauthorized password resets.
**If you are using ZITADEL, this is important. Plan a very quick update to version 4.12.0 because your users will be hacked, the full exploit instruction is already public. If you cannot patch today, block the /saml-post endpoint at your firewall and ensure MFA is active for all users.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-1-click-account-takeover-vulnerability-patched-in-zitadel-iam-platform-1-1-6-i-0/gD2P6Ple2L
updated 2026-03-09T15:30:48
1 posts
Mozilla Firefox Focus for iOS.. interesting version jump from 143.0 to 148.2 today
current release fixes CVE-2026-2919
Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability affects Focus for iOS < 148.2.
https://www.mozilla.org/en-US/security/advisories/mfsa2026-18/
https://hecate.pw/vulnerability/CVE-2026-2919
updated 2026-03-09T15:30:47
1 posts
π CVE-2025-14769 - High (7.5)
In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference.
...
π https://www.thehackerwire.com/vulnerability/CVE-2025-14769/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T15:26:21.790000
2 posts
π CVE-2026-3811 - High (8.8)
A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remote...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3811/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##β οΈ HIGH severity: Tenda FH1202 (1.2.0.14) vulnerable to stack-based buffer overflow (CVE-2026-3811). Remote exploit is public. No fix yet β monitor, isolate, and watch for updates. https://radar.offseq.com/threat/cve-2026-3811-stack-based-buffer-overflow-in-tenda-076e8a7e #OffSeq #Vulnerability #IoTSecurity #CVE20263811
##updated 2026-03-09T15:24:28.950000
1 posts
π CVE-2026-3728 - High (8.8)
A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-based buffer overflow. Remote exploitation of the a...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3728/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T15:24:21.043000
1 posts
π CVE-2026-3729 - High (8.8)
A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow. The attack can be execute...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3729/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T15:17:08.960000
2 posts
π© CVE-2026-3768 (HIGH, CVSS 8.7): Stack buffer overflow in Tenda F453 v1.0.0.3 β remote, unauthenticated exploit possible. Public exploit code released. Patch ASAP or restrict remote access! https://radar.offseq.com/threat/cve-2026-3768-stack-based-buffer-overflow-in-tenda-9b634f69 #OffSeq #CVE20263768 #RouterSecurity #Infosec
##π CVE-2026-3768 - High (8.8)
A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO leads to stack-based buffer overflow. Remote expl...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3768/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T15:15:57.870000
1 posts
π CVE-2026-2219 - High (7.5)
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite lo...
π https://www.thehackerwire.com/vulnerability/CVE-2026-2219/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T15:09:44.737000
1 posts
π CVE-2026-3802 - High (8.8)
A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can lead to stack-based buffer overflow. The attack m...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3802/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T15:09:33.580000
1 posts
π CVE-2026-3803 - High (8.8)
A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3803/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T13:35:34.633000
1 posts
π CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-09T13:35:07.393000
1 posts
π CVE-2025-41758 - High (8.8)
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise.
π https://www.thehackerwire.com/vulnerability/CVE-2025-41758/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T13:35:07.393000
2 posts
π CVE-2025-41761 - High (7.8)
A lowβprivileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and i...
π https://www.thehackerwire.com/vulnerability/CVE-2025-41761/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2025-41761 - High (7.8)
A lowβprivileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and i...
π https://www.thehackerwire.com/vulnerability/CVE-2025-41761/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T13:35:07.393000
1 posts
π CVE-2025-41756 - High (8.1)
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.
π https://www.thehackerwire.com/vulnerability/CVE-2025-41756/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T13:35:07.393000
1 posts
π CVE-2026-29779 - High (7.5)
UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377a596, configuration file uptime.config.ts exports both pageConfig (safe for client use) and workerConfig (server-only, contains...
π https://www.thehackerwire.com/vulnerability/CVE-2026-29779/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T13:35:07.393000
1 posts
π CVE-2026-28678 - High (8.1)
DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens (JWTs) were sto...
π https://www.thehackerwire.com/vulnerability/CVE-2026-28678/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T13:21:39
1 posts
π CVE-2026-30855 - High (8.8)
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modif...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30855/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T13:14:29
1 posts
π΄ CVE-2026-30861 - Critical (9.9)
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration va...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30861/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T12:31:50
2 posts
π CVE-2026-3814 - High (8.8)
A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the a...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3814/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π¨ HIGH severity (CVSS 8.7) buffer overflow in UTT HiPER 810G (β€1.7.7-1711), via strcpy in /goform/getOneApConfTempEntry. Public exploit released β urgent monitoring advised. CVE-2026-3814 https://radar.offseq.com/threat/cve-2026-3814-buffer-overflow-in-utt-hiper-810g-7866271a #OffSeq #Vulnerability #UTT #InfoSec
##updated 2026-03-09T12:31:49
2 posts
π CVE-2026-3815 - High (8.8)
A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3815/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-3815 - High (8.8)
A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3815/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:37
2 posts
π΄ CVE-2025-41764 - Critical (9.1)
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.
π https://www.thehackerwire.com/vulnerability/CVE-2025-41764/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2025-41764 - Critical (9.1)
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.
π https://www.thehackerwire.com/vulnerability/CVE-2025-41764/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:37
1 posts
π΄ CVE-2025-41765 - Critical (9.1)
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for ...
π https://www.thehackerwire.com/vulnerability/CVE-2025-41765/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:37
1 posts
π CVE-2025-41772 - High (7.5)
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.
π https://www.thehackerwire.com/vulnerability/CVE-2025-41772/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:37
1 posts
π CVE-2025-41766 - High (8.8)
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise.
π https://www.thehackerwire.com/vulnerability/CVE-2025-41766/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:36
1 posts
π CVE-2025-41757 - High (8.8)
A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the sy...
π https://www.thehackerwire.com/vulnerability/CVE-2025-41757/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:36
1 posts
π CVE-2026-3810 - High (8.8)
A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the a...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3810/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:30
1 posts
π CVE-2026-3809 - High (8.8)
A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack m...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3809/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:30
1 posts
π CVE-2026-3808 - High (8.8)
A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3808/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T06:31:19
1 posts
π CVE-2026-30896 - High (7.8)
The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30896/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T06:31:19
2 posts
π CVE-2026-3804 - High (8.8)
A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3804/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##β οΈ HIGH severity: CVE-2026-3804 in Tenda i3 v1.0.0.6(2204) enables remote stack-based buffer overflow via /goform/WifiMacFilterSet. Exploit is public β prioritize mitigation or isolation. https://radar.offseq.com/threat/cve-2026-3804-stack-based-buffer-overflow-in-tenda-c824133f #OffSeq #Vulnerability #Tenda #InfoSec
##updated 2026-03-09T06:31:19
1 posts
π CVE-2026-3631 - High (7.5)
Delta Electronics COMMGR2 has
Buffer Over-read DoS vulnerability.
π https://www.thehackerwire.com/vulnerability/CVE-2026-3631/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T06:31:19
1 posts
π CVE-2026-3799 - High (8.8)
A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the function formSetCfm of the file /goform/setcfm. This manipulation of the argument funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The ex...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3799/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T06:31:19
1 posts
π CVE-2026-3801 - High (8.8)
A vulnerability was found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formSetAutoPing of the file /goform/setAutoPing. Performing a manipulation of the argument ping1/ping2 results in stack-based buffer overflow. The ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3801/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T00:30:19
1 posts
UltraVNC 1.6.4.0 on Windows hit by HIGH-severity vuln (CVE-2026-3787): uncontrolled DLL search path in cryptbase.dll. Local attackers could escalate privileges. No patch yet β restrict access & monitor for DLL hijacking. https://radar.offseq.com/threat/cve-2026-3787-uncontrolled-search-path-in-ultravnc-8f16fda8 #OffSeq #Vuln #UltraVNC
##updated 2026-03-08T21:30:22
2 posts
π© CVE-2026-3769: HIGH severity vuln in Tenda F453 (v1.0.0.3) β stack-based buffer overflow in /goform/WrlclientSet. Public exploit released! Limit remote access, monitor traffic, apply mitigations. Details: https://radar.offseq.com/threat/cve-2026-3769-stack-based-buffer-overflow-in-tenda-7dc11ff5 #OffSeq #NetworkSecurity #Vuln
##π CVE-2026-3769 - High (8.8)
A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function WrlclientSet of the file /goform/WrlclientSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack can be executed remote...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3769/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-08T12:30:35
2 posts
π CVE-2026-3732: HIGH severity stack buffer overflow in Tenda F453 (v1.0.0.3). Remote, unauthenticated code execution risk β no patch yet. Block remote mgmt & monitor endpoints. Details: https://radar.offseq.com/threat/cve-2026-3732-stack-based-buffer-overflow-in-tenda-41443da2 #OffSeq #Vuln #RouterSecurity #CVE20263732
##π CVE-2026-3732 - High (8.8)
A security vulnerability has been detected in Tenda F453 1.0.0.3. This affects the function strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to initiate the attac...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3732/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-08T12:30:27
1 posts
π CVE-2026-3727 - High (8.8)
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function sub_3C6C0 of the file /goform/QuickIndex. The manipulation of the argument mit_linktype/PPPOEPassword results in stack-based buffer overflow. The attack may b...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3727/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-08T09:30:27
2 posts
π¨ CVE-2026-3726 (HIGH, CVSS 8.7) in Tenda F453 (v1.0.0.3): Stack buffer overflow in /goform/webExcptypemanFilter enables remote, unauthenticated code execution. Public exploit code raises risk β restrict access & monitor now! https://radar.offseq.com/threat/cve-2026-3726-stack-based-buffer-overflow-in-tenda-6f0be4bc #OffSeq #Vuln #Infosec
##π CVE-2026-3726 - High (8.8)
A vulnerability has been found in Tenda F453 1.0.0.3. This affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initia...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3726/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-08T09:30:21
2 posts
π‘οΈ CVE-2026-3715: HIGH-severity stack overflow in Wavlink WL-WN579X3-C routers (v231124). Remote attackers can execute code w/o auth. Exploit code is public β patch to 20260226 now! https://radar.offseq.com/threat/cve-2026-3715-stack-based-buffer-overflow-in-wavli-504a0f36 #OffSeq #Vulnerability #RouterSecurity #Infosec
##π CVE-2026-3715 - High (8.8)
A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument del_flag results in stack-based buffer overflow. It is possible to initiate...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3715/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-08T06:31:15
1 posts
π CVE-2026-3701 - High (8.8)
A security vulnerability has been detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function Edit_BasicSSID_5G of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack ca...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3701/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-08T03:30:34
1 posts
π CVE-2026-3699 - High (8.8)
A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /goform/formRemoteControl. The manipulation results in buffer overflow. The attack may be launched remotely. The exploit has bee...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3699/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-08T03:30:34
1 posts
π CVE-2026-3700 - High (8.8)
A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigDnsFilterGlobal. This manipulation causes buffer overflow. Remote exploitation of the attack is possible. The exploi...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3700/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-08T00:31:58
1 posts
π CVE-2026-3677 - High (8.8)
A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function fromSetCfm of the file /goform/setcfm. The manipulation of the argument funcname/funcpara1 results in stack-based buffer overflow. The attack may be performed from remote....
π https://www.thehackerwire.com/vulnerability/CVE-2026-3677/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-08T00:31:58
1 posts
π CVE-2026-3679 - High (8.8)
A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mit_linktype/PPPOEPassword leads to stack-based buffer overflow....
π https://www.thehackerwire.com/vulnerability/CVE-2026-3679/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-07T03:30:29
1 posts
π CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-06T21:56:56
1 posts
π΄ CVE-2026-28802 - Critical (9.8)
Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verificat...
π https://www.thehackerwire.com/vulnerability/CVE-2026-28802/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-06T21:56:51
1 posts
Critical Zero-Click Command Injection in AVideo Platform Allows Stream Hijacking
AVideo version 6.0 contains a critical zero-click command injection vulnerability (CVE-2026-29058) that allows unauthenticated attackers to execute arbitrary OS commands and hijack video streams.
**If you are using AVideo platform this is urgent and important. Patch ASAP to version 7.0, because your server will be attacked. Until you update today, use a web application firewall or reverse proxy to block access to the getImage.php component.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-zero-click-command-injection-in-avideo-platform-allows-stream-hijacking-w-3-3-3-s/gD2P6Ple2L
updated 2026-03-06T21:05:36.243000
1 posts
π CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-06T17:37:58.670000
1 posts
π΄ CVE-2025-70230 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS.
π https://www.thehackerwire.com/vulnerability/CVE-2025-70230/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-06T15:31:36
1 posts
π CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-06T12:31:37
1 posts
1 repos
π CVE-2026-26417 - High (8.1)
A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26417/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-06T12:31:36
1 posts
π΄ CVE-2025-70231 - Critical (9.8)
D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting...
π https://www.thehackerwire.com/vulnerability/CVE-2025-70231/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-06T12:31:36
1 posts
π΄ CVE-2025-70229 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule.
π https://www.thehackerwire.com/vulnerability/CVE-2025-70229/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-06T12:31:36
1 posts
π CVE-2025-70616 - High (7.8)
A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options paramet...
π https://www.thehackerwire.com/vulnerability/CVE-2025-70616/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-06T12:31:36
1 posts
1 repos
π CVE-2026-26418 - High (7.5)
Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network.
π https://www.thehackerwire.com/vulnerability/CVE-2026-26418/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-06T12:30:31
1 posts
π΄ CVE-2025-70233 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard.
π https://www.thehackerwire.com/vulnerability/CVE-2025-70233/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-06T12:30:31
1 posts
π΄ CVE-2025-70232 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter.
π https://www.thehackerwire.com/vulnerability/CVE-2025-70232/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-05T22:28:33
2 posts
Critical Gogs Vulnerability Enables Silent Supply-Chain Attacks via LFS Overwrites
Gogs patched a critical vulnerability (CVE-2026-25921) that allows unauthenticated attackers to overwrite Git Large File Storage (LFS) objects across repositories, enabling silent supply-chain attacks.
**If you are using Gogs, this is important, and if you have public access or registration to Gogs, it's urgent. Attackers can exploit this flaw to inject their malicious versions of binaries. You should not only update to version 0.14.2 ASAP and verify the integrity of your existing large files to ensure they haven't been replaced with malicious versions.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-gogs-vulnerability-enables-silent-supply-chain-attacks-via-lfs-overwrites-g-z-x-s-r/gD2P6Ple2L
π΄ CVE-2026-25921 - Critical (9.3)
Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue h...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25921/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:01
1 posts
π CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-04T18:13:00.207000
2 posts
1 repos
https://github.com/automate-it0/qualcomm-vulnerability-scanner
βͺοΈ Android patches 0βday vulnerability linked to Qualcomm components
π¨οΈ Google experts have released the March security updates for Android, fixing a total of 129 vulnerabilities. Among them is a 0βday issue in a Qualcomm component that is already being used in real-world attacks. The vulnerability has been assigned theβ¦
##Latest Geopolitical, Technology, and Cybersecurity Update (March 6-7, 2026):
Russia is reportedly sharing intelligence with Iran to target US forces in the Middle East, escalating tensions. Cybersecurity faces critical threats as a Cisco SD-WAN flaw (CVE-2026-20127) has been exploited since 2023, and a Qualcomm zero-day (CVE-2026-21385) affects 234 chipsets. Meanwhile, rapid AI advancements are intensifying regulatory debates globally.
##updated 2026-03-03T21:52:29.877000
1 posts
1 repos
π CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-03T19:11:21.227000
1 posts
π CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-03T03:33:44
1 posts
π CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-02T18:31:44
1 posts
π CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-02-27T21:42:55
4 posts
π CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-25T22:42:37
1 posts
Critical SSRF Vulnerability Patched in Angular Server-Side Rendering
Angular patched a critical SSRF vulnerability (CVE-2026-27739) in its SSR framework that allows attackers to redirect server-side requests to malicious or internal destinations by manipulating HTTP headers.
**If you are using Angular, this is important and urgent. Check your package.json for the possibly risky versions of the libraries, and either patch or sanitize the headers. Always validate incoming headers against a strict allowlist and avoid using client-provided data to build internal request URLs.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-ssrf-vulnerability-patched-in-angular-server-side-rendering-n-2-c-r-e/gD2P6Ple2L
updated 2026-02-25T18:31:45
3 posts
6 repos
https://github.com/zerozenxlabs/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE
https://github.com/bluefalconink/cisa-ed-26-03-tracker
https://github.com/abrahamsurf/sdwan-scanner-CVE-2026-20127
https://github.com/BugFor-Pings/CVE-2026-20127_EXP
https://github.com/leemuun/CVE-2026-20127
https://github.com/yonathanpy/CVE-2026-20127-Cisco-SD-WAN-Preauth-RCE
WatchTowr reports seeing exploitation attempts for CVE-2026-20127 from numerous unique IP addresses. https://www.securityweek.com/recent-cisco-catalyst-sd-wan-vulnerability-now-widely-exploited/
##Latest Geopolitical, Technology, and Cybersecurity Update (March 6-7, 2026):
Russia is reportedly sharing intelligence with Iran to target US forces in the Middle East, escalating tensions. Cybersecurity faces critical threats as a Cisco SD-WAN flaw (CVE-2026-20127) has been exploited since 2023, and a Qualcomm zero-day (CVE-2026-21385) affects 234 chipsets. Meanwhile, rapid AI advancements are intensifying regulatory debates globally.
##Critical Cisco Catalyst SD-WAN vulnerability (CVE-2026-20127, CVSS 10.0) is now under widespread exploitation.
Attackers are deploying webshells after the flaw moved from targeted zero-day use to global opportunistic campaigns.
https://www.technadu.com/cisco-catalyst-sd-wan-flaw-is-now-fcing-widespread-exploitation/622887/
Have your systems been patched?
##updated 2026-02-25T14:32:14.467000
1 posts
12 repos
https://github.com/patchpoint/CVE-2026-20841
https://github.com/RajaUzairAbdullah/CVE-2026-20841
https://github.com/uky007/CVE-2026-20841_notepad_analysis
https://github.com/BTtea/CVE-2026-20841-PoC
https://github.com/hackfaiz/CVE-2026-20841-PoC
https://github.com/tangent65536/CVE-2026-20841
https://github.com/hamzamalik3461/CVE-2026-20841
https://github.com/SecureWithUmer/CVE-2026-20841
https://github.com/EleniChristopoulou/PoC-CVE-2026-20841
https://github.com/404godd/CVE-2026-20841-PoC
Microsoft turned Notepad into a "smart" AI assistant and accidentally handed hackers a "one-click" execution engine. Here is the technical breakdown of CVE-2026-20841 and why feature creep is killing your security. ππ»
##updated 2026-02-13T17:41:02.987000
1 posts
7 repos
https://github.com/Ckokoski/moatbot-security
https://github.com/adibirzu/openclaw-security-monitor
https://github.com/FrigateCaptain/openclaw_vulnerabilities_and_solutions
https://github.com/Joseph19820124/openclaw-vuln-report
https://github.com/al4n4n/CVE-2026-25253-research
π¨ SECURITY ALERT: 42,089 OpenClaw AI instances exposed with critical RCE vulnerability (CVE-2026-25253, CVSS 8.8).
93% lack authentication. 1.5M API tokens compromised. One-click shell access via malicious websites.
Full analysis + protection strategies:
https://dev.to/tiamatenity/your-ai-assistant-is-leaking-everything-42k-exposed-instances-critical-cves-and-how-to-protect-yourself
updated 2026-02-08T06:31:53
1 posts
βͺοΈ Android patches 0βday vulnerability linked to Qualcomm components
π¨οΈ Google experts have released the March security updates for Android, fixing a total of 129 vulnerabilities. Among them is a 0βday issue in a Qualcomm component that is already being used in real-world attacks. The vulnerability has been assigned theβ¦
##updated 2026-01-14T16:25:12.057000
1 posts
Steam Deck just posted:
SteamOS 3.7.20
SteamOS 3.7.20 has just been released for all users with the following changes previously in Beta:GeneralAdded ntsync driverNon-DeckEnabled polkit for the InputPlumber dbus interface and resolved a potential race condition for the InputPlumber interface, addressing CVE-2025-66005 and CVE-2025-14338
https://store.steampowered.com/news/app/1675200/view/502851820603836934
##updated 2026-01-14T12:31:39
1 posts
Steam Deck just posted:
SteamOS 3.7.20
SteamOS 3.7.20 has just been released for all users with the following changes previously in Beta:GeneralAdded ntsync driverNon-DeckEnabled polkit for the InputPlumber dbus interface and resolved a potential race condition for the InputPlumber interface, addressing CVE-2025-66005 and CVE-2025-14338
https://store.steampowered.com/news/app/1675200/view/502851820603836934
##updated 2025-06-10T00:30:36
1 posts
Medium-severity advisory from AMD:
CVE-2025-0037:β―Versal Adaptive SoC β Overwriting Protected Memory Regions through PLM Firmware https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8010.html
A long list of advisories from Adobe: https://helpx.adobe.com/security/security-bulletin.html
Dell patches for multiple vulnerabilities:
Security Update for Dell Connectrix B-Series SANnav Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000437875/dsa-2026-088-security-update-for-dell-connectrix-b-series-sannav-vulnerabilities
Security Update forβ―Dell Connectrix B-Series FOSβ―and SANnav Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000437867/dsa-2026-087-security-update-for-dell-connectrix-b-series-fos-and-sannav-vulnerabilities
Security Update for Dell Avamar Data Store Gen5A Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000437829/dsa-2026-086-security-update-for-dell-avamar-data-store-gen5a-multiple-third-party-component-vulnerabilities #Dell
#infosec #vulnerability #AMD #Adobe
updated 2025-04-22T21:15:42.690000
11 posts
π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π΄ CVE-2026-28292 - Critical (9.8)
`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code e...
π https://www.thehackerwire.com/vulnerability/CVE-2026-28292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2025-04-01T16:15:15.807000
11 posts
π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π¨ EUVD-2026-10791
π Score: 9.8/10 (CVSS v3.1)
π¦ Product: simple-git
π’ Vendor: steveukx
π
Updated: 2026-03-10
π `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code executio...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-10791
##π΄ CVE-2026-28292 - Critical (9.8)
`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code e...
π https://www.thehackerwire.com/vulnerability/CVE-2026-28292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30983 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml() (strcpy) causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5.
π https://www.thehackerwire.com/vulnerability/CVE-2026-30983/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30983 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml() (strcpy) causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5.
π https://www.thehackerwire.com/vulnerability/CVE-2026-30983/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30978 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-use-after-free in CIccCmm::AddXform() causing invalid vptr dereference and crash. This vulnerability is fixed in 2.3.1.5.
π https://www.thehackerwire.com/vulnerability/CVE-2026-30978/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30985 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash. This vulnerability is fixe...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30985/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-31795 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply() corrupting stack memory or crash. This vulnerability is fixed in 2.3.1.5.
π https://www.thehackerwire.com/vulnerability/CVE-2026-31795/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-31792 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag() causing a segmentation fault or denial of service. This vulnerabilit...
π https://www.thehackerwire.com/vulnerability/CVE-2026-31792/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-31796 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in icCurvesFromXml() causing heap memory corruption or crash. This vulnerability is fixed in 2.3.1.5.
π https://www.thehackerwire.com/vulnerability/CVE-2026-31796/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30918 - High (7.6)
facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP responses in a way that could lead to vulnerab...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30918/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-27005 - Critical (9.8)
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against databases con...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27005/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30929 - High (7.7)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffe...
π https://www.thehackerwire.com/vulnerability/CVE-2026-30929/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-28691 - High (7.5)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. This vul...
π https://www.thehackerwire.com/vulnerability/CVE-2026-28691/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##β οΈ CRITICAL: CVE-2026-30862 in Appsmith <1.96 enables stored XSS via TableWidgetV2. Attackers can leverage 'Invite Users' for admin takeover. Patch to 1.96+ ASAP! No active exploits yet. https://radar.offseq.com/threat/cve-2026-30862-cwe-79-improper-neutralization-of-i-d918c60a #OffSeq #XSS #Appsmith #CVE2026_30862
##π΄ CVE-2026-31816 - Critical (9.1)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized() middleware that protects every server-side API endpoint can be completely bypassed by appending a w...
π https://www.thehackerwire.com/vulnerability/CVE-2026-31816/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-31816 - Critical (9.1)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized() middleware that protects every server-side API endpoint can be completely bypassed by appending a w...
π https://www.thehackerwire.com/vulnerability/CVE-2026-31816/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-25737 - High (8.9)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25737/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2025-62166 - High (7.5)
FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled,...
π https://www.thehackerwire.com/vulnerability/CVE-2025-62166/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Sign in with ANY password into Rocket.Chat EE (CVE-2026-28514) and other vulnerabilities weβve found with our open source AI framework https://github.blog/security/how-to-scan-for-vulnerabilities-with-github-security-labs-open-source-ai-powered-framework/
##