FediSecfeeds

CVE	CVSS	EPSS	Posts	Repos	Updated	Description
CVE-2026-4484	9.8	0.00%	2	0	2026-03-26T02:16:07.913000	The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in
CVE-2026-33526	0	0.00%	2	0	2026-03-26T01:16:27.877000	Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-Afte
CVE-2026-33287	7.5	0.00%	2	0	2026-03-26T01:16:27.530000	LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScri
CVE-2026-33285	7.5	0.00%	2	0	2026-03-26T01:16:27.363000	LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScri
CVE-2026-4758	8.8	0.00%	2	0	2026-03-26T00:16:41.570000	The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion
CVE-2026-34056	7.7	0.00%	2	0	2026-03-26T00:16:41.400000	OpenEMR is a free and open source electronic health records and medical practice
CVE-2026-33932	7.6	0.00%	2	0	2026-03-26T00:16:39.953000	OpenEMR is a free and open source electronic health records and medical practice
CVE-2026-33918	7.6	0.00%	4	0	2026-03-26T00:16:39.627000	OpenEMR is a free and open source electronic health records and medical practice
CVE-2026-33917	8.8	0.00%	4	0	2026-03-26T00:16:39.470000	OpenEMR is a free and open source electronic health records and medical practice
CVE-2026-33913	7.7	0.00%	2	0	2026-03-25T23:17:10.660000	OpenEMR is a free and open source electronic health records and medical practice
CVE-2026-33017	9.8	0.59%	2	3	2026-03-25T23:17:09.670000	Langflow is a tool for building and deploying AI-powered agents and workflows. I
CVE-2025-33247	7.8	0.28%	1	0	2026-03-25T21:58:57.220000	NVIDIA Megatron LM contains a vulnerability in quantization configuration loadin
CVE-2026-24150	7.8	0.06%	1	0	2026-03-25T21:58:12.560000	NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attac
CVE-2026-33286	9.1	0.04%	2	0	2026-03-25T21:33:33	### Summary An arbitrary method execution vulnerability has been found which af
CVE-2026-33282	7.5	0.02%	1	0	2026-03-25T21:32:53	## Summary Ella Core panics when processing a malformed NGAP LocationReport mes
CVE-2026-32536	10.0	0.00%	2	0	2026-03-25T21:31:40	Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green
CVE-2026-32537	7.5	0.00%	2	0	2026-03-25T21:31:39	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-25001	8.6	0.00%	2	0	2026-03-25T21:31:38	Improper Control of Generation of Code ('Code Injection') vulnerability in Saad
CVE-2026-32534	8.5	0.00%	2	0	2026-03-25T21:30:36	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-32539	9.3	0.00%	2	0	2026-03-25T21:30:36	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-32573	9.1	0.00%	2	0	2026-03-25T21:30:36	Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio
CVE-2026-32513	8.8	0.00%	2	0	2026-03-25T21:30:35	Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List
CVE-2026-27044	10.0	0.00%	4	0	2026-03-25T21:30:35	Improper Control of Generation of Code ('Code Injection') vulnerability in Total
CVE-2026-25366	10.0	0.00%	2	0	2026-03-25T21:30:35	Improper Control of Generation of Code ('Code Injection') vulnerability in Theme
CVE-2026-4719	7.5	0.01%	1	0	2026-03-25T21:30:28	Incorrect boundary conditions in the Graphics: Text component. This vulnerabilit
CVE-2026-4704	7.5	0.01%	1	0	2026-03-25T21:30:27	Denial-of-service in the WebRTC: Signaling component. This vulnerability affects
CVE-2026-33680	7.5	0.03%	1	0	2026-03-25T21:18:09	## Summary The `LinkSharing.ReadAll()` method allows link share authenticated u
CVE-2026-33678	8.1	0.03%	2	0	2026-03-25T21:17:43	## Summary `TaskAttachment.ReadOne()` queries attachments by ID only (`WHERE id
CVE-2026-32538	7.5	0.00%	2	0	2026-03-25T21:16:46.347000	Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMT
CVE-2026-32531	8.1	0.00%	2	0	2026-03-25T21:16:44.300000	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-30976	8.6	0.00%	2	0	2026-03-25T21:16:41.623000	Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch p
CVE-2026-33497	None	0.01%	1	0	2026-03-25T20:54:06	### Summary In the download_profile_picture function of the /profile_pictures/{f
CVE-2026-33418	7.5	0.04%	1	0	2026-03-25T20:53:42	## Summary The `ensureSize()` function in `@dicebear/converter` used a regex-ba
CVE-2026-33316	8.1	0.03%	2	0	2026-03-25T20:53:33	### Summary A flaw in Vikunja’s password reset logic allows disabled users to r
CVE-2026-29839	8.8	0.02%	1	0	2026-03-25T20:53:05.983000	DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) v
CVE-2026-33310	8.8	0.05%	1	0	2026-03-25T20:52:31	### Summary The shell() syntax within parameter default values appears to be aut
CVE-2026-33242	7.5	0.01%	1	0	2026-03-25T20:48:35	### Details A Path Traversal and Access Control Bypass vulnerability was discov
CVE-2026-32300	8.1	0.03%	1	0	2026-03-25T20:46:17	# Security Advisory — My Page Profile Update (Improper Authorization) ## Summar
CVE-2026-32299	7.5	0.03%	1	0	2026-03-25T20:46:07	# Security Advisory — Page Content Retrieval (Improper Authorization) ## Summar
CVE-2026-32278	8.2	0.04%	2	0	2026-03-25T20:45:22	# Security Advisory — Form Plugin (Stored XSS) ## Summary A Stored Cross-site
CVE-2026-32277	8.7	0.03%	2	0	2026-03-25T20:45:12	# Security Advisory — Cabinet Plugin (DOM-based XSS) ## Summary A DOM-based Cr
CVE-2026-4715	9.1	0.02%	1	0	2026-03-25T20:16:36.837000	Uninitialized memory in the Graphics: Canvas2D component. This vulnerability aff
CVE-2026-4705	9.8	0.01%	1	0	2026-03-25T20:16:36.273000	Undefined behavior in the WebRTC: Signaling component. This vulnerability affect
CVE-2026-33218	7.5	0.00%	4	0	2026-03-25T20:16:32.623000	NATS-Server is a High-Performance server for NATS.io, a cloud and edge native me
CVE-2026-32546	7.5	0.00%	4	0	2026-03-25T20:16:31.527000	Missing Authorization vulnerability in StellarWP Restrict Content restrict-conte
CVE-2026-32525	9.9	0.00%	2	0	2026-03-25T20:16:30.967000	Improper Control of Generation of Code ('Code Injection') vulnerability in jetmo
CVE-2026-25447	9.1	0.00%	4	0	2026-03-25T20:16:26.740000	Improper Control of Generation of Code ('Code Injection') vulnerability in Jonat
CVE-2026-20687	7.1	0.02%	1	1	2026-03-25T20:07:15.087000	A use after free issue was addressed with improved memory management. This issue
CVE-2026-4712	7.5	0.01%	1	0	2026-03-25T19:16:52.517000	Information disclosure in the Widget: Cocoa component. This vulnerability affect
CVE-2026-3988	7.5	0.00%	6	0	2026-03-25T18:32:08	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5
CVE-2026-3857	8.1	0.00%	6	0	2026-03-25T18:32:07	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10
CVE-2026-20012	8.6	0.00%	2	0	2026-03-25T18:31:51	A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco
CVE-2026-20125	7.7	0.00%	2	0	2026-03-25T18:31:51	A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS X
CVE-2026-26832	9.8	0.00%	2	1	2026-03-25T18:31:51	node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tessera
CVE-2025-32991	9.1	0.00%	2	0	2026-03-25T18:31:46	In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful AP
CVE-2026-3608	7.5	0.02%	1	0	2026-03-25T18:31:43	Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-
CVE-2026-33660	0	0.00%	2	0	2026-03-25T18:16:32.080000	n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.
CVE-2026-2995	7.7	0.00%	4	0	2026-03-25T17:16:58.347000	GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 bef
CVE-2026-27889	7.5	0.00%	2	0	2026-03-25T17:07:53	### Background NATS.io is a high performance open source pub-sub distributed co
CVE-2026-20086	8.6	0.00%	2	0	2026-03-25T16:16:13.920000	A vulnerability in the processing of Control and Provisioning of Wireless Access
CVE-2026-20084	8.6	0.00%	2	0	2026-03-25T16:16:13.563000	A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allo
CVE-2026-24157	7.8	0.12%	1	0	2026-03-25T15:41:58.280000	NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an at
CVE-2026-22559	8.8	0.07%	1	0	2026-03-25T15:41:58.280000	An Improper Input Validation vulnerability in UniFi Network Server may allow una
CVE-2026-33329	8.1	0.05%	1	0	2026-03-25T15:41:58.280000	FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 t
CVE-2026-2343	5.3	0.02%	1	0	2026-03-25T15:41:33.977000	The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download
CVE-2026-28864	3.3	0.02%	1	0	2026-03-25T15:32:30	This issue was addressed with improved permissions checking. This issue is fixed
CVE-2026-3104	7.5	0.00%	2	0	2026-03-25T15:31:37	A specially crafted domain can be used to cause a memory leak in a BIND resolver
CVE-2026-26830	9.8	0.00%	2	2	2026-03-25T15:31:37	pdf-image (npm package) through version 2.0.0 allows OS command injection via th
CVE-2026-1519	7.5	0.00%	2	0	2026-03-25T15:31:36	If a BIND resolver is performing DNSSEC validation and encounters a maliciously
CVE-2026-33634	0	0.04%	1	1	2026-03-25T15:16:49.230000	Trivy is a security scanner. On March 19, 2026, a threat actor used compromised
CVE-2026-26306	7.8	0.02%	1	0	2026-03-25T06:30:35	The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely
CVE-2026-2072	8.2	0.04%	1	0	2026-03-25T03:31:40	Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (
CVE-2026-28877	None	0.02%	1	0	2026-03-25T03:31:39	An authorization issue was addressed with improved state management. This issue
CVE-2026-3909	8.8	4.79%	1	0	2026-03-25T00:31:11	Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a re
CVE-2026-33216	8.6	0.00%	4	0	2026-03-24T21:42:11	### Background NATS.io is a high performance open source pub-sub distributed co
CVE-2026-4725	10.0	0.02%	1	0	2026-03-24T21:32:29	Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This v
CVE-2026-4723	9.8	0.01%	1	0	2026-03-24T21:32:29	Use-after-free in the JavaScript Engine component. This vulnerability affects Fi
CVE-2026-4701	9.8	0.02%	1	0	2026-03-24T21:32:28	Use-after-free in the JavaScript Engine component. This vulnerability affects Fi
CVE-2026-4717	9.8	0.02%	1	0	2026-03-24T21:32:28	Privilege escalation in the Netmonitor component. This vulnerability affects Fir
CVE-2026-4716	9.1	0.02%	1	0	2026-03-24T21:32:28	Incorrect boundary conditions, uninitialized memory in the JavaScript Engine com
CVE-2026-4714	7.5	0.01%	1	0	2026-03-24T21:32:28	Incorrect boundary conditions in the Audio/Video component. This vulnerability a
CVE-2026-4713	7.5	0.01%	1	0	2026-03-24T21:32:28	Incorrect boundary conditions in the Graphics component. This vulnerability affe
CVE-2026-4711	9.8	0.02%	1	0	2026-03-24T21:32:28	Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefo
CVE-2026-4722	8.8	0.02%	1	0	2026-03-24T21:32:28	Privilege escalation in the IPC component. This vulnerability affects Firefox <
CVE-2025-33254	7.5	0.03%	1	0	2026-03-24T21:31:36	NVIDIA Triton Inference Server contains a vulnerability where an attacker may ca
CVE-2025-33248	7.8	0.06%	1	0	2026-03-24T21:31:35	NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script wher
CVE-2025-33244	9.1	0.03%	2	0	2026-03-24T21:31:35	NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker co
CVE-2025-33238	7.5	0.03%	1	0	2026-03-24T21:31:35	NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability wh
CVE-2026-24158	7.5	0.04%	1	0	2026-03-24T21:31:35	NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint whe
CVE-2026-24152	7.8	0.06%	1	0	2026-03-24T21:31:35	NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attac
CVE-2026-24151	7.8	0.06%	1	0	2026-03-24T21:31:35	NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may
CVE-2026-24141	7.8	0.06%	1	0	2026-03-24T21:31:35	NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONN
CVE-2026-24159	7.8	0.12%	1	0	2026-03-24T21:31:35	NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remot
CVE-2026-2417	None	0.10%	1	0	2026-03-24T21:31:30	A Missing Authentication for Critical Function vulnerability in Pharos Controls
CVE-2026-4702	9.8	0.02%	1	0	2026-03-24T21:31:22	JIT miscompilation in the JavaScript Engine component. This vulnerability affect
CVE-2026-29785	7.5	0.00%	4	0	2026-03-24T21:29:09	### Background NATS.io is a high performance open source pub-sub distributed co
CVE-2026-4700	9.8	0.02%	1	0	2026-03-24T21:16:31.800000	Mitigation bypass in the Networking: HTTP component. This vulnerability affects
CVE-2026-33554	7.5	0.04%	1	0	2026-03-24T20:16:30.357000	ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response
CVE-2026-30653	7.5	0.18%	1	0	2026-03-24T20:16:26.650000	An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denia
CVE-2026-32276	8.8	0.07%	1	0	2026-03-24T19:58:16.700000	Connect-CMS is a content management system. In versions on the 1.x series up to
CVE-2026-33484	7.5	0.02%	1	0	2026-03-24T19:20:13.567000	Langflow is a tool for building and deploying AI-powered agents and workflows. I
CVE-2025-71275	9.8	0.46%	1	0	2026-03-24T18:31:36	Zimbra Collaboration Suite (ZCS) PostJournal service version 8.8.15 contains a c
CVE-2026-4673	8.8	0.07%	2	0	2026-03-24T18:31:34	Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowe
CVE-2026-4679	8.8	0.08%	1	0	2026-03-24T18:31:34	Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a rem
CVE-2026-4675	8.8	0.07%	1	0	2026-03-24T18:31:34	Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a
CVE-2026-4674	8.8	0.08%	2	0	2026-03-24T16:53:14.987000	Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a rem
CVE-2026-4677	8.8	0.07%	1	0	2026-03-24T16:47:49.867000	Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.16
CVE-2026-4368	0	0.02%	2	0	2026-03-24T15:54:09.400000	Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configur
CVE-2025-60946	8.8	0.12%	1	0	2026-03-24T15:54:09.400000	Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authenticated att
CVE-2026-4283	9.1	0.10%	2	0	2026-03-24T15:53:48.067000	The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized acc
CVE-2026-27654	8.2	0.02%	1	0	2026-03-24T15:53:48.067000	NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module
CVE-2025-41660	8.8	0.21%	1	0	2026-03-24T15:53:48.067000	A low-privileged remote attacker may be able to replace the boot application of
CVE-2026-4750	9.1	0.04%	1	0	2026-03-24T15:53:48.067000	Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof
CVE-2026-4640	7.5	0.07%	1	0	2026-03-24T15:53:48.067000	Vitals ESP developed by Galaxy Software Services has a Missing Authentication vu
CVE-2026-33298	7.8	0.04%	2	0	2026-03-24T15:53:48.067000	llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an int
CVE-2026-33211	9.6	0.02%	2	0	2026-03-24T15:53:48.067000	Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style
CVE-2026-3533	8.8	0.22%	1	0	2026-03-24T15:53:48.067000	The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads du
CVE-2026-27651	7.5	0.03%	2	0	2026-03-24T15:30:36	When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open
CVE-2026-27784	7.8	0.01%	2	0	2026-03-24T15:30:36	The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_ht
CVE-2026-32647	7.8	0.01%	2	0	2026-03-24T15:30:36	NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module
CVE-2026-4775	7.8	0.06%	1	0	2026-03-24T15:30:36	A flaw was found in the libtiff library. A remote attacker could exploit a signe
CVE-2026-22739	8.6	0.02%	1	0	2026-03-24T15:30:27	Vulnerability in Spring Cloud when substituting the profile parameter from a req
CVE-2026-3509	7.5	0.08%	1	0	2026-03-24T09:30:41	An unauthenticated remote attacker may be able to control the format string of m
CVE-2026-4755	9.8	0.06%	1	0	2026-03-24T09:30:41	CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects An
CVE-2026-4745	None	0.05%	1	0	2026-03-24T06:31:25	Improper Control of Generation of Code ('Code Injection') vulnerability in dendi
CVE-2026-4753	9.1	0.04%	1	0	2026-03-24T06:31:25	Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects Re
CVE-2026-4746	None	0.04%	1	0	2026-03-24T06:31:25	Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/sr
CVE-2026-4662	7.5	0.08%	1	0	2026-03-24T06:31:25	The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listi
CVE-2026-4639	8.8	0.10%	2	0	2026-03-24T06:31:14	Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization v
CVE-2026-4744	None	0.01%	1	0	2026-03-24T06:31:14	Out-of-bounds Read vulnerability in rizonesoft Notepad3 (‎scintilla/oniguruma/sr
CVE-2026-4739	None	0.04%	2	0	2026-03-24T06:31:13	Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (‎
CVE-2026-4678	8.8	0.11%	1	0	2026-03-24T03:31:25	Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remo
CVE-2026-4676	8.8	0.11%	1	0	2026-03-24T03:31:25	Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote
CVE-2026-4680	8.8	0.13%	1	0	2026-03-24T03:31:25	Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remot
CVE-2026-4021	8.1	0.12%	1	0	2026-03-24T00:30:34	The Contest Gallery plugin for WordPress is vulnerable to an authentication bypa
CVE-2026-4001	9.8	0.14%	1	0	2026-03-24T00:30:33	The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to
CVE-2026-4306	7.5	0.07%	1	0	2026-03-24T00:30:33	The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'r
CVE-2026-4681	None	0.38%	1	0	2026-03-24T00:30:28	A critical remote code execution (RCE) vulnerability has been reported in PTC Wi
CVE-2025-60947	8.8	0.19%	1	0	2026-03-24T00:30:28	Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacke
CVE-2025-60949	9.1	0.03%	1	0	2026-03-24T00:30:28	Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployme
CVE-2026-32902	None	0.00%	1	0	2026-03-24T00:30:28	Rejected reason: This CVE ID has been rejected.
CVE-2026-32907	None	0.00%	1	0	2026-03-24T00:30:28	Rejected reason: This CVE ID has been rejected.
CVE-2026-32066	0	0.00%	1	0	2026-03-23T23:17:11.653000	Rejected reason: This CVE ID has been rejected.
CVE-2026-32913	7.5	0.03%	1	1	2026-03-23T21:54:50	OpenClaw's `fetchWithSsrFGuard(...)` followed cross-origin redirects while prese
CVE-2026-32845	8.4	0.01%	1	0	2026-03-23T21:31:53	cgltf version 1.15 and prior contain an integer overflow vulnerability in the cg
CVE-2026-3055	None	0.02%	3	0	2026-03-23T21:30:58	Insufficient input validation in NetScaler ADC and NetScaler Gateway when config
CVE-2026-33143	7.5	0.02%	2	0	2026-03-23T20:48:27.347000	OneUptime is a solution for monitoring and managing online services. Prior to ve
CVE-2026-33228	9.8	0.03%	1	0	2026-03-23T19:14:31.040000	flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function
CVE-2026-32746	9.8	0.03%	3	4	2026-03-23T15:31:40	telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMO
CVE-2026-21992	9.8	0.04%	1	0	2026-03-23T15:30:30.950000	Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware
CVE-2026-33509	7.5	0.06%	1	0	2026-03-20T21:50:31	## Summary The `set_config_value()` API endpoint allows users with the non-admi
CVE-2025-31277	8.8	0.27%	1	0	2026-03-20T18:53:35.083000	The issue was addressed with improved memory handling. This issue is fixed in Sa
CVE-2025-43520	5.5	0.47%	8	0	2026-03-20T18:32:19	A memory corruption issue was addressed with improved memory handling. This issu
CVE-2026-33331	8.2	0.01%	1	0	2026-03-20T17:25:56	A Stored Cross-Site Scripting (XSS) vulnerability exists in the OpenAPI document
CVE-2026-33344	8.1	0.02%	1	0	2026-03-19T19:25:46	The fix for CVE-2026-27598 (commit e2ed589, PR #1691) added `ValidateDAGName` to
CVE-2026-20131	10.0	0.65%	3	3	2026-03-19T18:32:21	A vulnerability in the web-based management interface of Cisco Secure Firewall M
CVE-2026-3888	7.9	0.01%	1	5	2026-03-18T06:31:20	Local privilege escalation in snapd on Linux allows local attackers to get root
CVE-2026-32116	None	0.08%	2	0	2026-03-13T15:40:24	### Impact _What kind of vulnerability is it? Who is impacted?_ Receiving a fil
CVE-2026-30839	4.3	0.03%	1	0	2026-03-11T18:48:29.450000	Wallos is an open-source, self-hostable personal subscription tracker. Prior to
CVE-2026-26123	5.5	0.05%	2	0	2026-03-10T21:32:18	Cwe is not in rca categories in Microsoft Authenticator allows an unauthorized a
CVE-2026-27598	None	0.11%	1	0	2026-02-27T20:40:25	The `CreateNewDAG` API endpoint (`POST /api/v1/dags`) does not validate the DAG
CVE-2026-27210	None	0.03%	1	0	2026-02-23T22:27:55	### Impact The hot spot `attributes` configuration property allowed any attribut
CVE-2025-43529	8.8	0.20%	1	8	2025-12-17T21:31:01	A use-after-free issue was addressed with improved memory management. This issue
CVE-2025-24201	7.1	0.10%	1	3	2025-11-13T21:31:15	An out-of-bounds write issue was addressed with improved checks to prevent unaut
CVE-2026-34055	0	0.00%	2	0		N/A
CVE-2026-33696	0	0.00%	2	0		N/A
CVE-2026-23514	0	0.00%	2	0		N/A
CVE-2026-29187	0	0.00%	4	0		N/A
CVE-2026-33348	0	0.00%	2	0		N/A
CVE-2026-24750	0	0.00%	2	0		N/A
CVE-2026-30975	0	0.00%	2	0		N/A
CVE-2026-33656	0	0.00%	1	1		N/A
CVE-2026-28373	0	0.00%	1	0		N/A
CVE-2026-33870	0	0.00%	1	0		N/A
CVE-2026-33871	0	0.00%	1	0		N/A
CVE-2026-33340	0	0.04%	1	0		N/A
CVE-2026-33399	0	0.03%	1	0		N/A
CVE-2026-30840	0	0.05%	1	0		N/A
CVE-2026-33307	0	0.03%	1	0		N/A
CVE-2026-33250	0	0.21%	1	0		N/A
CVE-2026-33164	0	0.05%	1	0		N/A

CVE-2026-4484
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-03-26T02:16:07.913000

2 posts

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_database' function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that of an admini

thehackerwire@mastodon.social at 2026-03-26T03:00:03.000Z ##

🔴 CVE-2026-4484 - Critical (9.8)

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_data...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4484/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-26T03:00:03.000Z ##

🔴 CVE-2026-4484 - Critical (9.8)

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_data...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4484/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33526
(0 None)

EPSS: 0.00%

updated 2026-03-26T01:16:27.877000

2 posts

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non

offseq at 2026-03-26T01:30:27.610Z ##

🚨 CVE-2026-33526: Critical Use-After-Free in Squid (<7.5) allows remote attackers to crash Squid via ICP traffic. icp_access rules are ineffective. Upgrade to 7.5+ or disable ICP (icp_port=0) ASAP! https://radar.offseq.com/threat/cve-2026-33526-cwe-416-use-after-free-in-squid-cac-5f2ea159 #OffSeq #Squid #Vuln #DoS

##

offseq@infosec.exchange at 2026-03-26T01:30:27.000Z ##

🚨 CVE-2026-33526: Critical Use-After-Free in Squid (<7.5) allows remote attackers to crash Squid via ICP traffic. icp_access rules are ineffective. Upgrade to 7.5+ or disable ICP (icp_port=0) ASAP! https://radar.offseq.com/threat/cve-2026-33526-cwe-416-use-after-free-in-squid-cac-5f2ea159 #OffSeq #Squid #Vuln #DoS

##

CVE-2026-33287
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-26T01:16:27.530000

2 posts

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaScript's `String.prototype.replace()` which interprets `$&` as a back reference to the matched substring. The filter only charges `memoryLimit` for the input string length, not the amplified output. An attacker can achieve exponential memory

thehackerwire@mastodon.social at 2026-03-26T01:36:13.000Z ##

🟠 CVE-2026-33287 - High (7.5)

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaScript's `String.prototype.replace()` which interprets `$&` as a back reference to the ma...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33287/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-26T01:36:13.000Z ##

🟠 CVE-2026-33287 - High (7.5)

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaScript's `String.prototype.replace()` which interprets `$&` as a back reference to the ma...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33287/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33285
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-26T01:16:27.363000

2 posts

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's `memoryLimit` security mechanism can be completely bypassed by using reverse range expressions (e.g., `(100000000..1)`), allowing an attacker to allocate unlimited memory. Combined with a string flattening operation (e.g., `replace` filter), this causes a V8 Fatal error that cra

thehackerwire@mastodon.social at 2026-03-26T01:18:13.000Z ##

🟠 CVE-2026-33285 - High (7.5)

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's `memoryLimit` security mechanism can be completely bypassed by using reverse range expressions (e.g., `(100000000..1)`), allow...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33285/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-26T01:18:13.000Z ##

🟠 CVE-2026-33285 - High (7.5)

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's `memoryLimit` security mechanism can be completely bypassed by using reverse range expressions (e.g., `(100000000..1)`), allow...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33285/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-4758
(8.8 HIGH)

EPSS: 0.00%

updated 2026-03-26T00:16:41.570000

2 posts

The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code exec

thehackerwire@mastodon.social at 2026-03-26T01:00:42.000Z ##

🟠 CVE-2026-4758 - High (8.8)

The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possibl...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4758/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-26T01:00:42.000Z ##

🟠 CVE-2026-4758 - High (8.8)

The WP Job Portal plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'WPJOBPORTALcustomfields::removeFileCustom' function in all versions up to, and including, 2.4.9. This makes it possibl...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4758/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34056
(7.7 HIGH)

EPSS: 0.00%

updated 2026-03-26T00:16:41.400000

2 posts

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks. This flaw compromises system confidentiality by exposing sensitive information, potentially leading to

thehackerwire@mastodon.social at 2026-03-26T01:00:33.000Z ##

🟠 CVE-2026-34056 - High (7.7)

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eR...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34056/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-26T01:00:33.000Z ##

🟠 CVE-2026-34056 - High (7.7)

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eR...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34056/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33932
(7.6 HIGH)

EPSS: 0.00%

updated 2026-03-26T00:16:39.953000

2 posts

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute arbitrary JavaScript in a clinician's browser session when the document is previewed. The XSL stylesheet sanitizes attributes f

thehackerwire@mastodon.social at 2026-03-26T01:01:16.000Z ##

🟠 CVE-2026-33932 - High (7.6)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33932/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-26T01:01:16.000Z ##

🟠 CVE-2026-33932 - High (7.6)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33932/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33918
(7.6 HIGH)

EPSS: 0.00%

updated 2026-03-26T00:16:39.627000

4 posts

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the caller has a valid session and CSRF token, but does not check any ACL permissions. This allows any authenticated OpenEMR user — regardless of whether they have billing priv

thehackerwire@mastodon.social at 2026-03-26T01:03:46.000Z ##

🟠 CVE-2026-33918 - High (7.6)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the caller has a valid ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33918/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-26T01:01:14.000Z ##

🟠 CVE-2026-33918 - High (7.6)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the caller has a valid ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33918/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-26T01:03:46.000Z ##

🟠 CVE-2026-33918 - High (7.6)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the caller has a valid ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33918/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-26T01:01:14.000Z ##

🟠 CVE-2026-33918 - High (7.6)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the caller has a valid ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33918/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33917
(8.8 HIGH)

EPSS: 0.00%

updated 2026-03-26T00:16:39.470000

4 posts

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the ajax_save page in the CAMOS form. Version 8.0.0.3 patches the issue.

thehackerwire@mastodon.social at 2026-03-26T01:03:36.000Z ##

🟠 CVE-2026-33917 - High (8.8)

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33917/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-26T01:01:04.000Z ##

🟠 CVE-2026-33917 - High (8.8)

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33917/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-26T01:03:36.000Z ##

🟠 CVE-2026-33917 - High (8.8)

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33917/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-26T01:01:04.000Z ##

🟠 CVE-2026-33917 - High (8.8)

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form that can be exploited by authenticated attackers. ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33917/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33913
(7.7 HIGH)

EPSS: 0.00%

updated 2026-03-25T23:17:10.660000

2 posts

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing `<xi:include href="file:///etc/passwd" parse="text"/>` to read arbitrary files from the server. Version 8.0.0.3 patches the issue.

thehackerwire@mastodon.social at 2026-03-25T23:20:25.000Z ##

🟠 CVE-2026-33913 - High (7.7)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing `` to...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33913/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T23:20:25.000Z ##

🟠 CVE-2026-33913 - High (7.7)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing `` to...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33913/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33017
(9.8 CRITICAL)

EPSS: 0.59%

updated 2026-03-25T23:17:09.670000

2 posts

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data (containing arbitrary Python code in node definitions) instead of the stored f

3 repos

https://github.com/MaxMnMl/langflow-CVE-2026-33017-poc

updated 2026-03-25T21:33:33

2 posts

### Summary An arbitrary method execution vulnerability has been found which affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary relationship names to invoke any public method on the underlying model instance, class or its associations. ### Impact Any application exposing Graphiti write endpoints (create/update/delete) to untrusted us

offseq@infosec.exchange at 2026-03-24T03:00:31.000Z ##

🚨 CRITICAL: CVE-2026-33286 in Graphiti (<1.10.2) lets unauthenticated attackers invoke arbitrary public methods via JSONAPI write requests. Patch to v1.10.2, restrict access, and validate inputs! https://radar.offseq.com/threat/cve-2026-33286-cwe-913-improper-control-of-dynamic-fd76d864 #OffSeq #CVE202633286 #Ruby #APIsecurity

##

thehackerwire@mastodon.social at 2026-03-24T00:23:11.000Z ##

🔴 CVE-2026-33286 - Critical (9.1)

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33286/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33282
(7.5 HIGH)

EPSS: 0.02%

updated 2026-03-25T21:32:53

1 posts

## Summary Ella Core panics when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestList` IE. ## Impact An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required. ## Fix Added IE p

thehackerwire@mastodon.social at 2026-03-24T00:19:18.000Z ##

🟠 CVE-2026-33282 - High (7.5)

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitting the optional `UEPresenceInAreaOfInterestLis...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33282/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32536
(10.0 CRITICAL)

EPSS: 0.00%

updated 2026-03-25T21:31:40

2 posts

Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-downloads allows Using Malicious Files.This issue affects Green Downloads: from n/a through <= 2.08.

thehackerwire@mastodon.social at 2026-03-25T21:43:40.000Z ##

🔴 CVE-2026-32536 - Critical (9.9)

Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-downloads allows Using Malicious Files.This issue affects Green Downloads: from n/a through <= 2.08.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32536/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T21:43:40.000Z ##

🔴 CVE-2026-32536 - Critical (9.9)

Unrestricted Upload of File with Dangerous Type vulnerability in halfdata Green Downloads halfdata-paypal-green-downloads allows Using Malicious Files.This issue affects Green Downloads: from n/a through <= 2.08.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32536/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32537
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-25T21:31:39

2 posts

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Portfolio, Photo Gallery & Post Grid: from n/a through <= 3.5.1.

thehackerwire@mastodon.social at 2026-03-25T21:43:49.000Z ##

🟠 CVE-2026-32537 - High (7.5)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Port...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32537/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T21:43:49.000Z ##

🟠 CVE-2026-32537 - High (7.5)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Local File Inclusion.This issue affects Visual Port...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32537/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25001
(8.6 HIGH)

EPSS: 0.00%

updated 2026-03-25T21:31:38

2 posts

Improper Control of Generation of Code ('Code Injection') vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through <= 4.0.12.

thehackerwire@mastodon.social at 2026-03-25T21:00:28.000Z ##

🟠 CVE-2026-25001 - High (8.5)

Improper Control of Generation of Code ('Code Injection') vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through <= 4.0.12.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25001/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T21:00:28.000Z ##

🟠 CVE-2026-25001 - High (8.5)

Improper Control of Generation of Code ('Code Injection') vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through <= 4.0.12.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25001/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32534
(8.5 HIGH)

EPSS: 0.00%

updated 2026-03-25T21:30:36

2 posts

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.3.

thehackerwire@mastodon.social at 2026-03-25T21:43:30.000Z ##

🟠 CVE-2026-32534 - High (8.5)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.3.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32534/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T21:43:30.000Z ##

🟠 CVE-2026-32534 - High (8.5)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.3.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32534/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32539
(9.3 CRITICAL)

EPSS: 0.00%

updated 2026-03-25T21:30:36

2 posts

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through <= 3.7.23.

thehackerwire@mastodon.social at 2026-03-25T20:42:49.000Z ##

🔴 CVE-2026-32539 - Critical (9.3)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through <= 3.7.23.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32539/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T20:42:49.000Z ##

🔴 CVE-2026-32539 - Critical (9.3)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through <= 3.7.23.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32539/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32573
(9.1 CRITICAL)

EPSS: 0.00%

updated 2026-03-25T21:30:36

2 posts

Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.7.

thehackerwire@mastodon.social at 2026-03-25T20:42:40.000Z ##

🔴 CVE-2026-32573 - Critical (9.1)

Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.7.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32573/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T20:42:40.000Z ##

🔴 CVE-2026-32573 - Critical (9.1)

Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.7.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32573/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32513
(8.8 HIGH)

EPSS: 0.00%

updated 2026-03-25T21:30:35

2 posts

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through <= 6.1.7.

thehackerwire@mastodon.social at 2026-03-25T21:44:41.000Z ##

🟠 CVE-2026-32513 - High (8.8)

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through <= 6.1.7.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32513/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T21:44:41.000Z ##

🟠 CVE-2026-32513 - High (8.8)

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through <= 6.1.7.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32513/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27044
(10.0 CRITICAL)

EPSS: 0.00%

updated 2026-03-25T21:30:35

4 posts

Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0.

thehackerwire@mastodon.social at 2026-03-25T21:02:33.000Z ##

🔴 CVE-2026-27044 - Critical (9.9)

Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27044/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T21:00:06.000Z ##

🔴 CVE-2026-27044 - Critical (9.9)

Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27044/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T21:02:33.000Z ##

🔴 CVE-2026-27044 - Critical (9.9)

Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27044/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T21:00:06.000Z ##

🔴 CVE-2026-27044 - Critical (9.9)

Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27044/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25366
(10.0 CRITICAL)

EPSS: 0.00%

updated 2026-03-25T21:30:35

2 posts

Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through <= 2.7.1.

thehackerwire@mastodon.social at 2026-03-25T21:00:18.000Z ##

🔴 CVE-2026-25366 - Critical (9.9)

Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through <= 2.7.1.

updated 2026-03-25T21:17:43

2 posts

## Summary `TaskAttachment.ReadOne()` queries attachments by ID only (`WHERE id = ?`), ignoring the task ID from the URL path. The permission check in `CanRead()` validates access to the task specified in the URL, but `ReadOne()` loads a different attachment that may belong to a task in another project. This allows any authenticated user to download or delete any attachment in the system by provi

ivycyber@privacysafe.social at 2026-03-24T20:45:55.000Z ##

🛡️ #Cybersecurity news & tips across the #fediverse

“🟠 CVE-2026-33678 - High (8.1) Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, `TaskAttachment.ReadOne()` queries attachments by ID only (`WHERE id = ?`), ignoring the task ID fro...”

https://mastodon.social/@thehackerwire/116285975900964242

🤖 via RSS feed. Not an endorsement.

##

thehackerwire@mastodon.social at 2026-03-24T20:12:57.000Z ##

🟠 CVE-2026-33678 - High (8.1)

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, `TaskAttachment.ReadOne()` queries attachments by ID only (`WHERE id = ?`), ignoring the task ID from the URL path. The permission check in `CanRead()` validat...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33678/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32538
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-25T21:16:46.347000

2 posts

Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through <= 1.1.24.

thehackerwire@mastodon.social at 2026-03-25T21:44:23.000Z ##

🟠 CVE-2026-32538 - High (7.5)

Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through <= 1.1.24.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32538/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T21:44:23.000Z ##

🟠 CVE-2026-32538 - High (7.5)

Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through <= 1.1.24.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32538/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32531
(8.1 HIGH)

EPSS: 0.00%

updated 2026-03-25T21:16:44.300000

2 posts

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kunco kunco allows PHP Local File Inclusion.This issue affects Kunco: from n/a through < 1.4.5.

thehackerwire@mastodon.social at 2026-03-25T21:44:32.000Z ##

🟠 CVE-2026-32531 - High (8.1)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kunco kunco allows PHP Local File Inclusion.This issue affects Kunco: from n/a through < 1.4.5.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32531/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T21:44:32.000Z ##

🟠 CVE-2026-32531 - High (8.1)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kunco kunco allows PHP Local File Inclusion.This issue affects Kunco: from n/a through < 1.4.5.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32531/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-30976
(8.6 HIGH)

EPSS: 0.00%

updated 2026-03-25T21:16:41.623000

2 posts

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files (containing API keys and database credentials), Windows system files, and any user-accessible files on the same drive This issue only impacts Windows system

thehackerwire@mastodon.social at 2026-03-25T21:40:45.000Z ##

🟠 CVE-2026-30976 - High (8.6)

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files (co...

updated 2026-03-25T20:53:33

2 posts

### Summary A flaw in Vikunja’s password reset logic allows disabled users to regain access to their accounts. The `ResetPassword()` function sets the user’s status to `StatusActive` after a successful password reset without verifying whether the account was previously disabled. By requesting a reset token through `/api/v1/user/password/token` and completing the reset via `/api/v1/user/password/r

thehackerwire@mastodon.social at 2026-03-24T20:29:39.000Z ##

🟠 CVE-2026-33316 - High (8.1)

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, a flaw in Vikunja’s password reset logic allows disabled users to regain access to their accounts. The `ResetPassword()` function sets the user’s status to...

updated 2026-03-25T20:45:22

2 posts

# Security Advisory — Form Plugin (Stored XSS) ## Summary A Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. ## Affected Versions - 1.x series: <= 1.41.0 - 2.x series: <= 2.41.0 ## Patched Versions - 1.41.1 - 2.41.1 ## Description In the file field of the Form Plugin, Stored Cross-site Scripting (XSS) could occur. If exploited, arbitrary script could run

thehackerwire@mastodon.social at 2026-03-23T22:41:12.000Z ##

🟠 CVE-2026-32278 - High (8.2)

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32278/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-23T22:30:41.000Z ##

🟠 CVE-2026-32278 - High (8.2)

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32278/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32277
(8.7 HIGH)

EPSS: 0.03%

updated 2026-03-25T20:45:12

2 posts

# Security Advisory — Cabinet Plugin (DOM-based XSS) ## Summary A DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. ## Affected Versions - 1.x series: >= 1.35.0, <= 1.41.0 - 2.x series: >= 2.35.0, <= 2.41.0 ## Patched Versions - 1.41.1 - 2.41.1 ## Description In the Cabinet Plugin list view, DOM-based Cross-Site Scripting (XSS) could occur due to how saved

thehackerwire@mastodon.social at 2026-03-23T22:41:02.000Z ##

🟠 CVE-2026-32277 - High (8.7)

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch.

updated 2026-03-25T20:16:32.623000

4 posts

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-authentication. Versions 2.11.15 and 2.12.6 contain a fix. As a workaround, disable leafnode support if not needed or restrict network connections to the l

thehackerwire@mastodon.social at 2026-03-25T20:21:31.000Z ##

🟠 CVE-2026-33218 - High (7.5)

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-au...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33218/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T20:20:45.000Z ##

🟠 CVE-2026-33218 - High (7.5)

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-au...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33218/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T20:21:31.000Z ##

🟠 CVE-2026-33218 - High (7.5)

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-au...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33218/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T20:20:45.000Z ##

🟠 CVE-2026-33218 - High (7.5)

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-au...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33218/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32546
(7.5 HIGH)

EPSS: 0.00%

updated 2026-03-25T20:16:31.527000

4 posts

Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/a through <= 3.2.22.

thehackerwire@mastodon.social at 2026-03-25T20:44:00.000Z ##

🟠 CVE-2026-32546 - High (7.5)

Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/a through <= 3.2.22.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32546/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T20:42:31.000Z ##

🟠 CVE-2026-32546 - High (7.5)

Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/a through <= 3.2.22.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32546/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T20:44:00.000Z ##

🟠 CVE-2026-32546 - High (7.5)

Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/a through <= 3.2.22.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32546/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T20:42:31.000Z ##

🟠 CVE-2026-32546 - High (7.5)

Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/a through <= 3.2.22.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32546/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-32525
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-03-25T20:16:30.967000

2 posts

Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.6.1.

thehackerwire@mastodon.social at 2026-03-25T20:42:58.000Z ##

🔴 CVE-2026-32525 - Critical (9.9)

Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.6.1.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32525/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T20:42:58.000Z ##

🔴 CVE-2026-32525 - Critical (9.9)

Improper Control of Generation of Code ('Code Injection') vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through <= 3.5.6.1.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32525/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-25447
(9.1 CRITICAL)

EPSS: 0.00%

updated 2026-03-25T20:16:26.740000

4 posts

Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through <= 2.3.9.

thehackerwire@mastodon.social at 2026-03-25T21:02:44.000Z ##

🔴 CVE-2026-25447 - Critical (9.1)

Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through <= 2.3.9.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25447/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T21:00:16.000Z ##

🔴 CVE-2026-25447 - Critical (9.1)

Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through <= 2.3.9.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25447/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-03-25T21:02:44.000Z ##

🔴 CVE-2026-25447 - Critical (9.1)

Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through <= 2.3.9.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25447/

EPSS: 0.00%

updated 2026-03-25T18:32:08

6 posts

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in GraphQL request processing.

thehackerwire@mastodon.social at 2026-03-25T20:43:51.000Z ##

🟠 CVE-2026-3988 - High (7.5)