| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-6249 | 8.8 | 0.00% | 2 | 0 | 2026-04-20T21:31:52 | Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media uplo | |
| CVE-2026-5478 | 8.1 | 0.00% | 2 | 0 | 2026-04-20T21:31:52 | The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and | |
| CVE-2026-6257 | 9.1 | 0.00% | 2 | 0 | 2026-04-20T21:31:52 | Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media man | |
| CVE-2026-39110 | 8.2 | 0.00% | 2 | 0 | 2026-04-20T21:31:45 | SQL Injection vulnerability in Apartment Visitors Management System Apartment Vi | |
| CVE-2026-6248 | 8.1 | 0.00% | 2 | 0 | 2026-04-20T21:31:45 | The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion i | |
| CVE-2026-30269 | 9.9 | 0.00% | 2 | 0 | 2026-04-20T21:31:44 | Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated us | |
| CVE-2026-39109 | 9.4 | 0.00% | 2 | 0 | 2026-04-20T21:31:44 | SQL Injection vulnerability in Apartment Visitors Management System Apartment Vi | |
| CVE-2026-20128 | 7.6 | 0.01% | 4 | 0 | 2026-04-20T21:31:38 | A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD- | |
| CVE-2026-30624 | 8.6 | 0.22% | 1 | 0 | 2026-04-20T20:17:28.843000 | Agent Zero 0.9.8 contains a remote code execution vulnerability in its External | |
| CVE-2026-20133 | 6.5 | 0.07% | 4 | 0 | 2026-04-20T20:16:47.707000 | A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, | |
| CVE-2026-20122 | 5.4 | 0.02% | 4 | 0 | 2026-04-20T20:16:46.103000 | A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authe | |
| CVE-2025-48700 | 6.1 | 0.18% | 4 | 0 | 2026-04-20T20:16:45.437000 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 an | |
| CVE-2025-32975 | 10.0 | 0.54% | 4 | 0 | 2026-04-20T20:16:45.243000 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x bef | |
| CVE-2025-2749 | 7.2 | 1.23% | 4 | 0 | 2026-04-20T20:16:45.050000 | An authenticated remote code execution in Kentico Xperience allows authenticated | |
| CVE-2024-27199 | 7.3 | 82.47% | 4 | 3 | template | 2026-04-20T20:16:44.860000 | In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limite |
| CVE-2023-27351 | 7.5 | 44.63% | 4 | 0 | template | 2026-04-20T20:16:44.360000 | This vulnerability allows remote attackers to bypass authentication on affected |
| CVE-2026-30461 | 8.3 | 0.23% | 1 | 0 | 2026-04-20T20:16:44.150000 | Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote | |
| CVE-2026-32965 | 7.5 | 0.03% | 2 | 0 | 2026-04-20T19:05:30.750000 | Initialization of a resource with an insecure default vulnerability exists in SD | |
| CVE-2026-39454 | 7.8 | 0.01% | 2 | 0 | 2026-04-20T19:05:30.750000 | SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the | |
| CVE-2026-3518 | 8.4 | 0.00% | 2 | 0 | 2026-04-20T19:05:30.750000 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC | |
| CVE-2026-5760 | 9.8 | 0.00% | 2 | 1 | 2026-04-20T19:05:30.750000 | SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) wh | |
| CVE-2026-30266 | 7.8 | 0.00% | 2 | 0 | 2026-04-20T19:05:30.750000 | Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.7 and before a | |
| CVE-2026-6644 | 0 | 0.73% | 2 | 0 | 2026-04-20T19:05:30.750000 | A command injection vulnerability was found in the PPTP VPN Clients on the ADM. | |
| CVE-2026-32650 | 7.5 | 0.02% | 1 | 0 | 2026-04-20T19:05:30.750000 | Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 Pre | |
| CVE-2026-35546 | 9.8 | 0.06% | 2 | 0 | 2026-04-20T19:05:30.750000 | Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This | |
| CVE-2026-40525 | 9.1 | 0.11% | 1 | 0 | 2026-04-20T19:05:30.750000 | OpenViking prior to commit c7bb167 contains an authentication bypass vulnerabili | |
| CVE-2026-40196 | 8.1 | 0.03% | 1 | 0 | 2026-04-20T19:03:07.607000 | HomeBox is a home inventory and organization system. Versions prior to 0.25.0 co | |
| CVE-2026-40303 | 7.5 | 0.06% | 1 | 0 | 2026-04-20T19:03:07.607000 | zrok is software for sharing web services, files, and network resources. Prior t | |
| CVE-2026-40321 | 8.0 | 0.04% | 1 | 0 | 2026-04-20T19:03:07.607000 | DNN (formerly DotNetNuke) is an open-source web content management platform (CMS | |
| CVE-2026-40477 | 9.0 | 0.13% | 1 | 0 | 2026-04-20T19:03:07.607000 | Thymeleaf is a server-side Java template engine for web and standalone environme | |
| CVE-2026-40349 | 8.8 | 0.01% | 1 | 0 | 2026-04-20T19:03:07.607000 | Movary is a self hosted web app to track and rate a user's watched movies. Prior | |
| CVE-2026-35465 | 7.5 | 0.05% | 1 | 0 | 2026-04-20T19:03:07.607000 | SecureDrop Client is a desktop app for journalists to securely communicate with | |
| CVE-2026-40487 | 8.9 | 0.02% | 1 | 1 | 2026-04-20T19:03:07.607000 | Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file up | |
| CVE-2026-27890 | 8.2 | 0.09% | 1 | 0 | 2026-04-20T19:03:07.607000 | Firebird is an open-source relational database management system. In versions pr | |
| CVE-2026-40582 | 0 | 0.11% | 1 | 0 | 2026-04-20T18:59:46.333000 | ChurchCRM is an open-source church management system. In versions prior to 7.2.0 | |
| CVE-2026-34427 | 8.8 | 0.00% | 4 | 0 | 2026-04-20T18:54:59.077000 | Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admi | |
| CVE-2026-33557 | 9.1 | 0.00% | 2 | 0 | 2026-04-20T18:32:52 | A possible security vulnerability has been identified in Apache Kafka. By defau | |
| CVE-2026-25917 | 9.8 | 0.07% | 3 | 0 | 2026-04-20T18:32:51 | Dag Authors, who normally should not be able to execute code in the webserver co | |
| CVE-2026-32228 | 7.5 | 0.01% | 2 | 0 | 2026-04-20T18:32:51 | UI / API User with asset materialize permission could trigger dags they had no a | |
| CVE-2026-30912 | 7.5 | 0.02% | 2 | 0 | 2026-04-20T18:32:51 | In case of SQL errors, exception/stack trace of errors was exposed in API even i | |
| CVE-2026-30898 | 8.8 | 0.03% | 2 | 0 | 2026-04-20T18:32:51 | An example of BashOperator in Airflow documentation suggested a way of passing d | |
| CVE-2026-39111 | 7.5 | 0.00% | 2 | 0 | 2026-04-20T18:32:00 | SQL Injection vulnerability in Apartment Visitors Management System Apartment Vi | |
| CVE-2026-26944 | 8.8 | 0.00% | 2 | 0 | 2026-04-20T18:31:55 | Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release ver | |
| CVE-2026-34428 | 7.7 | 0.00% | 2 | 0 | 2026-04-20T18:31:55 | Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in t | |
| CVE-2026-41445 | 8.8 | 0.00% | 2 | 0 | 2026-04-20T18:31:55 | KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the | |
| CVE-2026-39918 | 9.8 | 0.00% | 4 | 0 | 2026-04-20T18:31:48 | Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installati | |
| CVE-2026-40459 | 8.8 | 0.22% | 2 | 0 | 2026-04-20T15:32:59 | PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remo | |
| CVE-2026-3519 | 8.5 | 0.00% | 2 | 0 | 2026-04-20T15:31:58 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC | |
| CVE-2026-3517 | 8.5 | 0.00% | 2 | 0 | 2026-04-20T15:31:58 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC | |
| CVE-2026-4048 | 8.5 | 0.00% | 2 | 1 | 2026-04-20T15:31:58 | OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC P | |
| CVE-2026-4424 | 7.5 | 0.27% | 1 | 0 | 2026-04-20T14:16:20.850000 | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exist | |
| CVE-2026-6632 | 8.8 | 0.05% | 2 | 0 | 2026-04-20T12:32:07 | A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected el | |
| CVE-2026-6630 | 8.8 | 0.05% | 2 | 0 | 2026-04-20T12:32:07 | A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects t | |
| CVE-2026-6631 | 8.8 | 0.05% | 2 | 0 | 2026-04-20T11:16:19.583000 | A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the | |
| CVE-2026-5964 | 9.8 | 0.08% | 4 | 0 | 2026-04-20T09:30:51 | EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing u | |
| CVE-2026-5963 | 9.8 | 0.08% | 4 | 0 | 2026-04-20T09:30:51 | EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing u | |
| CVE-2026-5966 | 8.1 | 0.31% | 2 | 0 | 2026-04-20T09:30:51 | ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion v | |
| CVE-2026-5967 | 8.8 | 0.12% | 2 | 0 | 2026-04-20T09:30:51 | ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vuln | |
| CVE-2026-32955 | 8.8 | 0.04% | 4 | 0 | 2026-04-20T06:31:33 | SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-base | |
| CVE-2026-32956 | 9.8 | 0.04% | 5 | 0 | 2026-04-20T06:31:27 | SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based | |
| CVE-2026-6602 | 7.3 | 0.04% | 1 | 0 | 2026-04-20T04:16:58.933000 | A vulnerability was found in rickxy Hospital Management System up to 88a4290d957 | |
| CVE-2026-6597 | 2.7 | 0.02% | 1 | 0 | 2026-04-20T03:34:43 | A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is | |
| CVE-2026-6591 | 4.3 | 0.04% | 1 | 0 | 2026-04-20T03:34:42 | A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_p | |
| CVE-2026-6581 | 8.8 | 0.04% | 3 | 0 | 2026-04-19T23:16:33.893000 | A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vul | |
| CVE-2026-6577 | 7.3 | 0.08% | 1 | 0 | 2026-04-19T21:31:34 | A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The imp | |
| CVE-2026-6572 | 5.6 | 0.01% | 1 | 0 | 2026-04-19T15:30:24 | A security vulnerability has been detected in Collabora KodExplorer up to 4.52. | |
| CVE-2026-6574 | 7.3 | 0.04% | 1 | 0 | 2026-04-19T14:16:11.593000 | A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue aff | |
| CVE-2026-6573 | 6.3 | 0.03% | 1 | 0 | 2026-04-19T13:16:46.187000 | A vulnerability was detected in PHPEMS 11.0. This affects the function temppage | |
| CVE-2026-6569 | 7.3 | 0.08% | 1 | 0 | 2026-04-19T12:31:17 | A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts | |
| CVE-2026-6568 | 7.3 | 0.09% | 2 | 0 | 2026-04-19T12:31:16 | A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects | |
| CVE-2026-6570 | 2.7 | 0.01% | 1 | 0 | 2026-04-19T12:31:16 | A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected | |
| CVE-2026-6563 | 8.8 | 0.04% | 2 | 0 | 2026-04-19T09:30:21 | A vulnerability has been found in H3C Magic B1 up to 100R004. The affected eleme | |
| CVE-2026-6560 | 8.8 | 0.04% | 2 | 0 | 2026-04-19T09:30:21 | A security vulnerability has been detected in H3C Magic B0 up to 100R002. This v | |
| CVE-2026-0868 | 6.4 | 0.01% | 1 | 0 | 2026-04-19T06:31:30 | The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vuln | |
| CVE-2026-41242 | None | 0.05% | 2 | 0 | 2026-04-18T16:18:24 | ### Summary protobufjs compiles protobuf definitions into JS functions. Attacker | |
| CVE-2026-2505 | 5.4 | 0.03% | 1 | 2 | 2026-04-18T12:30:17 | The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Sc | |
| CVE-2026-2986 | 6.4 | 0.01% | 1 | 1 | 2026-04-18T12:30:17 | The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross- | |
| CVE-2026-6518 | 8.8 | 0.07% | 2 | 0 | 2026-04-18T05:16:24.377000 | The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress i | |
| CVE-2026-5426 | 7.5 | 0.05% | 1 | 0 | 2026-04-18T04:16:25.243000 | Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver de | |
| CVE-2026-31317 | None | 0.01% | 2 | 0 | 2026-04-18T01:03:38 | Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) wh | |
| CVE-2026-2262 | 7.5 | 0.04% | 1 | 0 | 2026-04-18T00:31:10 | The Easy Appointments plugin for WordPress is vulnerable to Sensitive Informatio | |
| CVE-2026-32324 | 7.7 | 0.01% | 1 | 0 | 2026-04-17T21:31:53 | Anviz CX7 Firmware is vulnerable because the application embeds reusable certif | |
| CVE-2026-40066 | 8.8 | 0.03% | 1 | 0 | 2026-04-17T21:31:53 | Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be | |
| CVE-2026-35682 | 8.8 | 0.26% | 1 | 0 | 2026-04-17T21:31:53 | Anviz CX2 Lite is vulnerable to an authenticated command injection via a filena | |
| CVE-2026-40461 | 7.5 | 0.03% | 1 | 0 | 2026-04-17T21:31:53 | Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modi | |
| CVE-2026-40434 | 8.1 | 0.02% | 1 | 0 | 2026-04-17T21:31:53 | Anviz CrossChex Standard lacks source verification in the client/server channel, | |
| CVE-2026-40527 | 7.8 | 0.03% | 1 | 0 | 2026-04-17T21:31:53 | radare2 prior to commit bc5a890 contains a command injection vulnerability in th | |
| CVE-2026-40515 | 7.5 | 0.03% | 1 | 0 | 2026-04-17T19:01:56.030000 | OpenHarness before commit bd4df81 contains a permission bypass vulnerability tha | |
| CVE-2026-37749 | 9.8 | 0.11% | 2 | 1 | 2026-04-17T18:32:56 | A SQL injection vulnerability in CodeAstro Simple Attendance Management System v | |
| CVE-2026-5718 | 8.1 | 0.12% | 1 | 0 | 2026-04-17T18:32:05 | The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress i | |
| CVE-2026-3464 | 8.8 | 0.30% | 1 | 0 | 2026-04-17T18:31:53 | The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read a | |
| CVE-2026-40516 | 8.3 | 0.04% | 1 | 0 | 2026-04-17T18:31:53 | OpenHarness before commit bd4df81 contains a server-side request forgery vulnera | |
| CVE-2026-6284 | 9.1 | 0.03% | 2 | 0 | 2026-04-17T18:31:52 | An attacker with network access to the PLC is able to brute force discover passw | |
| CVE-2026-5710 | 7.5 | 0.11% | 1 | 0 | 2026-04-17T18:16:32.593000 | The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress i | |
| CVE-2026-33829 | 4.3 | 0.07% | 1 | 0 | 2026-04-17T18:15:00.417000 | Exposure of sensitive information to an unauthorized actor in Windows Snipping T | |
| CVE-2026-33807 | 9.1 | 0.05% | 1 | 0 | 2026-04-17T15:38:09.243000 | @fastify/express v4.0.4 and earlier contains a path handling bug in the onRegist | |
| CVE-2026-30995 | 8.6 | 0.03% | 1 | 0 | 2026-04-17T15:37:20.857000 | Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerabilit | |
| CVE-2026-4145 | 7.8 | 0.01% | 1 | 0 | 2026-04-17T15:09:46.880000 | During an internal security assessment, a potential vulnerability was discovered | |
| CVE-2026-20186 | 9.9 | 0.23% | 1 | 0 | 2026-04-17T15:09:46.880000 | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authentic | |
| CVE-2026-34018 | 6.3 | 0.03% | 2 | 0 | 2026-04-17T06:31:14 | An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allo | |
| CVE-2026-40324 | 9.1 | 0.09% | 2 | 0 | 2026-04-17T06:23:30 | ### Impact Hot Chocolate's `Utf8GraphQLParser` is a recursive descent parser wi | |
| CVE-2026-31987 | None | 0.03% | 2 | 0 | 2026-04-16T22:57:43 | JWT Tokens used by tasks were exposed in logs. This could allow UI users to act | |
| CVE-2026-30778 | 7.5 | 0.03% | 1 | 0 | 2026-04-16T22:57:33 | The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configurat | |
| CVE-2026-6290 | 8.1 | 0.03% | 1 | 0 | 2026-04-16T21:33:30 | Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plu | |
| CVE-2026-30625 | 9.8 | 0.24% | 1 | 0 | 2026-04-16T21:33:11 | Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/ | |
| CVE-2026-34197 | 8.8 | 46.64% | 5 | 9 | template | 2026-04-16T19:59:38.107000 | Improper Input Validation, Improper Control of Generation of Code ('Code Injecti |
| CVE-2025-67841 | 7.5 | 0.04% | 1 | 0 | 2026-04-16T15:32:35 | Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmi | |
| CVE-2026-30993 | 9.8 | 0.29% | 1 | 0 | 2026-04-16T15:32:35 | Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE | |
| CVE-2026-40744 | 8.5 | 0.03% | 1 | 0 | 2026-04-16T15:31:44 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-6349 | None | 0.95% | 1 | 0 | 2026-04-16T03:31:13 | The iSherlock developed by HGiga has an OS Command Injection vulnerability, al | |
| CVE-2026-40474 | 7.6 | 0.03% | 1 | 0 | 2026-04-16T01:35:19 | ## Summary wger exposes a global configuration edit endpoint at `/config/gym-co | |
| CVE-2026-30617 | 8.6 | 0.14% | 1 | 0 | 2026-04-15T21:31:21 | LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its M | |
| CVE-2026-30996 | 7.5 | 0.29% | 1 | 0 | 2026-04-15T21:31:21 | An issue in the file handling logic of the component download.php of SAC-NFe v2. | |
| CVE-2026-30994 | 7.5 | 0.04% | 1 | 0 | 2026-04-15T21:31:21 | Incorrect access control in the config.php component of Slah v1.5.0 and below al | |
| CVE-2026-40478 | 9.1 | 0.13% | 1 | 0 | 2026-04-15T19:46:25 | ### Impact A security bypass vulnerability exists in the expression execution me | |
| CVE-2026-30364 | 7.5 | 0.04% | 1 | 0 | 2026-04-15T18:33:00 | CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1 | |
| CVE-2026-30615 | 8.0 | 0.04% | 1 | 1 | 2026-04-15T18:32:04 | A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers t | |
| CVE-2026-20147 | 10.0 | 0.23% | 1 | 0 | 2026-04-15T18:32:04 | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, rem | |
| CVE-2026-20184 | 9.8 | 0.05% | 1 | 0 | 2026-04-15T18:32:04 | A vulnerability in the integration of single sign-on (SSO) with Control Hub in C | |
| CVE-2026-20180 | 10.0 | 0.21% | 1 | 0 | 2026-04-15T18:32:04 | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authentic | |
| CVE-2026-6372 | 7.5 | 0.03% | 1 | 0 | 2026-04-15T18:32:04 | Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisi | |
| CVE-2025-63029 | 7.6 | 0.03% | 1 | 0 | 2026-04-15T18:32:03 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-40784 | 8.1 | 0.04% | 1 | 0 | 2026-04-15T18:31:56 | Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan | |
| CVE-2026-40764 | 8.1 | 0.02% | 1 | 0 | 2026-04-15T18:31:55 | Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by W | |
| CVE-2026-40745 | 7.6 | 0.03% | 1 | 0 | 2026-04-15T16:16:38.480000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-34615 | 9.3 | 1.56% | 1 | 0 | 2026-04-15T16:14:07.857000 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserializati | |
| CVE-2025-32976 | 8.8 | 0.43% | 2 | 0 | 2026-04-15T00:35:42.020000 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x bef | |
| CVE-2025-32977 | 9.6 | 0.20% | 2 | 0 | 2026-04-15T00:35:42.020000 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x bef | |
| CVE-2025-32978 | 7.5 | 0.38% | 2 | 0 | 2026-04-15T00:35:42.020000 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x bef | |
| CVE-2026-27303 | 9.7 | 1.63% | 1 | 0 | 2026-04-14T18:30:50 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserializati | |
| CVE-2026-6203 | 6.1 | 1.29% | 1 | 0 | template | 2026-04-13T23:16:28.110000 | The User Registration & Membership plugin for WordPress is vulnerable to Open Re |
| CVE-2026-34621 | 9.7 | 4.56% | 1 | 5 | 2026-04-13T18:31:44 | Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by a | |
| CVE-2026-35582 | 8.8 | 0.05% | 1 | 0 | 2026-04-13T16:38:27 | ### Summary `Executrix.getCommand()` constructs shell commands by substituting | |
| CVE-2026-39987 | 0 | 3.20% | 1 | 5 | template | 2026-04-13T15:02:27.760000 | marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE |
| CVE-2026-6140 | 9.8 | 1.25% | 1 | 0 | 2026-04-13T15:01:43.663000 | A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts | |
| CVE-2026-6158 | 7.3 | 4.86% | 1 | 0 | 2026-04-13T06:30:37 | A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the fu | |
| CVE-2026-6154 | 9.8 | 1.25% | 1 | 0 | 2026-04-13T06:30:37 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th | |
| CVE-2026-6141 | 6.3 | 1.23% | 1 | 0 | 2026-04-13T03:30:31 | A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up t | |
| CVE-2026-6139 | 9.8 | 1.25% | 1 | 0 | 2026-04-13T03:30:29 | A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This af | |
| CVE-2026-6138 | 9.8 | 1.25% | 1 | 0 | 2026-04-13T00:30:34 | A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted ele | |
| CVE-2026-40258 | 9.1 | 0.05% | 2 | 0 | 2026-04-10T21:32:42 | ## Summary A path traversal vulnerability (Zip Slip) exists in the media archiv | |
| CVE-2026-3055 | 9.8 | 55.71% | 1 | 5 | template | 2026-03-31T15:31:53 | Insufficient input validation in NetScaler ADC and NetScaler Gateway when config |
| CVE-2026-33032 | 9.8 | 4.97% | 2 | 3 | template | 2026-03-30T21:26:24 | ### Summary The nginx-ui MCP (Model Context Protocol) integration exposes two HT |
| CVE-2026-21513 | 8.8 | 31.03% | 2 | 0 | 2026-03-27T21:32:39 | Protection mechanism failure in MSHTML Framework allows an unauthorized attacker | |
| CVE-2026-4368 | None | 0.02% | 1 | 0 | 2026-03-23T21:30:57 | Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configur | |
| CVE-2026-4440 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T15:32:13 | Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 a | |
| CVE-2026-21509 | 7.8 | 7.50% | 2 | 12 | 2026-02-11T15:40:33.473000 | Reliance on untrusted inputs in a security decision in Microsoft Office allows a | |
| CVE-2025-0520 | None | 2.03% | 2 | 0 | 2025-11-05T19:58:03 | An unrestricted file upload vulnerability in ShowDoc caused by improper validati | |
| CVE-2023-33538 | 8.8 | 90.75% | 1 | 2 | 2025-10-27T14:32:16.313000 | TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to | |
| CVE-2019-1367 | 7.5 | 89.25% | 1 | 1 | 2025-10-22T00:32:47 | A remote code execution vulnerability exists in the way that the scripting engin | |
| CVE-2018-1000500 | 8.1 | 0.56% | 2 | 0 | 2025-06-09T18:33:00 | Busybox contains a Missing SSL certificate validation vulnerability in The "busy | |
| CVE-2024-32114 | 8.8 | 2.02% | 1 | 1 | 2025-02-11T19:03:09 | In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web con | |
| CVE-2024-3721 | 6.3 | 83.86% | 6 | 1 | 2024-04-13T12:30:30 | A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classi | |
| CVE-2026-32604 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-33626 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-33121 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-33084 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-33207 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-33122 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-40901 | 0 | 0.40% | 2 | 0 | N/A | ||
| CVE-2026-40900 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-24467 | 0 | 0.00% | 6 | 0 | N/A | ||
| CVE-2026-25524 | 0 | 0.00% | 4 | 0 | N/A | ||
| CVE-2026-25058 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-39973 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-5617 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-40342 | 0 | 0.08% | 2 | 0 | N/A | ||
| CVE-2026-40317 | 0 | 0.02% | 2 | 0 | N/A | ||
| CVE-2026-32107 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-34232 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-35215 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-40286 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-40285 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-40352 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-40351 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2026-40492 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-40348 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-40581 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-40484 | 0 | 0.05% | 2 | 0 | N/A | ||
| CVE-2026-40572 | 0 | 0.01% | 2 | 0 | N/A | ||
| CVE-2026-40350 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-40494 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-40493 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-32105 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-28224 | 0 | 0.09% | 1 | 0 | N/A | ||
| CVE-2026-28212 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-33337 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2025-65104 | 0 | 0.01% | 1 | 0 | N/A |
updated 2026-04-20T21:31:52
2 posts
🟠 CVE-2026-6249 - High (8.8)
Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6249/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-6249 - High (8.8)
Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6249/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T21:31:52
2 posts
🟠 CVE-2026-5478 - High (8.1)
The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled old_files data from public form submissions as legitimate ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5478/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5478 - High (8.1)
The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled old_files data from public form submissions as legitimate ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5478/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T21:31:52
2 posts
🔴 CVE-2026-6257 - Critical (9.1)
Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htacces...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6257/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-6257 - Critical (9.1)
Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htacces...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6257/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T21:31:45
2 posts
🟠 CVE-2026-39110 - High (8.2)
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39110/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-39110 - High (8.2)
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39110/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T21:31:45
2 posts
🟠 CVE-2026-6248 - High (8.1)
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update() method does not validate or restrict the value of file-type custom pr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6248/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-6248 - High (8.1)
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update() method does not validate or restrict the value of file-type custom pr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6248/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T21:31:44
2 posts
🔴 CVE-2026-30269 - Critical (9.9)
Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is accepted by the update model without a manage_use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30269/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30269 - Critical (9.9)
Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is accepted by the update model without a manage_use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30269/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T21:31:44
2 posts
🔴 CVE-2026-39109 - Critical (9.4)
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticated attacker to manipulate backend SQL queries du...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39109/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-39109 - Critical (9.4)
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticated attacker to manipulate backend SQL queries du...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39109/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T21:31:38
4 posts
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##CVE ID: CVE-2026-20128
Vendor: Cisco
Product: Catalyst SD-WAN Manager
Date Added: 2026-04-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20128
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##CVE ID: CVE-2026-20128
Vendor: Cisco
Product: Catalyst SD-WAN Manager
Date Added: 2026-04-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20128
updated 2026-04-20T20:17:28.843000
1 posts
🟠 CVE-2026-30624 - High (8.6)
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These va...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30624/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T20:16:47.707000
4 posts
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##CVE ID: CVE-2026-20133
Vendor: Cisco
Product: Catalyst SD-WAN Manager
Date Added: 2026-04-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20133
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##CVE ID: CVE-2026-20133
Vendor: Cisco
Product: Catalyst SD-WAN Manager
Date Added: 2026-04-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20133
updated 2026-04-20T20:16:46.103000
4 posts
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##CVE ID: CVE-2026-20122
Vendor: Cisco
Product: Catalyst SD-WAN Manger
Date Added: 2026-04-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20122
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##CVE ID: CVE-2026-20122
Vendor: Cisco
Product: Catalyst SD-WAN Manger
Date Added: 2026-04-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20122
updated 2026-04-20T20:16:45.437000
4 posts
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##CVE ID: CVE-2025-48700
Vendor: Synacor
Product: Zimbra Collaboration Suite (ZCS)
Date Added: 2026-04-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-48700
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##CVE ID: CVE-2025-48700
Vendor: Synacor
Product: Zimbra Collaboration Suite (ZCS)
Date Added: 2026-04-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-48700
updated 2026-04-20T20:16:45.243000
4 posts
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##CVE ID: CVE-2025-32975
Vendor: Quest
Product: KACE Systems Management Appliance (SMA)
Date Added: 2026-04-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-32975
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##CVE ID: CVE-2025-32975
Vendor: Quest
Product: KACE Systems Management Appliance (SMA)
Date Added: 2026-04-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-32975
updated 2026-04-20T20:16:45.050000
4 posts
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##CVE ID: CVE-2025-2749
Vendor: Kentico
Product: Kentico Xperience
Date Added: 2026-04-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-2749
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##CVE ID: CVE-2025-2749
Vendor: Kentico
Product: Kentico Xperience
Date Added: 2026-04-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-2749
updated 2026-04-20T20:16:44.860000
4 posts
3 repos
https://github.com/Stuub/RCity-CVE-2024-27198
https://github.com/W01fh4cker/CVE-2024-27198-RCE
https://github.com/Shimon03/Explora-o-RCE-n-o-autenticado-JetBrains-TeamCity-CVE-2024-27198-
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##CVE ID: CVE-2024-27199
Vendor: JetBrains
Product: TeamCity
Date Added: 2026-04-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-27199
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##CVE ID: CVE-2024-27199
Vendor: JetBrains
Product: TeamCity
Date Added: 2026-04-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-27199
updated 2026-04-20T20:16:44.360000
4 posts
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##CVE ID: CVE-2023-27351
Vendor: PaperCut
Product: NG/MF
Date Added: 2026-04-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2023-27351
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##CVE ID: CVE-2023-27351
Vendor: PaperCut
Product: NG/MF
Date Added: 2026-04-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2023-27351
updated 2026-04-20T20:16:44.150000
1 posts
🟠 CVE-2026-30461 - High (8.3)
Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30461/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T19:05:30.750000
2 posts
🟠 CVE-2026-32965 - High (7.5)
Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial (factory-default) configuration, the de...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32965/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32965 - High (7.5)
Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial (factory-default) configuration, the de...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32965/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T19:05:30.750000
2 posts
🟠 CVE-2026-39454 - High (7.8)
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39454/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-39454 - High (7.8)
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39454/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T19:05:30.750000
2 posts
🟠 CVE-2026-3518 - High (8.4)
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the '...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3518/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3518 - High (8.4)
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the '...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3518/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T19:05:30.750000
2 posts
1 repos
🔴 CVE-2026-5760 - Critical (9.8)
SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5760/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-5760 - Critical (9.8)
SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5760/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T19:05:30.750000
2 posts
🟠 CVE-2026-30266 - High (7.8)
Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.7 and before allows a local attacker to execute arbitrary code via a crafted file
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30266/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30266 - High (7.8)
Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.7 and before allows a local attacker to execute arbitrary code via a crafted file
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30266/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T19:05:30.750000
2 posts
🔥 CRITICAL: CVE-2026-6644 in ASUSTOR ADM PPTP VPN Clients (4.1.0 – 5.1.2.REO1) enables admin OS command injection (CVSS 9.4). Restrict admin access & monitor for patches. Full compromise risk. Details: https://radar.offseq.com/threat/cve-2026-6644-cwe-78-improper-neutralization-of-sp-fee0276d #OffSeq #ASUSTOR #Vuln #RCE
##🔥 CRITICAL: CVE-2026-6644 in ASUSTOR ADM PPTP VPN Clients (4.1.0 – 5.1.2.REO1) enables admin OS command injection (CVSS 9.4). Restrict admin access & monitor for patches. Full compromise risk. Details: https://radar.offseq.com/threat/cve-2026-6644-cwe-78-improper-neutralization-of-sp-fee0276d #OffSeq #ASUSTOR #Vuln #RCE
##updated 2026-04-20T19:05:30.750000
1 posts
🟠 CVE-2026-32650 - High (7.5)
Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable
encryption, causing database credentials to be sent in plaintext and
enabling unauthorized database access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32650/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T19:05:30.750000
2 posts
🔴 CVE-2026-35546 - Critical (9.8)
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted
archives to be accepted, enabling attackers to plant and execute code
and obtain a reverse shell.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35546/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: Anviz CX7 & CX2 Lite firmware vuln (CVE-2026-35546) allows unauthenticated uploads — attackers can execute code & gain reverse shell. All versions affected. No mitigation yet. https://radar.offseq.com/threat/cve-2026-35546-cwe-306-in-anviz-anviz-cx7-firmware-147e04a2 #OffSeq #IoTSecurity #vulnerability
##updated 2026-04-20T19:05:30.750000
1 posts
🔴 CVE-2026-40525 - Critical (9.1)
OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration value is unset or empty. Remote attackers with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40525/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T19:03:07.607000
1 posts
🟠 CVE-2026-40196 - High (8.1)
HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revok...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40196/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T19:03:07.607000
1 posts
🟠 CVE-2026-40303 - High (7.5)
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls make([]string, count) with no upper bound before any token validat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40303/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T19:03:07.607000
1 posts
🟠 CVE-2026-40321 - High (8)
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T19:03:07.607000
1 posts
🔴 CVE-2026-40477 - Critical (9)
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to preve...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40477/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T19:03:07.607000
1 posts
🟠 CVE-2026-40349 - High (8.8)
Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate their own account to administrator by sending `isAdmin=true` to `PUT /settings/users/{userId}` for thei...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40349/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T19:03:07.607000
1 posts
🟠 CVE-2026-35465 - High (7.5)
SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Server can achieve code execution on the Client's ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35465/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T19:03:07.607000
1 posts
1 repos
🟠 CVE-2026-40487 - High (8.9)
Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to the server by spoofing the `Content-Type` header....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40487/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T19:03:07.607000
1 posts
🟠 CVE-2026-27890 - High (8.2)
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27890/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T18:59:46.333000
1 posts
🚨 CVE-2026-40582: ChurchCRM < 7.2.0 has a CRITICAL auth bypass (CVSS 9.1). /api/public/user/login lets attackers with a password skip lockout & 2FA to get API access. Upgrade to 7.2.0+ ASAP. https://radar.offseq.com/threat/cve-2026-40582-cwe-288-authentication-bypass-using-58dc9576 #OffSeq #ChurchCRM #CVE202640582 #infosec
##updated 2026-04-20T18:54:59.077000
4 posts
🟠 CVE-2026-34427 - High (8.8)
Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save reques...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34427/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34427 - High (8.8)
Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save reques...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34427/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34427 - High (8.8)
Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save reques...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34427/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34427 - High (8.8)
Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save reques...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34427/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T18:32:52
2 posts
🔴 CVE-2026-33557 - Critical (9.1)
A possible security vulnerability has been identified in Apache Kafka.
By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT token ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33557/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-33557 - Critical (9.1)
A possible security vulnerability has been identified in Apache Kafka.
By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT token ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33557/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T18:32:51
3 posts
🔴 CVE-2026-25917 - Critical (9.8)
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.
Users are...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25917/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Apache Airflow 3.2.0 closed five security flaws starting April 18. CVE-2026-25917 lets any workflow author (DAG author) run code in the webserver. CVE-2026-31987 leaks login tokens through task logs. Three days earlier, Dagster patched its own SQL injection. Orchestration tools were built when the DAG author and the platform operator shared one chair. Today 30 employees and 12 contractors share that chair, and the threat model never updated.
##🔴 CVE-2026-25917 - Critical (9.8)
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.
Users are...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25917/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T18:32:51
2 posts
🟠 CVE-2026-32228 - High (7.5)
UI / API User with asset materialize permission could trigger dags they had no access to.
Users are advised to migrate to Airflow version 3.2.0 that fixes the issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32228/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32228 - High (7.5)
UI / API User with asset materialize permission could trigger dags they had no access to.
Users are advised to migrate to Airflow version 3.2.0 that fixes the issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32228/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T18:32:51
2 posts
🟠 CVE-2026-30912 - High (7.5)
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30912/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30912 - High (7.5)
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30912/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T18:32:51
2 posts
🟠 CVE-2026-30898 - High (8.8)
An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30898/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30898 - High (8.8)
An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30898/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T18:32:00
2 posts
🟠 CVE-2026-39111 - High (7.5)
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the email parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend S...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39111/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-39111 - High (7.5)
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the email parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend S...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39111/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T18:31:55
2 posts
🟠 CVE-2026-26944 - High (8.8)
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthentic...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26944 - High (8.8)
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a missing authentication for critical function vulnerability. An unauthentic...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T18:31:55
2 posts
🟠 CVE-2026-34428 - High (7.7)
Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl() via curl without scheme or destination validation. Authentica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34428/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34428 - High (7.7)
Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl() via curl without scheme or destination validation. Authentica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34428/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T18:31:55
2 posts
🟠 CVE-2026-41445 - High (8.8)
KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arith...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41445/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-41445 - High (8.8)
KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arith...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41445/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T18:31:48
4 posts
🔴 CVE-2026-39918 - Critical (9.8)
Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39918/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-39918 - Critical (9.8)
Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39918/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-39918 - Critical (9.8)
Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39918/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-39918 - Critical (9.8)
Vvveb prior to 1.0.8.1 contains a code injection vulnerability in the installation endpoint where the subdir POST parameter is written unsanitized into the env.php configuration file without escaping or validation. Attackers can inject arbitrary ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39918/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T15:32:59
2 posts
🟠 CVE-2026-40459 - High (8.8)
PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations.
Thi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40459/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-40459 - High (8.8)
PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations.
Thi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40459/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T15:31:58
2 posts
🟠 CVE-2026-3519 - High (8.4)
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3519/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3519 - High (8.4)
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3519/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T15:31:58
2 posts
🟠 CVE-2026-3517 - High (8.4)
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3517/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3517 - High (8.4)
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3517/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T15:31:58
2 posts
1 repos
🟠 CVE-2026-4048 - High (8.4)
OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a cust...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4048 - High (8.4)
OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a cust...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T14:16:20.850000
1 posts
updated 2026-04-20T12:32:07
2 posts
🟠 CVE-2026-6632 - High (8.8)
A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulation of the argument menufacturer/Go leads to buffe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6632/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-6632 - High (8.8)
A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulation of the argument menufacturer/Go leads to buffe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6632/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T12:32:07
2 posts
🟠 CVE-2026-6630 - High (8.8)
A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6630/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-6630 - High (8.8)
A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6630/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T11:16:19.583000
2 posts
🟠 CVE-2026-6631 - High (8.8)
A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. Executing a manipulation of the argument page can lead to buffer ov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6631/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-6631 - High (8.8)
A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. Executing a manipulation of the argument page can lead to buffer ov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6631/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T09:30:51
4 posts
🔴 CVE-2026-5964 - Critical (9.8)
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5964/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-5964: Digiwin EasyFlow .NET (6.1.*, 6.6.*, 8.1.1) has a CRITICAL SQL injection flaw. Unauthenticated attackers can access or alter DB data. Patch status unknown — check the vendor. Deploy WAFs & monitor activity! https://radar.offseq.com/threat/cve-2026-5964-cwe-89-improper-neutralization-of-sp-398bc6f6 #OffSeq #SQLInjection #Infosec
##🔴 CVE-2026-5964 - Critical (9.8)
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5964/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-5964: Digiwin EasyFlow .NET (6.1.*, 6.6.*, 8.1.1) has a CRITICAL SQL injection flaw. Unauthenticated attackers can access or alter DB data. Patch status unknown — check the vendor. Deploy WAFs & monitor activity! https://radar.offseq.com/threat/cve-2026-5964-cwe-89-improper-neutralization-of-sp-398bc6f6 #OffSeq #SQLInjection #Infosec
##updated 2026-04-20T09:30:51
4 posts
🔴 CVE-2026-5963 - Critical (9.8)
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5963/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: SQL Injection (CVE-2026-5963) in Digiwin EasyFlow .NET (6.1.*, 6.6.*, 8.1.1) allows unauthenticated attackers DB access & control. No patch yet — restrict exposure & monitor closely. Details: https://radar.offseq.com/threat/cve-2026-5963-cwe-89-improper-neutralization-of-sp-69f9977c #OffSeq #SQLInjection #Vuln
##🔴 CVE-2026-5963 - Critical (9.8)
EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5963/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: SQL Injection (CVE-2026-5963) in Digiwin EasyFlow .NET (6.1.*, 6.6.*, 8.1.1) allows unauthenticated attackers DB access & control. No patch yet — restrict exposure & monitor closely. Details: https://radar.offseq.com/threat/cve-2026-5963-cwe-89-improper-neutralization-of-sp-69f9977c #OffSeq #SQLInjection #Vuln
##updated 2026-04-20T09:30:51
2 posts
🟠 CVE-2026-5966 - High (8.1)
ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5966/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5966 - High (8.1)
ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5966/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T09:30:51
2 posts
🟠 CVE-2026-5967 - High (8.8)
ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5967 - High (8.8)
ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5967/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-20T06:31:33
4 posts
🟠 CVE-2026-32955 - High (8.8)
SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32955/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-32955: HIGH severity stack-based buffer overflow in silex SD-330AC (≤v1.42). Attackers with low privileges can execute code via redirect URLs. Restrict access & monitor devices until patch is available. https://radar.offseq.com/threat/cve-2026-32955-stack-based-buffer-overflow-in-sile-b2529213 #OffSeq #Vulnerability #IoTSecurity
##🟠 CVE-2026-32955 - High (8.8)
SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32955/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-32955: HIGH severity stack-based buffer overflow in silex SD-330AC (≤v1.42). Attackers with low privileges can execute code via redirect URLs. Restrict access & monitor devices until patch is available. https://radar.offseq.com/threat/cve-2026-32955-stack-based-buffer-overflow-in-sile-b2529213 #OffSeq #Vulnerability #IoTSecurity
##updated 2026-04-20T06:31:27
5 posts
🔴 CVE-2026-32956 - Critical (9.8)
SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 New security advisory:
CVE-2026-32956 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32956-sd-330ac-and-amc-manager-unauthenticated-rce
⚠️ CRITICAL: CVE-2026-32956 — Heap buffer overflow in silex SD-330AC (≤v1.42) & AMC Manager. Remote code execution possible. No patch yet; restrict exposure, monitor advisories. https://radar.offseq.com/threat/cve-2026-32956-heap-based-buffer-overflow-in-silex-2da79db9 #OffSeq #IoTSecurity #CVE202632956 #Vuln
##🔴 CVE-2026-32956 - Critical (9.8)
SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: CVE-2026-32956 — Heap buffer overflow in silex SD-330AC (≤v1.42) & AMC Manager. Remote code execution possible. No patch yet; restrict exposure, monitor advisories. https://radar.offseq.com/threat/cve-2026-32956-heap-based-buffer-overflow-in-silex-2da79db9 #OffSeq #IoTSecurity #CVE202632956 #Vuln
##updated 2026-04-20T04:16:58.933000
1 posts
🟠 New security advisory:
CVE-2026-6602 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-6602-hospital-management-system-arbitrary-file-upload
updated 2026-04-20T03:34:43
1 posts
🛡️ CVE-2026-6597 (CVSS 5.1, MEDIUM): langflow-ai langflow v1.8.0 – 1.8.3 stores credentials without protection in Flow Using API. Public exploit available. Restrict access & rotate credentials until patched. https://radar.offseq.com/threat/cve-2026-6597-unprotected-storage-of-credentials-i-fc1cbce7 #OffSeq #Vulnerability #Langflow
##updated 2026-04-20T03:34:42
1 posts
MEDIUM severity alert: CVE-2026-6591 – Path traversal in ComfyUI <=0.13.0 (LoadImage Node, folder_paths.py). Exploit public, vendor silent. Assess exposure & monitor for fixes. https://radar.offseq.com/threat/cve-2026-6591-path-traversal-in-comfyui-480d807d #OffSeq #ComfyUI #Vuln #ThreatIntel
##updated 2026-04-19T23:16:33.893000
3 posts
🟠 CVE-2026-6581 - High (8.8)
A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. Remote exploita...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6581/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-6581 - High (8.8)
A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. Remote exploita...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6581/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚩 H3C Magic B1 devices ≤100R004 hit by HIGH severity buffer overflow (CVE-2026-6581). Public exploit code out, no vendor patch yet. Restrict management interface access & monitor /goform/aspForm activity. Details: https://radar.offseq.com/threat/cve-2026-6581-buffer-overflow-in-h3c-magic-b1-6a61fe35 #OffSeq #Vuln #InfoSec
##updated 2026-04-19T21:31:34
1 posts
🔶 New security advisory:
CVE-2026-6577 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-6577-djangoblog-unauthenticated-data-access
updated 2026-04-19T15:30:24
1 posts
🔔 CVE-2026-6572: Collabora KodExplorer (4.0 – 4.52) has a MEDIUM improper authorization bug in fileUpload. High attack complexity, no patch, vendor silent. Restrict endpoint access & monitor for updates. https://radar.offseq.com/threat/cve-2026-6572-improper-authorization-in-collabora--c07f449a #OffSeq #Vulnerability #Cybersecurity
##updated 2026-04-19T14:16:11.593000
1 posts
📢 CVE-2026-6574 (MEDIUM): osuuu LightPicture 1.2.0 – 1.2.2 has hard-coded credentials in API Upload Endpoint (/public/install/lp.sql). No vendor patch yet. Restrict endpoint access & monitor for misuse. More info: https://radar.offseq.com/threat/cve-2026-6574-hard-coded-credentials-in-osuuu-ligh-b66f67a8 #OffSeq #Vulnerability #AppSec
##updated 2026-04-19T13:16:46.187000
1 posts
🚩 SSRF alert: CVE-2026-6573 in PHPEMS 11.0 (MEDIUM, CVSS 5.3) affects /app/exam/controller/exams.master.php via uploadfile argument. Exploit is public — review exposure! https://radar.offseq.com/threat/cve-2026-6573-server-side-request-forgery-in-phpem-e98897b9 #OffSeq #PHPEMS #SSRF #Vuln
##updated 2026-04-19T12:31:17
1 posts
⚠️ New security advisory:
CVE-2026-6569 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-6569-kodexplorer-unauthenticated-file-access
updated 2026-04-19T12:31:16
2 posts
⚠️ New security advisory:
CVE-2026-6568 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-6568-kodexplorer-path-traversal-reads-arbitrary-files
CVE-2026-6568: MEDIUM severity path traversal in kodcloud KodExplorer (v4.0 – 4.52). Public exploit released; vendor nonresponsive. Review and restrict public shares, monitor for abuse. More: https://radar.offseq.com/threat/cve-2026-6568-path-traversal-in-kodcloud-kodexplor-1b477f95 #OffSeq #infosec #vulnerability #websecurity
##updated 2026-04-19T12:31:16
1 posts
CVE-2026-6570 (MEDIUM): kodcloud KodExplorer (v4.0 – 4.52) suffers an auth bypass in initInstall, allowing remote unauthorized access. No fix yet — restrict access & monitor for updates. https://radar.offseq.com/threat/cve-2026-6570-authorization-bypass-in-kodcloud-kod-786c22b7 #OffSeq #Vuln #KodExplorer #Infosec
##updated 2026-04-19T09:30:21
2 posts
🟠 CVE-2026-6563 - High (8.8)
A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6563/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-6563: HIGH severity buffer overflow in H3C Magic B1 ≤100R004 (SetAPWifiorLedInfoById, /goform/aspForm). Public exploit out, vendor silent. Audit exposure, restrict access! https://radar.offseq.com/threat/cve-2026-6563-buffer-overflow-in-h3c-magic-b1-2ad2f98e #OffSeq #vuln #infosec #routers
##updated 2026-04-19T09:30:21
2 posts
🟠 CVE-2026-6560 - High (8.8)
A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be execu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6560/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH-severity buffer overflow (CVE-2026-6560) in H3C Magic B0 (100R002) allows remote code execution or DoS via Edit_BasicSSID in /goform/aspForm. No patch yet; restrict access & monitor updates. https://radar.offseq.com/threat/cve-2026-6560-buffer-overflow-in-h3c-magic-b0-f38a59da #OffSeq #H3C #Vuln #BufferOverflow
##updated 2026-04-19T06:31:30
1 posts
MEDIUM severity alert: CVE-2026-0868 (CVSS 6.4) in EMC – Easily Embed Calendly Scheduling WP plugin (≤4.4) allows contributor-level XSS attacks. No patch yet — restrict access, monitor updates. https://radar.offseq.com/threat/cve-2026-0868-cwe-79-improper-neutralization-of-in-3458e49a #OffSeq #WordPress #Infosec #XSS
##updated 2026-04-18T16:18:24
2 posts
Critical Remote Code Execution Vulnerability Discovered in Protobuf.js Library
Protobuf.js patched a critical remote code execution vulnerability (CVE-2026-41242) caused by unsafe dynamic code generation when processing malicious protobuf schemas. The flaw allows attackers to execute arbitrary JavaScript code on servers or developer machines, potentially exposing sensitive credentials and enabling lateral movement.
**If your applications use protobuf.js (or libraries like gRPC, Firebase, or Google Cloud SDKs), update protobuf.js to version 8.0.1 or 7.5.5 ASAP. Run npm audit to catch hidden dependencies. Going forward, only load schemas you control and prefer precompiled static schemas in production to avoid this class of attack entirely.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-vulnerability-discovered-in-protobuf-js-library-o-k-k-y-h/gD2P6Ple2L
🚨 CRITICAL: CVE-2026-41242 in protobuf.js (<7.5.5, 8.0.0-experimental <8.0.1) allows code injection via "type" fields — remote code execution possible. Upgrade to 7.5.5 or 8.0.1+ now! https://radar.offseq.com/threat/cve-2026-41242-cwe-94-improper-control-of-generati-3ca40985 #OffSeq #infosec #protobuff #CVE202641242
##updated 2026-04-18T12:30:17
1 posts
2 repos
🛡️ CVE-2026-2505: MEDIUM severity stored XSS in Categories Images plugin (≤3.3.1) lets Contributor+ users inject scripts via the 'class' attribute. Restrict access & watch for a patch. https://radar.offseq.com/threat/cve-2026-2505-cwe-79-improper-neutralization-of-in-ce86bd04 #OffSeq #WordPress #XSS #Vuln
##updated 2026-04-18T12:30:17
1 posts
1 repos
🛡️ CVE-2026-2986: MEDIUM severity Stored XSS in Contextual Related Posts plugin (≤4.2.1) for WordPress. Contributor+ users can inject scripts — risk to all page viewers. Restrict access & monitor for patches. https://radar.offseq.com/threat/cve-2026-2986-cwe-79-improper-neutralization-of-in-55e6dfdd #OffSeq #WordPress #XSS #Infosec
##updated 2026-04-18T05:16:24.377000
2 posts
🔥 HIGH severity: CVE-2026-6518 affects niteo CMP – Coming Soon & Maintenance Plugin (≤4.1.16). Authenticated Admins can trigger RCE via malicious ZIP uploads. No patch yet — restrict admin access & monitor logs. More: https://radar.offseq.com/threat/cve-2026-6518-cwe-434-unrestricted-upload-of-file--f3d41796 #OffSeq #WordPress #RCE #Vuln
##🟠 CVE-2026-6518 - High (8.8)
The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `cmp_theme_update_install` AJAX action. This is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6518/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-18T04:16:25.243000
1 posts
🟠 CVE-2026-5426 - High (7.5)
Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deseria...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5426/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-18T01:03:38
2 posts
🟠 CVE-2026-31317 - High (7.5)
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31317/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31317 - High (7.5)
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31317/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-18T00:31:10
1 posts
🟠 CVE-2026-2262 - High (7.5)
The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the `/wp-json/wp/v2/eablocks/ea_appointments/` REST API endpoint. This is due to the endpoint being regist...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2262/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T21:31:53
1 posts
🟠 CVE-2026-32324 - High (7.7)
Anviz CX7 Firmware is
vulnerable because the application embeds reusable certificate/key
material, enabling decryption of MQTT traffic and potential interaction
with device messaging channels at scale.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T21:31:53
1 posts
🟠 CVE-2026-40066 - High (8.8)
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The
device unpacks and executes a script resulting in unauthenticated remote
code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40066/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T21:31:53
1 posts
🟠 CVE-2026-35682 - High (8.8)
Anviz CX2 Lite is vulnerable to an authenticated command injection via a
filename parameter that enables arbitrary command execution (e.g.,
starting telnetd), resulting in root‑level access.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35682/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T21:31:53
1 posts
🟠 CVE-2026-40461 - High (7.5)
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug
settings (e.g., enabling SSH), allowing unauthorized state changes that
can facilitate later compromise.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40461/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T21:31:53
1 posts
🟠 CVE-2026-40434 - High (8.1)
Anviz CrossChex Standard
lacks source verification in the client/server channel, enabling TCP
packet injection by an attacker on the same network to alter or disrupt
application traffic.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40434/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T21:31:53
1 posts
🟠 CVE-2026-40527 - High (7.8)
radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_parameter names. Attackers can craft a binary with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40527/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T19:01:56.030000
1 posts
🟠 CVE-2026-40515 - High (7.5)
OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tool...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40515/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T18:32:56
2 posts
1 repos
🚨 CRITICAL SQL injection (CVE-2026-37749) in CodeAstro Simple Attendance Management System v1.0: Remote unauthenticated attackers can bypass authentication via index.php. Restrict access & deploy WAFs until a patch arrives. https://radar.offseq.com/threat/cve-2026-37749-na-c4c6e5dc #OffSeq #SQLi #Infosec
##🔴 CVE-2026-37749 - Critical (9.8)
A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-37749/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T18:32:05
1 posts
🟠 CVE-2026-5718 - High (8.1)
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.6. This is due to insufficient file type validation that occurs when custom blacklist typ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5718/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T18:31:53
1 posts
🟠 CVE-2026-3464 - High (8.8)
The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function in all versions up to, and including, 8.3.4. This makes it possible for authent...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3464/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T18:31:53
1 posts
🟠 CVE-2026-40516 - High (8.3)
OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by manipulating tool parameters without proper valida...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40516/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T18:31:52
2 posts
⚠️ CRITICAL: Horner Automation Cscape and XL4, XL7 PLC
Horner Automation Cscape v10.0, XL4 PLC v16.32.0, and XL7 PLC v15.60 contain a critical password brute-force vulnerability (CVE-2026-6284, CVSS 9.1) with no rate limiting. This affects manufacturing environments globally and allows unauthenticated network attackers to compromise PLCs controlling cr…
##⚠️ CRITICAL: CVE-2026-6284 hits Horner Automation Cscape v10.0 PLCs. Weak passwords & no input limits allow attackers to brute force access remotely. No patch yet — restrict access, monitor logins, & harden networks. https://radar.offseq.com/threat/cve-2026-6284-cwe-521-in-horner-automation-cscape-17ab7886 #OffSeq #ICS #OTSecurity #Infosec
##updated 2026-04-17T18:16:32.593000
1 posts
🟠 CVE-2026-5710 - High (7.5)
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to the plugin using client-supplied mfile[] POST val...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5710/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T18:15:00.417000
1 posts
CVE-2026-33829 - kolejny ciekawy błąd w Windowsie.
Jeżeli masz zainstalowane "Narzędzie Wycinanie" (a najprawdopodobniej masz) - wystarczy, że wejdziesz na spreparowaną stronę internetową, żeby Twoje hasło do Windowsa (hash NTLM) popłynęło na serwer atakującego.
updated 2026-04-17T15:38:09.243000
1 posts
🔴 CVE-2026-33807 - Critical (9.1)
@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33807/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T15:37:20.857000
1 posts
🟠 CVE-2026-30995 - High (8.6)
Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador_ver.php endpoint.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30995/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T15:09:46.880000
1 posts
🟠 CVE-2026-4145 - High (7.8)
During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4145/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T15:09:46.880000
1 posts
🔴 CVE-2026-20186 - Critical (9.9)
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20186/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T06:31:14
2 posts
🔴 CVE-2026-34018 - Critical (9.8)
An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34018/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34018 - Critical (9.8)
An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34018/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-17T06:23:30
2 posts
🚨 CRITICAL: CVE-2026-40324 in ChilliCream Hot Chocolate allows attackers to crash GraphQL workers via deeply nested queries (StackOverflowException). Denial of service risk. Patch to 12.22.7, 13.9.16, 14.3.1, 15.1.14. Details: https://radar.offseq.com/threat/cve-2026-40324-cwe-674-uncontrolled-recursion-in-c-0796aaf1 #OffSeq #CVE202640324 #GraphQL #DoS
##🔴 CVE-2026-40324 - Critical (9.1)
Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser `Utf8GraphQLParser` has no recursion depth limit. A crafted GraphQL document with deeply nested selec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-16T22:57:43
2 posts
Apache Airflow 3.2.0 closed five security flaws starting April 18. CVE-2026-25917 lets any workflow author (DAG author) run code in the webserver. CVE-2026-31987 leaks login tokens through task logs. Three days earlier, Dagster patched its own SQL injection. Orchestration tools were built when the DAG author and the platform operator shared one chair. Today 30 employees and 12 contractors share that chair, and the threat model never updated.
##🟠 CVE-2026-31987 - High (7.5)
JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors.
Users are advised to upgrade to Airflow version that contains fix.
Users are recommended to upgrade to version 3.2.0, which fixes this issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31987/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-16T22:57:33
1 posts
🟠 CVE-2026-30778 - High (7.5)
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.
This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0.
Users are recommended to upgrade to version 10.4.0, which fixes...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30778/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-16T21:33:30
1 posts
🟠 CVE-2026-6290 - High (8)
Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query() plugin, in a no...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6290/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-16T21:33:11
1 posts
🔴 CVE-2026-30625 - Critical (9.8)
Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed com...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30625/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-16T19:59:38.107000
5 posts
9 repos
https://github.com/keraattin/CVE-2026-34197
https://github.com/DEVSECURITYSPRO/CVE-2026-34197
https://github.com/0xBlackash/CVE-2026-34197
https://github.com/AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE
https://github.com/xshysjhq/CVE-2026-34197-payload-Apache-ActiveMQ-
https://github.com/KONDORDEVSECURITYCORP/CVE-2026-34197
https://github.com/dinosn/CVE-2026-34197
⚠️ CRITICAL: CVE-2026-34197: 13-Year-Old Apache ActiveMQ RCE via Jolokia API Surfaces for In-the-Wild Attacks
Apache ActiveMQ Classic has a 13-year-old RCE vulnerability (CVE-2026-34197) in the Jolokia API that is actively exploited in the wild. Attackers chain vm:// URIs with remote Spring XML configs to execute arbitrary code as the broker process. Any organization running ActiveMQ Classic without the Ap…
##2026-W16 — Weekly Threat Roundup
🚨 Critical Apache ActiveMQ flaw (CVE-2026-34197) actively exploited after 13-year dormancy, now on CISA KEV catalog
🏛️ Operation PowerOFF dismantles 53 DDoS-for-hire domains, arrests 4, exposes 3M criminal accounts across 21 countries
🔍 Three Windows zero-days (BlueHammer, RedSun, UnDefend) acti…
⚠️ CRITICAL: CVE-2026-34197: 13-Year-Old Apache ActiveMQ RCE via Jolokia API Surfaces for In-the-Wild Attacks
Apache ActiveMQ Classic has a 13-year-old RCE vulnerability (CVE-2026-34197) in the Jolokia API that is actively exploited in the wild. Attackers chain vm:// URIs with remote Spring XML configs to execute arbitrary code as the broker process. Any organization running ActiveMQ Classic without the Ap…
##2026-W16 — Weekly Threat Roundup
🚨 Critical Apache ActiveMQ flaw (CVE-2026-34197) actively exploited after 13-year dormancy, now on CISA KEV catalog
🏛️ Operation PowerOFF dismantles 53 DDoS-for-hire domains, arrests 4, exposes 3M criminal accounts across 21 countries
🔍 Three Windows zero-days (BlueHammer, RedSun, UnDefend) acti…
CISA Warns of Active Exploitation in Apache ActiveMQ Jolokia API Vulnerability
CISA added a high-severity Apache ActiveMQ vulnerability (CVE-2026-34197) to its KEV catalog due to active exploitation that allows attackers to run arbitrary OS commands via the Jolokia API. The flaw is particularly dangerous when chained with CVE-2024-32114, which enables unauthenticated remote code execution in certain versions.
**If you're running Apache ActiveMQ, upgrade to version 5.19.4 or 6.2.3 ASAP. Atackers are actively exploiting this right now. While you're at it, make sure your ActiveMQ console is not exposed to the internet, change any default admin:admin credentials, and disable the Jolokia endpoint entirely if you don't need it.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-warns-of-active-exploitation-in-apache-activemq-jolokia-api-vulnerability-i-v-s-d-e/gD2P6Ple2L
updated 2026-04-16T15:32:35
1 posts
🟠 CVE-2025-67841 - High (7.5)
Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67841/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-16T15:32:35
1 posts
🔴 CVE-2026-30993 - Critical (9.8)
Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at config.php. This vulnerability is exploitable via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30993/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-16T15:31:44
1 posts
🟠 CVE-2026-40744 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through <= 2....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40744/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-16T03:31:13
1 posts
📈 CVE Published in last 7 days (2026-04-13 - 2026-04-20)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1192
Severity:
- Critical: 104
- High: 477
- Medium: 485
- Low: 67
- None: 59
Status:
- : 27
- Analyzed: 155
- Awaiting Analysis: 421
- Deferred: 72
- Received: 270
- Rejected: 6
- Undergoing Analysis: 241
Top CNAs:
- GitHub, Inc.: 234
- Microsoft Corporation: 163
- MITRE: 116
- Wordfence: 100
- VulDB: 77
- Adobe Systems Incorporated: 53
- Chrome: 31
- N/A: 27
- Fortinet, Inc.: 27
- VulnCheck: 23
Top Affected Products:
- UNKNOWN: 856
- Microsoft Windows Server 2025: 121
- Microsoft Windows 11 24h2: 118
- Microsoft Windows 11 26h1: 117
- Microsoft Windows 11 25h2: 114
- Microsoft Windows Server 2022: 114
- Microsoft Windows 11 23h2: 113
- Microsoft Windows Server 23h2: 108
- Microsoft Windows 10 21h2: 105
- Microsoft Windows 10 22h2: 105
Top EPSS Score:
- CVE-2026-6158 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6158)
- CVE-2026-27303 - 1.50 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27303)
- CVE-2026-34615 - 1.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34615)
- CVE-2026-6203 - 1.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6203)
- CVE-2026-6349 - 0.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6349)
- CVE-2026-6141 - 0.92 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6141)
- CVE-2026-6138 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6138)
- CVE-2026-6139 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6139)
- CVE-2026-6140 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6140)
- CVE-2026-6154 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6154)
updated 2026-04-16T01:35:19
1 posts
🟠 CVE-2026-40474 - High (7.6)
wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permission_required = 'config.change_gymconfig' but inherits WgerFormMixin instead of WgerPermissionMixin, so the permission is ne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40474/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-15T21:31:21
1 posts
🟠 CVE-2026-30617 - High (8.6)
LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30617/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-15T21:31:21
1 posts
🟠 CVE-2026-30996 - High (7.5)
An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30996/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-15T21:31:21
1 posts
🟠 CVE-2026-30994 - High (7.5)
Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30994/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-15T19:46:25
1 posts
🔴 CVE-2026-40478 - Critical (9)
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40478/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-15T18:33:00
1 posts
🟠 CVE-2026-30364 - High (7.5)
CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30364/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-15T18:32:04
1 posts
1 repos
🟠 CVE-2026-30615 - High (8)
A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30615/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-15T18:32:04
1 posts
🔴 CVE-2026-20147 - Critical (9.9)
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid admini...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20147/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-15T18:32:04
1 posts
🔴 CVE-2026-20184 - Critical (9.8)
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.
This vulnerability existed because of imprope...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20184/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-15T18:32:04
1 posts
🔴 CVE-2026-20180 - Critical (9.9)
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20180/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-15T18:32:04
1 posts
🟠 CVE-2026-6372 - High (7.5)
Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a through 2.0.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6372/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-15T18:32:03
1 posts
🟠 CVE-2025-63029 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-63029/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-15T18:31:56
1 posts
🟠 CVE-2026-40784 - High (8.1)
Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40784/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-15T18:31:55
1 posts
🟠 CVE-2026-40764 - High (8.1)
Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.10.0.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40764/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-15T16:16:38.480000
1 posts
🟠 CVE-2026-40745 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: fr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40745/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-15T16:14:07.857000
1 posts
📈 CVE Published in last 7 days (2026-04-13 - 2026-04-20)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1192
Severity:
- Critical: 104
- High: 477
- Medium: 485
- Low: 67
- None: 59
Status:
- : 27
- Analyzed: 155
- Awaiting Analysis: 421
- Deferred: 72
- Received: 270
- Rejected: 6
- Undergoing Analysis: 241
Top CNAs:
- GitHub, Inc.: 234
- Microsoft Corporation: 163
- MITRE: 116
- Wordfence: 100
- VulDB: 77
- Adobe Systems Incorporated: 53
- Chrome: 31
- N/A: 27
- Fortinet, Inc.: 27
- VulnCheck: 23
Top Affected Products:
- UNKNOWN: 856
- Microsoft Windows Server 2025: 121
- Microsoft Windows 11 24h2: 118
- Microsoft Windows 11 26h1: 117
- Microsoft Windows 11 25h2: 114
- Microsoft Windows Server 2022: 114
- Microsoft Windows 11 23h2: 113
- Microsoft Windows Server 23h2: 108
- Microsoft Windows 10 21h2: 105
- Microsoft Windows 10 22h2: 105
Top EPSS Score:
- CVE-2026-6158 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6158)
- CVE-2026-27303 - 1.50 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27303)
- CVE-2026-34615 - 1.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34615)
- CVE-2026-6203 - 1.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6203)
- CVE-2026-6349 - 0.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6349)
- CVE-2026-6141 - 0.92 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6141)
- CVE-2026-6138 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6138)
- CVE-2026-6139 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6139)
- CVE-2026-6140 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6140)
- CVE-2026-6154 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6154)
updated 2026-04-15T00:35:42.020000
2 posts
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##updated 2026-04-15T00:35:42.020000
2 posts
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##updated 2026-04-15T00:35:42.020000
2 posts
🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)
CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351
⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199
⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749
⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700
⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133
##updated 2026-04-14T18:30:50
1 posts
📈 CVE Published in last 7 days (2026-04-13 - 2026-04-20)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1192
Severity:
- Critical: 104
- High: 477
- Medium: 485
- Low: 67
- None: 59
Status:
- : 27
- Analyzed: 155
- Awaiting Analysis: 421
- Deferred: 72
- Received: 270
- Rejected: 6
- Undergoing Analysis: 241
Top CNAs:
- GitHub, Inc.: 234
- Microsoft Corporation: 163
- MITRE: 116
- Wordfence: 100
- VulDB: 77
- Adobe Systems Incorporated: 53
- Chrome: 31
- N/A: 27
- Fortinet, Inc.: 27
- VulnCheck: 23
Top Affected Products:
- UNKNOWN: 856
- Microsoft Windows Server 2025: 121
- Microsoft Windows 11 24h2: 118
- Microsoft Windows 11 26h1: 117
- Microsoft Windows 11 25h2: 114
- Microsoft Windows Server 2022: 114
- Microsoft Windows 11 23h2: 113
- Microsoft Windows Server 23h2: 108
- Microsoft Windows 10 21h2: 105
- Microsoft Windows 10 22h2: 105
Top EPSS Score:
- CVE-2026-6158 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6158)
- CVE-2026-27303 - 1.50 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27303)
- CVE-2026-34615 - 1.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34615)
- CVE-2026-6203 - 1.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6203)
- CVE-2026-6349 - 0.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6349)
- CVE-2026-6141 - 0.92 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6141)
- CVE-2026-6138 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6138)
- CVE-2026-6139 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6139)
- CVE-2026-6140 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6140)
- CVE-2026-6154 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6154)
updated 2026-04-13T23:16:28.110000
1 posts
📈 CVE Published in last 7 days (2026-04-13 - 2026-04-20)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1192
Severity:
- Critical: 104
- High: 477
- Medium: 485
- Low: 67
- None: 59
Status:
- : 27
- Analyzed: 155
- Awaiting Analysis: 421
- Deferred: 72
- Received: 270
- Rejected: 6
- Undergoing Analysis: 241
Top CNAs:
- GitHub, Inc.: 234
- Microsoft Corporation: 163
- MITRE: 116
- Wordfence: 100
- VulDB: 77
- Adobe Systems Incorporated: 53
- Chrome: 31
- N/A: 27
- Fortinet, Inc.: 27
- VulnCheck: 23
Top Affected Products:
- UNKNOWN: 856
- Microsoft Windows Server 2025: 121
- Microsoft Windows 11 24h2: 118
- Microsoft Windows 11 26h1: 117
- Microsoft Windows 11 25h2: 114
- Microsoft Windows Server 2022: 114
- Microsoft Windows 11 23h2: 113
- Microsoft Windows Server 23h2: 108
- Microsoft Windows 10 21h2: 105
- Microsoft Windows 10 22h2: 105
Top EPSS Score:
- CVE-2026-6158 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6158)
- CVE-2026-27303 - 1.50 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27303)
- CVE-2026-34615 - 1.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34615)
- CVE-2026-6203 - 1.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6203)
- CVE-2026-6349 - 0.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6349)
- CVE-2026-6141 - 0.92 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6141)
- CVE-2026-6138 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6138)
- CVE-2026-6139 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6139)
- CVE-2026-6140 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6140)
- CVE-2026-6154 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6154)
updated 2026-04-13T18:31:44
1 posts
5 repos
https://github.com/KeulenR01/Remediate-AdobeAcrobat-CVE-2026-34621
https://github.com/ercihan/CVE-2026-34621_PDF_SAMPLE
https://github.com/NULL200OK/cve_2026_34621_advanced
CVE-2026-34621 PoC isn't a scanner, it's a campaign weaponizer with 62 pre-authenticated Brazilian fintech targets https://nefariousplan.com/posts/adobe-acrobat-cve-2026-34621-pdf-weaponizer
##updated 2026-04-13T16:38:27
1 posts
🟠 CVE-2026-35582 - High (8.8)
Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escapi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35582/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:27.760000
1 posts
5 repos
https://github.com/Nxploited/CVE-2026-39987
https://github.com/fevar54/marimo_CVE-2026-39987_RCE_PoC
https://github.com/mki9/CVE-2026-39987_exploit
⚠️ CRITICAL: Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
Attackers are actively exploiting CVE-2026-39987, a critical RCE vulnerability in Marimo Python notebooks, to deploy NKAbuse malware hosted on Hugging Face. The malware acts as a RAT with credential theft and lateral movement capabilities. Exploitation started within 10 hours of disclosure across m…
##updated 2026-04-13T15:01:43.663000
1 posts
📈 CVE Published in last 7 days (2026-04-13 - 2026-04-20)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1192
Severity:
- Critical: 104
- High: 477
- Medium: 485
- Low: 67
- None: 59
Status:
- : 27
- Analyzed: 155
- Awaiting Analysis: 421
- Deferred: 72
- Received: 270
- Rejected: 6
- Undergoing Analysis: 241
Top CNAs:
- GitHub, Inc.: 234
- Microsoft Corporation: 163
- MITRE: 116
- Wordfence: 100
- VulDB: 77
- Adobe Systems Incorporated: 53
- Chrome: 31
- N/A: 27
- Fortinet, Inc.: 27
- VulnCheck: 23
Top Affected Products:
- UNKNOWN: 856
- Microsoft Windows Server 2025: 121
- Microsoft Windows 11 24h2: 118
- Microsoft Windows 11 26h1: 117
- Microsoft Windows 11 25h2: 114
- Microsoft Windows Server 2022: 114
- Microsoft Windows 11 23h2: 113
- Microsoft Windows Server 23h2: 108
- Microsoft Windows 10 21h2: 105
- Microsoft Windows 10 22h2: 105
Top EPSS Score:
- CVE-2026-6158 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6158)
- CVE-2026-27303 - 1.50 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27303)
- CVE-2026-34615 - 1.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34615)
- CVE-2026-6203 - 1.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6203)
- CVE-2026-6349 - 0.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6349)
- CVE-2026-6141 - 0.92 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6141)
- CVE-2026-6138 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6138)
- CVE-2026-6139 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6139)
- CVE-2026-6140 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6140)
- CVE-2026-6154 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6154)
updated 2026-04-13T06:30:37
1 posts
📈 CVE Published in last 7 days (2026-04-13 - 2026-04-20)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1192
Severity:
- Critical: 104
- High: 477
- Medium: 485
- Low: 67
- None: 59
Status:
- : 27
- Analyzed: 155
- Awaiting Analysis: 421
- Deferred: 72
- Received: 270
- Rejected: 6
- Undergoing Analysis: 241
Top CNAs:
- GitHub, Inc.: 234
- Microsoft Corporation: 163
- MITRE: 116
- Wordfence: 100
- VulDB: 77
- Adobe Systems Incorporated: 53
- Chrome: 31
- N/A: 27
- Fortinet, Inc.: 27
- VulnCheck: 23
Top Affected Products:
- UNKNOWN: 856
- Microsoft Windows Server 2025: 121
- Microsoft Windows 11 24h2: 118
- Microsoft Windows 11 26h1: 117
- Microsoft Windows 11 25h2: 114
- Microsoft Windows Server 2022: 114
- Microsoft Windows 11 23h2: 113
- Microsoft Windows Server 23h2: 108
- Microsoft Windows 10 21h2: 105
- Microsoft Windows 10 22h2: 105
Top EPSS Score:
- CVE-2026-6158 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6158)
- CVE-2026-27303 - 1.50 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27303)
- CVE-2026-34615 - 1.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34615)
- CVE-2026-6203 - 1.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6203)
- CVE-2026-6349 - 0.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6349)
- CVE-2026-6141 - 0.92 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6141)
- CVE-2026-6138 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6138)
- CVE-2026-6139 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6139)
- CVE-2026-6140 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6140)
- CVE-2026-6154 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6154)
updated 2026-04-13T06:30:37
1 posts
📈 CVE Published in last 7 days (2026-04-13 - 2026-04-20)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1192
Severity:
- Critical: 104
- High: 477
- Medium: 485
- Low: 67
- None: 59
Status:
- : 27
- Analyzed: 155
- Awaiting Analysis: 421
- Deferred: 72
- Received: 270
- Rejected: 6
- Undergoing Analysis: 241
Top CNAs:
- GitHub, Inc.: 234
- Microsoft Corporation: 163
- MITRE: 116
- Wordfence: 100
- VulDB: 77
- Adobe Systems Incorporated: 53
- Chrome: 31
- N/A: 27
- Fortinet, Inc.: 27
- VulnCheck: 23
Top Affected Products:
- UNKNOWN: 856
- Microsoft Windows Server 2025: 121
- Microsoft Windows 11 24h2: 118
- Microsoft Windows 11 26h1: 117
- Microsoft Windows 11 25h2: 114
- Microsoft Windows Server 2022: 114
- Microsoft Windows 11 23h2: 113
- Microsoft Windows Server 23h2: 108
- Microsoft Windows 10 21h2: 105
- Microsoft Windows 10 22h2: 105
Top EPSS Score:
- CVE-2026-6158 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6158)
- CVE-2026-27303 - 1.50 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27303)
- CVE-2026-34615 - 1.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34615)
- CVE-2026-6203 - 1.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6203)
- CVE-2026-6349 - 0.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6349)
- CVE-2026-6141 - 0.92 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6141)
- CVE-2026-6138 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6138)
- CVE-2026-6139 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6139)
- CVE-2026-6140 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6140)
- CVE-2026-6154 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6154)
updated 2026-04-13T03:30:31
1 posts
📈 CVE Published in last 7 days (2026-04-13 - 2026-04-20)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1192
Severity:
- Critical: 104
- High: 477
- Medium: 485
- Low: 67
- None: 59
Status:
- : 27
- Analyzed: 155
- Awaiting Analysis: 421
- Deferred: 72
- Received: 270
- Rejected: 6
- Undergoing Analysis: 241
Top CNAs:
- GitHub, Inc.: 234
- Microsoft Corporation: 163
- MITRE: 116
- Wordfence: 100
- VulDB: 77
- Adobe Systems Incorporated: 53
- Chrome: 31
- N/A: 27
- Fortinet, Inc.: 27
- VulnCheck: 23
Top Affected Products:
- UNKNOWN: 856
- Microsoft Windows Server 2025: 121
- Microsoft Windows 11 24h2: 118
- Microsoft Windows 11 26h1: 117
- Microsoft Windows 11 25h2: 114
- Microsoft Windows Server 2022: 114
- Microsoft Windows 11 23h2: 113
- Microsoft Windows Server 23h2: 108
- Microsoft Windows 10 21h2: 105
- Microsoft Windows 10 22h2: 105
Top EPSS Score:
- CVE-2026-6158 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6158)
- CVE-2026-27303 - 1.50 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27303)
- CVE-2026-34615 - 1.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34615)
- CVE-2026-6203 - 1.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6203)
- CVE-2026-6349 - 0.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6349)
- CVE-2026-6141 - 0.92 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6141)
- CVE-2026-6138 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6138)
- CVE-2026-6139 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6139)
- CVE-2026-6140 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6140)
- CVE-2026-6154 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6154)
updated 2026-04-13T03:30:29
1 posts
📈 CVE Published in last 7 days (2026-04-13 - 2026-04-20)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1192
Severity:
- Critical: 104
- High: 477
- Medium: 485
- Low: 67
- None: 59
Status:
- : 27
- Analyzed: 155
- Awaiting Analysis: 421
- Deferred: 72
- Received: 270
- Rejected: 6
- Undergoing Analysis: 241
Top CNAs:
- GitHub, Inc.: 234
- Microsoft Corporation: 163
- MITRE: 116
- Wordfence: 100
- VulDB: 77
- Adobe Systems Incorporated: 53
- Chrome: 31
- N/A: 27
- Fortinet, Inc.: 27
- VulnCheck: 23
Top Affected Products:
- UNKNOWN: 856
- Microsoft Windows Server 2025: 121
- Microsoft Windows 11 24h2: 118
- Microsoft Windows 11 26h1: 117
- Microsoft Windows 11 25h2: 114
- Microsoft Windows Server 2022: 114
- Microsoft Windows 11 23h2: 113
- Microsoft Windows Server 23h2: 108
- Microsoft Windows 10 21h2: 105
- Microsoft Windows 10 22h2: 105
Top EPSS Score:
- CVE-2026-6158 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6158)
- CVE-2026-27303 - 1.50 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27303)
- CVE-2026-34615 - 1.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34615)
- CVE-2026-6203 - 1.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6203)
- CVE-2026-6349 - 0.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6349)
- CVE-2026-6141 - 0.92 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6141)
- CVE-2026-6138 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6138)
- CVE-2026-6139 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6139)
- CVE-2026-6140 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6140)
- CVE-2026-6154 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6154)
updated 2026-04-13T00:30:34
1 posts
📈 CVE Published in last 7 days (2026-04-13 - 2026-04-20)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1192
Severity:
- Critical: 104
- High: 477
- Medium: 485
- Low: 67
- None: 59
Status:
- : 27
- Analyzed: 155
- Awaiting Analysis: 421
- Deferred: 72
- Received: 270
- Rejected: 6
- Undergoing Analysis: 241
Top CNAs:
- GitHub, Inc.: 234
- Microsoft Corporation: 163
- MITRE: 116
- Wordfence: 100
- VulDB: 77
- Adobe Systems Incorporated: 53
- Chrome: 31
- N/A: 27
- Fortinet, Inc.: 27
- VulnCheck: 23
Top Affected Products:
- UNKNOWN: 856
- Microsoft Windows Server 2025: 121
- Microsoft Windows 11 24h2: 118
- Microsoft Windows 11 26h1: 117
- Microsoft Windows 11 25h2: 114
- Microsoft Windows Server 2022: 114
- Microsoft Windows 11 23h2: 113
- Microsoft Windows Server 23h2: 108
- Microsoft Windows 10 21h2: 105
- Microsoft Windows 10 22h2: 105
Top EPSS Score:
- CVE-2026-6158 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6158)
- CVE-2026-27303 - 1.50 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27303)
- CVE-2026-34615 - 1.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34615)
- CVE-2026-6203 - 1.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6203)
- CVE-2026-6349 - 0.95 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6349)
- CVE-2026-6141 - 0.92 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6141)
- CVE-2026-6138 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6138)
- CVE-2026-6139 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6139)
- CVE-2026-6140 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6140)
- CVE-2026-6154 - 0.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-6154)
updated 2026-04-10T21:32:42
2 posts
🔴 CVE-2026-40258 - Critical (9.1)
The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability (Zip Slip) in the media archive import feature. An authenticated user with owner-level privile...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40258/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-40258: CRITICAL path traversal in gramps-web-api (1.6.0-3.11.0). Owner-level users can write files outside intended dirs via crafted ZIPs. Upgrade to 3.11.1+ to mitigate! https://radar.offseq.com/threat/cve-2026-40258-cwe-22-improper-limitation-of-a-pat-00f841f8 #OffSeq #CVE202640258 #PathTraversal #Infosec
##updated 2026-03-31T15:31:53
1 posts
5 repos
https://github.com/l0lsec/check-cve-2026-3055-netscaler
https://github.com/fevar54/CVE-2026-3055-Scanner---Herramienta-de-Detecci-n
https://github.com/0xBlackash/CVE-2026-3055
https://github.com/NetVanguard-cmd/CVE-2026-3055
https://github.com/fevar54/CVE-2026-3055---Citrix-NetScaler-Memory-Overread-PoC
Useful explainer on the latest Citrix shenanigans, including verifying exposure and hunting/forensics recommendations
##updated 2026-03-30T21:26:24
2 posts
3 repos
https://github.com/Shreda/CVE-2026-33032-nginx-ui-vuln-lab
⚪️ Critical Vulnerability in Nginx UI Allows Full Server Takeover
🗨️ Information security researchers have warned that a critical vulnerability in the popular Nginx web server management tool (nginx-ui) is being actively exploited by attackers and allows for complete server takeover. The issue has been assigned the identifier CVE-2026-33032 (9.8 on…
##⚪️ Critical Vulnerability in Nginx UI Allows Full Server Takeover
🗨️ Information security researchers have warned that a critical vulnerability in the popular Nginx web server management tool (nginx-ui) is being actively exploited by attackers and allows for complete server takeover. The issue has been assigned the identifier CVE-2026-33032 (9.8 on…
##updated 2026-03-27T21:32:39
2 posts
updated 2026-03-23T21:30:57
1 posts
Useful explainer on the latest Citrix shenanigans, including verifying exposure and hunting/forensics recommendations
##updated 2026-03-20T15:32:13
1 posts
Exploit code for a recently patched Chrome vulnerability has leaked online via a misconfigured server.
Security firm Breakglass believes the code is the work of a "professional exploit developer," and most intended for "sale or government use."
https://intel.breakglass.tech/post/cve-2026-4440-chrome-exploit-dev-server-open-directory
##updated 2026-02-11T15:40:33.473000
2 posts
12 repos
https://github.com/gavz/CVE-2026-21509-PoC
https://github.com/YoussefMami/CVE2026_21509
https://github.com/SimoesCTT/CTT-MICROSOFT-OFFICE-OLE-MANIFOLD-BYPASS-CVE-2026-21509
https://github.com/DameDode/CVE-2026-21509-POC
https://github.com/suuhm/CVE-2026-21509-handler
https://github.com/kimstars/Ashwesker-CVE-2026-21509
https://github.com/ksk-itdk/KSK-ITDK-CVE-2026-21509-Mitigation
https://github.com/kaizensecurity/CVE-2026-21509
https://github.com/decalage2/detect_CVE-2026-21509
https://github.com/planetoid/cve-2026-21509-mitigation
https://github.com/SimoesCTT/SCTT-2026-33-0007-The-OLE-Vortex-Laminar-Bypass-
updated 2025-11-05T19:58:03
2 posts
📢⚠️ Hackers are exploiting a 5-year-old #ShowDoc vulnerability (CVE-2025-0520) to deploy web shells, enabling RCE and full server takeover worldwide.
Read: https://hackread.com/showdoc-vulnerability-patch-2020-server-takeover/
##📢⚠️ Hackers are exploiting a 5-year-old #ShowDoc vulnerability (CVE-2025-0520) to deploy web shells, enabling RCE and full server takeover worldwide.
Read: https://hackread.com/showdoc-vulnerability-patch-2020-server-takeover/
##updated 2025-10-27T14:32:16.313000
1 posts
2 repos
updated 2025-10-22T00:32:47
1 posts
1 repos
Microsoft Update causing Print Spooler Problems - CVE-2019-1367 | https://techygeekshome.info/cve-2019-1367/?fsp_sid=38914 | #Guide #Microsoft #News #security #Updates #Windows
https://techygeekshome.info/cve-2019-1367/?fsp_sid=38914
updated 2025-06-09T18:33:00
2 posts
updated 2025-02-11T19:03:09
1 posts
1 repos
CISA Warns of Active Exploitation in Apache ActiveMQ Jolokia API Vulnerability
CISA added a high-severity Apache ActiveMQ vulnerability (CVE-2026-34197) to its KEV catalog due to active exploitation that allows attackers to run arbitrary OS commands via the Jolokia API. The flaw is particularly dangerous when chained with CVE-2024-32114, which enables unauthenticated remote code execution in certain versions.
**If you're running Apache ActiveMQ, upgrade to version 5.19.4 or 6.2.3 ASAP. Atackers are actively exploiting this right now. While you're at it, make sure your ActiveMQ console is not exposed to the internet, change any default admin:admin credentials, and disable the Jolokia endpoint entirely if you don't need it.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-warns-of-active-exploitation-in-apache-activemq-jolokia-api-vulnerability-i-v-s-d-e/gD2P6Ple2L
updated 2024-04-13T12:30:30
6 posts
1 repos
FortiGuard Labs tracks #Nexcorium, a Mirai variant targeting TBK DVRs via CVE-2024-3721. It uses aggressive persistence (systemd, cron) and wide-ranging DDoS vectors. Check your IoT logs for "X-Hacked-By" headers.
Details: https://www.fortinet.com/blog/threat-research/tracking-mirai-variant-nexcorium
What’s your take?
##Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet https://thehackernews.com/2026/04/mirai-variant-nexcorium-exploits-cve.html
##FortiGuard Labs tracks #Nexcorium, a Mirai variant targeting TBK DVRs via CVE-2024-3721. It uses aggressive persistence (systemd, cron) and wide-ranging DDoS vectors. Check your IoT logs for "X-Hacked-By" headers.
Details: https://www.fortinet.com/blog/threat-research/tracking-mirai-variant-nexcorium
What’s your take?
##Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet https://thehackernews.com/2026/04/mirai-variant-nexcorium-exploits-cve.html
##☣️ Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
「 The attack activity outlined by Fortinet involves the exploitation of CVE-2024-3721 to obtain and drop a downloader script, which then launches the botnet payload based on the Linux system's architecture. Once the malware is executed, it displays a message stating "nexuscorp has taken control." 」
https://thehackernews.com/2026/04/mirai-variant-nexcorium-exploits-cve.html
##Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
https://thehackernews.com/2026/04/mirai-variant-nexcorium-exploits-cve.html
Read on HackerWorkspace: https://hackerworkspace.com/article/mirai-variant-nexcorium-exploits-cve-2024-3721-to-hijack-tbk-dvrs-for-ddos-botnet
##🔴 CVE-2026-32604 - Critical (9.9)
Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32604/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32604 - Critical (9.9)
Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32604/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33626 - High (7.5)
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33626/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33626 - High (7.5)
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33626/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33121 - High (8.8)
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33121 - High (8.8)
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33084 - High (8.8)
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer dire...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33084/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33084 - High (8.8)
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer dire...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33084/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33207 - High (8.8)
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33207/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33207 - High (8.8)
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33207/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-33122 - Critical (9.8)
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2ap...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33122/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-33122 - Critical (9.8)
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2ap...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33122/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-40901 - High (8.8)
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40901/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-40901 - High (8.8)
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40901/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-40900 - High (8.8)
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validatio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40900/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-40900 - High (8.8)
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied SQL is wrapped in a subquery without validatio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40900/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24467 - Critical (9)
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24467/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24467 - Critical (9)
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24467/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24467 - Critical (9)
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24467/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24467 - Critical (9)
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24467/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24467 - Critical (9)
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24467/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-24467 - Critical (9)
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains multiple...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24467/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25524 - High (8.1)
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as `g...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25524/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25524 - High (8.1)
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as `g...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25524/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25524 - High (8.1)
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as `g...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25524/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25524 - High (8.1)
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, PHP functions such as `g...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25524/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25058 - High (7.5)
Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint `GET /internal/transcripts/{meeting_id}` that returns transcrip...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25058/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25058 - High (7.5)
Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint `GET /internal/transcripts/{meeting_id}` that returns transcrip...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25058/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##apktool 3.0.2 is out!
- performance boosts
- CVE-2026-39973 fix
- bug fixes for splits & Meta apks
🟠 CVE-2026-5617 - High (8.8)
The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_return_to_admin() function trusting a client-controlled cookie (oclaup_original_admin) to determine...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5617/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Hey, @cR0w, another ../ for you: https://vuldb.com/cve/CVE-2026-40342
##🔴 CVE-2026-40342 - Critical (9.9)
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40342/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔍 CVE-2026-40317 (CRITICAL, CVSS 9.4): NovumOS < 0.24 allows local privilege escalation via unchecked entry point in Syscall 12. Patch to 0.24 ASAP or restrict syscalls to mitigate. Full details: https://radar.offseq.com/threat/cve-2026-40317-cwe-269-improper-privilege-manageme-d4098dd0 #OffSeq #Vuln #NovumOS #InfoSec
##🔴 CVE-2026-40317 - Critical (9.3)
NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 12 (JumpToUser) accepts an arbitrary entry point address from user-space registers without validation, allowing any Ring 3 user-mode pr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40317/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32107 - High (8.8)
xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management could allow an authenticated local attacker to es...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32107/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34232 - High (7.5)
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding an op_response packet, causing a server crash w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34232/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35215 - High (7.5)
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a slice packet. A zero-length descriptor is later...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35215/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-40286 - High (7.5)
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the 'Member Registration' (Cadastrar Sócio) function. By injecting a payload into the 'Member Nam...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40286/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-40285 - High (8.8)
WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpf_usuario POST parameter overwrites the session-stored user identity via extract($_REQUEST) i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40285/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-40352 - High (8.8)
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40352/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-40351 - Critical (9.8)
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object (e.g...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40351/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-40492: CRITICAL out-of-bounds write in HappySeaFox sail <36aa5c7ec8. XWD codec flaw may allow RCE or DoS via memory corruption. Patch with latest commit ASAP. No active exploits. https://radar.offseq.com/threat/cve-2026-40492-cwe-787-out-of-bounds-write-in-happ-780830ff #OffSeq #Vulnerability #HappySeaFox #InfoSec
##🔴 CVE-2026-40492 - Critical (9.8)
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on `pixmap_depth` but the by...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40492/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-40348 - High (7.7)
Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through `POST /settings/jellyfin/server-url-verify`. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40348/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-40581 - High (8.1)
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php) performs permanent, irreversible deletion of family records and all associated data via a plain GET request wi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40581/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-40484 - Critical (9.1)
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40484/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: ChurchCRM <7.2.0 vulnerable to RCE (CVE-2026-40484). Crafted backup restores allow webshell upload; CSRF flaw increases risk. Patch to 7.2.0+ now. Details: https://radar.offseq.com/threat/cve-2026-40484-cwe-269-improper-privilege-manageme-9bb4be14 #OffSeq #CVE202640484 #ChurchCRM #RCE
##🔴 CVE-2026-40572 - Critical (9)
NovumOS is a custom 32-bit operating system written in Zig and x86 Assembly. In versions prior to 0.24, Syscall 15 (MemoryMapRange) allows Ring 3 user-mode processes to map arbitrary virtual address ranges into their address space without validati...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40572/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚩 CRITICAL: CVE-2026-40572 impacts MinecAnton209 NovumOS < 0.24. Syscall 15 flaw allows local privilege escalation by mapping over kernel memory — patch to v0.24+ ASAP! https://radar.offseq.com/threat/cve-2026-40572-cwe-269-improper-privilege-manageme-6ff979fd #OffSeq #CVE202640572 #NovumOS #Infosec
##🟠 CVE-2026-40350 - High (8.8)
Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints `/settings/users` and use them to enumerate all users and create a new admi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40350/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-40494 - Critical (9.8)
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in `tga.c` has an asymmetric bounds check ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40494/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-40494 in HappySeaFox sail (<45d48d1f2e8...) enables out-of-bounds write in TGA decoder. Heap overflow risk — update to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302. No exploits seen yet. https://radar.offseq.com/threat/cve-2026-40494-cwe-787-out-of-bounds-write-in-happ-d7181ae5 #OffSeq #Vuln #AppSec
##🔴 CVE-2026-40493 - Critical (9.8)
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel (`bpp`) from raw header fields ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40493/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-40493: CRITICAL out-of-bounds write in HappySeaFox sail (<c930284445ea3ff94451ccd7a57c999eca3bc979) — Heap buffer overflow in PSD codec risks RCE & data loss. Patch ASAP: commit c930284445ea3ff94451ccd7a57c999eca3bc979. https://radar.offseq.com/threat/cve-2026-40493-cwe-787-out-of-bounds-write-in-happ-da0d28a1 #OffSeq #infosec #CVE202640493
##🚨 CVE-2026-32105 (CRITICAL): neutrinolabs xrdp <0.10.6 does not validate MAC on Classic RDP Security layer, allowing MITM attackers to modify encrypted traffic. Upgrade to 0.10.6 or enforce TLS in xrdp.ini! https://radar.offseq.com/threat/cve-2026-32105-cwe-354-improper-validation-of-inte-71bf3dd4 #OffSeq #xrdp #infosec #RDP
##🟠 CVE-2026-28224 - High (8.2)
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28224/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28212 - High (7.5)
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info(...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28212/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33337 - High (7.5)
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cstring length conforms to the slice descriptor bo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33337/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-65104 - High (7.9)
Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This is...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-65104/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##