| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-32926 | 7.8 | 0.00% | 2 | 0 | 2026-04-02T00:31:12 | V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in | |
| CVE-2026-32925 | 7.8 | 0.00% | 2 | 0 | 2026-04-02T00:31:12 | V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6Co | |
| CVE-2026-32929 | 7.8 | 0.00% | 2 | 0 | 2026-04-02T00:31:12 | V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!ge | |
| CVE-2026-32927 | 7.8 | 0.00% | 2 | 0 | 2026-04-02T00:31:12 | V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in | |
| CVE-2026-21765 | 8.8 | 0.00% | 2 | 0 | 2026-04-02T00:31:12 | HCL BigFix Platform is affected by insecure permissions on private cryptographic | |
| CVE-2026-4370 | 10.0 | 0.03% | 2 | 0 | 2026-04-02T00:03:37 | ### Impact Any Juju controller since 3.2.0. An attacker with only route-ability | |
| CVE-2026-32928 | 7.8 | 0.00% | 2 | 0 | 2026-04-01T23:17:03.267000 | V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6Co | |
| CVE-2026-34784 | None | 0.04% | 2 | 0 | 2026-04-01T23:09:14 | ### Impact File downloads via HTTP Range requests bypass the `afterFind(Parse.F | |
| CVE-2026-34571 | 9.9 | 0.00% | 4 | 0 | 2026-04-01T22:16:21.030000 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo | |
| CVE-2026-34572 | 8.0 | 0.00% | 2 | 0 | 2026-04-01T22:09:41 | ## Summary ### Vulnerability: Improper Session Invalidation on Account Deactivat | |
| CVE-2026-34570 | 8.8 | 0.00% | 2 | 0 | 2026-04-01T22:08:30 | ## Summary ### Vulnerability: Improper Session Invalidation on Account Deletion | |
| CVE-2026-34569 | 10.0 | 0.00% | 4 | 0 | 2026-04-01T22:07:38 | ## Summary ### **Vulnerability: Stored DOM XSS via Blog Category Title (Persiste | |
| CVE-2026-34568 | 9.1 | 0.00% | 2 | 0 | 2026-04-01T22:07:15 | ## Summary ### **Vulnerability: Stored DOM XSS via Blog Post Content (Persistent | |
| CVE-2026-34567 | 9.1 | 0.00% | 2 | 0 | 2026-04-01T22:06:53 | # Summary ### **Vulnerability: Blogs Posts (Categories) Full Account Takeover | |
| CVE-2026-34566 | 9.1 | 0.00% | 2 | 0 | 2026-04-01T22:06:28 | ## Summary ### **Vulnerability: Stored DOM XSS via Page Management Fields (Persi | |
| CVE-2026-34565 | 9.1 | 0.00% | 2 | 0 | 2026-04-01T22:05:48 | ## Summary ### **Vulnerability: Stored DOM XSS via Posts Added to Menu (Persiste | |
| CVE-2026-34564 | 9.1 | 0.00% | 2 | 0 | 2026-04-01T22:04:54 | ## Summary ### **Vulnerability: Stored DOM XSS via Pages Added to Menu (Persis | |
| CVE-2026-34563 | 9.1 | 0.00% | 2 | 0 | 2026-04-01T22:04:22 | ## Summary ### **Vulnerability: Stored DOM Blind XSS via Backup Management Filen | |
| CVE-2026-34560 | 9.1 | 0.00% | 2 | 0 | 2026-04-01T21:54:28 | ## Summary ### **Vulnerability: Stored DOM Blind XSS via Logs Interface Renderin | |
| CVE-2026-34559 | 9.1 | 0.00% | 2 | 0 | 2026-04-01T21:53:01 | ## Summary ### **Vulnerability: Stored DOM XSS via Blog Tag Name (Persistent Pay | |
| CVE-2026-30276 | 9.8 | 0.02% | 2 | 0 | 2026-04-01T21:31:34 | An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 a | |
| CVE-2026-4101 | 8.1 | 0.00% | 2 | 0 | 2026-04-01T21:30:43 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify | |
| CVE-2026-5281 | 8.8 | 0.04% | 13 | 1 | 2026-04-01T21:30:28 | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote | |
| CVE-2026-34529 | 7.6 | 0.00% | 2 | 0 | 2026-04-01T21:17:00.830000 | File Browser is a file managing interface for uploading, deleting, previewing, r | |
| CVE-2026-34528 | 8.1 | 0.00% | 2 | 0 | 2026-04-01T21:17:00.660000 | File Browser is a file managing interface for uploading, deleting, previewing, r | |
| CVE-2026-25835 | 7.7 | 0.00% | 2 | 0 | 2026-04-01T21:16:58.680000 | Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Ra | |
| CVE-2026-21861 | 9.1 | 0.17% | 1 | 0 | 2026-04-01T20:29:39.303000 | baserCMS is a website development framework. Prior to version 5.2.3, baserCMS co | |
| CVE-2026-30877 | 9.1 | 0.17% | 3 | 0 | 2026-04-01T20:28:43.797000 | baserCMS is a website development framework. Prior to version 5.2.3, there is an | |
| CVE-2026-34874 | 7.5 | 0.00% | 2 | 0 | 2026-04-01T20:16:27.673000 | An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There i | |
| CVE-2026-34872 | 9.1 | 0.00% | 2 | 0 | 2026-04-01T20:16:27.493000 | An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Cry | |
| CVE-2026-34748 | 8.7 | 0.00% | 2 | 0 | 2026-04-01T20:16:27.040000 | Payload is a free and open source headless content management system. Prior to v | |
| CVE-2026-34747 | 8.5 | 0.00% | 2 | 0 | 2026-04-01T20:16:26.887000 | Payload is a free and open source headless content management system. Prior to v | |
| CVE-2026-34746 | 7.7 | 0.00% | 2 | 0 | 2026-04-01T20:16:26.727000 | Payload is a free and open source headless content management system. Prior to v | |
| CVE-2026-34456 | 9.1 | 0.00% | 2 | 0 | 2026-04-01T20:16:26.120000 | Reviactyl is an open-source game server management panel built using Laravel, Re | |
| CVE-2026-25833 | 7.5 | 0.00% | 2 | 0 | 2026-04-01T20:16:23.720000 | Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x5 | |
| CVE-2026-33576 | 6.5 | 0.04% | 1 | 0 | 2026-04-01T19:19:24.363000 | OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels | |
| CVE-2026-33577 | 8.1 | 0.01% | 1 | 0 | 2026-04-01T19:17:23.120000 | OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerabilit | |
| CVE-2026-30281 | 9.8 | 0.02% | 2 | 0 | 2026-04-01T19:16:29.583000 | An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attacke | |
| CVE-2025-71278 | 8.8 | 0.04% | 1 | 0 | 2026-04-01T18:51:48.267000 | XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized s | |
| CVE-2026-34162 | 10.0 | 0.09% | 1 | 0 | 2026-04-01T18:38:39.890000 | FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT | |
| CVE-2026-34430 | 8.8 | 0.00% | 2 | 0 | 2026-04-01T18:37:43 | ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vu | |
| CVE-2026-34731 | 7.5 | 0.06% | 1 | 0 | 2026-04-01T18:37:42.803000 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AV | |
| CVE-2026-33373 | 8.8 | 0.03% | 2 | 0 | 2026-04-01T18:37:42 | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Sit | |
| CVE-2026-20160 | 9.8 | 0.00% | 2 | 0 | 2026-04-01T18:37:00 | A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allo | |
| CVE-2026-20093 | 9.8 | 0.00% | 2 | 0 | 2026-04-01T18:36:52 | A vulnerability in the change password functionality of Cisco Integrated Managem | |
| CVE-2026-29014 | 9.8 | 0.00% | 2 | 0 | 2026-04-01T18:36:49 | MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injec | |
| CVE-2026-5087 | 7.5 | 0.02% | 2 | 0 | 2026-04-01T18:36:47 | PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl gene | |
| CVE-2026-34751 | 9.1 | 0.00% | 2 | 0 | 2026-04-01T18:16:31.277000 | Payload is a free and open source headless content management system. Prior to v | |
| CVE-2026-33949 | 8.1 | 0.00% | 2 | 0 | 2026-04-01T17:28:39.507000 | Tina is a headless content management system. Prior to version 2.2.2, a path tra | |
| CVE-2026-5292 | 8.8 | 0.03% | 2 | 0 | 2026-04-01T17:07:20.250000 | Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed | |
| CVE-2026-5282 | 8.1 | 0.03% | 2 | 0 | 2026-04-01T16:35:57.513000 | Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed | |
| CVE-2026-4748 | 7.5 | 0.03% | 2 | 0 | 2026-04-01T16:23:51.263000 | A regression in the way hashes were calculated caused rules containing the addre | |
| CVE-2026-3308 | 7.8 | 0.02% | 2 | 0 | 2026-04-01T16:23:51.103000 | An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1. | |
| CVE-2026-5288 | 9.7 | 0.03% | 2 | 0 | 2026-04-01T15:32:18 | Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 al | |
| CVE-2026-2696 | 5.3 | 0.02% | 1 | 0 | 2026-04-01T15:32:18 | The Export All URLs WordPress plugin before 5.1 generates CSV filenames containi | |
| CVE-2026-5290 | 9.7 | 0.03% | 2 | 0 | 2026-04-01T15:32:17 | Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a | |
| CVE-2026-5289 | 9.7 | 0.03% | 2 | 0 | 2026-04-01T15:32:17 | Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a | |
| CVE-2026-5286 | 8.8 | 0.04% | 3 | 0 | 2026-04-01T15:32:17 | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote | |
| CVE-2026-35093 | 8.8 | 0.00% | 4 | 0 | 2026-04-01T15:31:22 | A flaw was found in libinput. A local attacker who can place a specially crafted | |
| CVE-2026-35091 | 8.2 | 0.00% | 4 | 0 | 2026-04-01T15:31:21 | A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wr | |
| CVE-2026-5284 | 7.5 | 0.04% | 2 | 0 | 2026-04-01T15:31:15 | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote | |
| CVE-2026-5277 | 7.5 | 0.03% | 2 | 0 | 2026-04-01T15:31:14 | Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 al | |
| CVE-2026-5275 | 8.8 | 0.03% | 2 | 0 | 2026-04-01T15:31:14 | Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 al | |
| CVE-2026-5274 | 8.8 | 0.03% | 2 | 0 | 2026-04-01T15:31:14 | Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a re | |
| CVE-2026-5278 | 8.8 | 0.03% | 2 | 0 | 2026-04-01T15:31:14 | Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 a | |
| CVE-2026-5272 | 8.8 | 0.01% | 2 | 0 | 2026-04-01T15:31:13 | Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a r | |
| CVE-2026-4747 | 8.8 | 0.16% | 18 | 0 | 2026-04-01T15:23:23.797000 | Each RPCSEC_GSS data packet is validated by a routine which checks a signature i | |
| CVE-2026-24165 | 7.8 | 0.06% | 2 | 0 | 2026-04-01T14:24:02.583000 | NVIDIA BioNeMo contains a vulnerability where a user could cause a deserializati | |
| CVE-2026-30309 | 7.8 | 0.05% | 1 | 0 | 2026-04-01T14:24:02.583000 | InfCode's terminal auto-execution module contains a critical command filtering v | |
| CVE-2026-5204 | 8.8 | 0.05% | 1 | 0 | 2026-04-01T14:24:02.583000 | A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function f | |
| CVE-2026-34156 | 9.9 | 5.19% | 1 | 0 | template | 2026-04-01T14:24:02.583000 | NocoBase is an AI-powered no-code/low-code platform for building business applic |
| CVE-2026-28228 | 8.8 | 0.05% | 1 | 0 | 2026-04-01T14:24:02.583000 | OpenOlat is an open source web-based e-learning platform for teaching, learning, | |
| CVE-2026-34505 | 6.5 | 0.06% | 2 | 0 | 2026-04-01T14:24:02.583000 | OpenClaw before 2026.3.12 applies rate limiting only after successful webhook au | |
| CVE-2026-32982 | 7.5 | 0.03% | 1 | 0 | 2026-04-01T14:24:02.583000 | OpenClaw before 2026.3.13 contains an information disclosure vulnerability in th | |
| CVE-2026-5201 | 7.5 | 0.09% | 2 | 1 | 2026-04-01T14:24:02.583000 | A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vuln | |
| CVE-2026-34040 | 8.8 | 0.01% | 1 | 0 | 2026-04-01T14:24:02.583000 | Moby is an open source container framework. Prior to version 29.3.1, a security | |
| CVE-2026-32716 | 8.1 | 0.03% | 1 | 0 | 2026-04-01T14:24:02.583000 | SciTokens is a reference library for generating and using SciTokens. Prior to ve | |
| CVE-2026-34042 | 8.2 | 0.05% | 1 | 0 | 2026-04-01T14:24:02.583000 | act is a project which allows for local running of github actions. Prior to vers | |
| CVE-2026-34585 | 8.6 | 0.07% | 2 | 0 | 2026-04-01T14:23:37.727000 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vuln | |
| CVE-2026-35092 | 7.5 | 0.00% | 4 | 0 | 2026-04-01T14:23:37.727000 | A flaw was found in Corosync. An integer overflow vulnerability in Corosync's jo | |
| CVE-2025-15484 | 9.1 | 0.02% | 2 | 0 | 2026-04-01T14:23:37.727000 | The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides | |
| CVE-2026-4800 | 8.1 | 0.07% | 1 | 1 | 2026-04-01T14:23:37.727000 | Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h | |
| CVE-2026-34366 | 7.6 | 0.03% | 1 | 0 | 2026-04-01T14:23:37.727000 | InvoiceShelf is an open-source web & mobile app that helps track expenses, payme | |
| CVE-2026-34448 | 9.0 | 0.05% | 2 | 0 | 2026-04-01T14:23:37.727000 | SiYuan is a personal knowledge management system. Prior to version 3.6.2, an att | |
| CVE-2026-3775 | 7.8 | 0.01% | 1 | 0 | 2026-04-01T14:23:37.727000 | The application's update service, when checking for updates, loads certain syste | |
| CVE-2026-5214 | 8.8 | 0.04% | 1 | 0 | 2026-04-01T14:23:37.727000 | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-32 | |
| CVE-2026-32726 | 8.1 | 0.03% | 2 | 0 | 2026-04-01T14:23:37.727000 | SciTokens C++ is a minimal library for creating and using SciTokens from C or C+ | |
| CVE-2026-32725 | 8.3 | 0.21% | 1 | 0 | 2026-04-01T14:23:37.727000 | SciTokens C++ is a minimal library for creating and using SciTokens from C or C+ | |
| CVE-2026-23898 | None | 0.06% | 1 | 0 | 2026-04-01T12:31:34 | Lack of input validation leads to an arbitrary file deletion vulnerability in th | |
| CVE-2026-3779 | 7.8 | 0.02% | 1 | 0 | 2026-04-01T06:31:32 | The application's list box calculate array logic keeps stale references to page | |
| CVE-2026-26060 | None | 0.04% | 1 | 0 | 2026-04-01T06:11:50 | ### Summary A vulnerability in Fleet’s password management logic could allow pr | |
| CVE-2025-13855 | 7.6 | 0.09% | 1 | 0 | 2026-04-01T03:31:46 | IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable t | |
| CVE-2025-71282 | 7.5 | 0.03% | 1 | 0 | 2026-04-01T03:31:46 | XenForo before 2.3.7 discloses filesystem paths through exception messages trigg | |
| CVE-2025-71281 | 8.8 | 0.05% | 1 | 0 | 2026-04-01T03:31:46 | XenForo before 2.3.7 does not properly restrict methods callable from within tem | |
| CVE-2025-71279 | 9.8 | 0.08% | 1 | 0 | 2026-04-01T03:31:46 | XenForo before 2.3.7 contains a security issue affecting Passkeys that have been | |
| CVE-2026-35056 | 8.8 | 0.26% | 1 | 0 | 2026-04-01T03:31:46 | XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by aut | |
| CVE-2026-34558 | 9.1 | 0.05% | 1 | 0 | 2026-04-01T00:09:24 | ## Summary ### **Vulnerability: Stored DOM XSS via Methods Management Fields ( | |
| CVE-2026-33578 | 9.8 | 0.01% | 2 | 0 | 2026-04-01T00:01:11 | ## Summary When only a route-level group allowlist was configured, sender polic | |
| CVE-2026-34503 | 7.5 | 0.03% | 1 | 0 | 2026-03-31T23:52:04 | ## Summary Removing a device or revoking its token updated stored credentials b | |
| CVE-2026-34453 | 7.5 | 0.03% | 1 | 0 | 2026-03-31T23:30:05 | ### Summary The publish service exposes bookmarked blocks from password-protecte | |
| CVE-2026-34449 | 9.7 | 0.14% | 2 | 0 | 2026-03-31T23:29:01 | ### Summary A malicious website can achieve Remote Code Execution (RCE) on any | |
| CVE-2026-34394 | 8.1 | 0.02% | 1 | 0 | 2026-03-31T23:15:26 | ## Summary AVideo's admin plugin configuration endpoint (`admin/save.json.php`) | |
| CVE-2026-34381 | 7.5 | 0.06% | 1 | 0 | 2026-03-31T23:10:05 | ### Summary Admidio relies on `adm_my_files/.htaccess` to deny direct HTTP acce | |
| CVE-2026-34240 | 7.5 | 0.01% | 1 | 0 | 2026-03-31T23:09:20 | ### Impact A vulnerability in `jose` versions up to and including `0.3.5` could | |
| CVE-2026-32727 | 8.1 | 0.05% | 1 | 0 | 2026-03-31T22:51:38 | ### Summary The `Enforcer` is vulnerable to a path traversal attack where an att | |
| CVE-2026-32714 | 9.8 | 0.03% | 1 | 0 | 2026-03-31T22:49:18 | ### Summary The `KeyCache` class in `scitokens` was vulnerable to SQL Injection | |
| CVE-2026-30880 | None | 0.28% | 1 | 0 | 2026-03-31T22:43:32 | baserCMS has an OS command injection vulnerability in the installer. ### Target | |
| CVE-2025-32957 | 8.7 | 0.04% | 1 | 0 | 2026-03-31T22:22:19 | ### Details The application's restore function allows users to upload a `.zip` f | |
| CVE-2026-3256 | 9.8 | 0.02% | 1 | 0 | 2026-03-31T21:32:22 | HTTP::Session versions through 0.53 for Perl defaults to using insecurely genera | |
| CVE-2026-4851 | 9.8 | 0.07% | 1 | 0 | 2026-03-31T21:32:22 | GRID::Machine versions through 0.127 for Perl allows arbitrary code execution vi | |
| CVE-2025-15618 | 9.1 | 0.04% | 1 | 0 | 2026-03-31T21:32:22 | Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses a | |
| CVE-2026-1579 | 9.8 | 0.07% | 3 | 0 | 2026-03-31T21:31:31 | The MAVLink communication protocol does not require cryptographic authenticatio | |
| CVE-2026-5212 | 8.8 | 0.08% | 1 | 0 | 2026-03-31T21:31:31 | A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D | |
| CVE-2026-5213 | 8.8 | 0.04% | 1 | 0 | 2026-03-31T21:31:31 | A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D | |
| CVE-2026-5211 | 8.8 | 0.04% | 1 | 0 | 2026-03-31T21:31:30 | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, | |
| CVE-2026-3356 | None | 0.05% | 3 | 0 | 2026-03-31T21:31:19 | The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass t | |
| CVE-2026-34361 | 9.3 | 0.04% | 2 | 0 | 2026-03-31T18:55:52 | ## Summary The FHIR Validator HTTP service exposes an unauthenticated `/loadIG` | |
| CVE-2026-34243 | 9.8 | 0.24% | 2 | 0 | 2026-03-31T18:54:47 | #### Summary A GitHub Actions workflow uses untrusted user input from `issue_co | |
| CVE-2026-34214 | 7.7 | 0.02% | 2 | 0 | 2026-03-31T18:51:31 | ### Summary Iceberg connector REST catalog static credentials (access key) or v | |
| CVE-2026-34209 | 7.5 | 0.03% | 1 | 0 | 2026-03-31T18:51:06 | ### Impact The `tempo/session` cooperative close handler validated the close vo | |
| CVE-2026-34070 | 7.5 | 0.19% | 3 | 1 | 2026-03-31T18:41:15 | ## Summary Multiple functions in `langchain_core.prompts.loading` read files fr | |
| CVE-2026-2275 | 9.7 | 0.04% | 1 | 0 | 2026-03-31T18:32:38 | The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach | |
| CVE-2026-29870 | 7.6 | 0.08% | 1 | 0 | 2026-03-31T18:32:38 | A directory traversal vulnerability in the agentic-context-engine project versio | |
| CVE-2026-30282 | 9.1 | 0.03% | 1 | 0 | 2026-03-31T18:31:43 | An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirro | |
| CVE-2026-24164 | 8.8 | 0.04% | 1 | 0 | 2026-03-31T18:31:43 | NVIDIA BioNeMo contains a vulnerability where a user could cause a deserializati | |
| CVE-2026-24154 | 7.7 | 0.03% | 2 | 0 | 2026-03-31T18:31:38 | NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker | |
| CVE-2026-24148 | 8.3 | 0.04% | 1 | 0 | 2026-03-31T18:31:37 | NVIDIA Jetson for JetPack contains a vulnerability in the system initialization | |
| CVE-2025-53521 | 9.8 | 41.41% | 4 | 0 | 2026-03-31T17:12:31.053000 | When a BIG-IP APM access policy is configured on a virtual server, specific mali | |
| CVE-2026-34504 | 5.3 | 0.04% | 1 | 0 | 2026-03-31T15:32:03 | OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability i | |
| CVE-2026-0596 | 9.6 | 0.24% | 2 | 0 | 2026-03-31T15:32:03 | A command injection vulnerability exists in mlflow/mlflow when serving a model w | |
| CVE-2026-33579 | 9.8 | 0.01% | 1 | 0 | 2026-03-31T15:32:03 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the / | |
| CVE-2026-33580 | 9.8 | 0.06% | 1 | 0 | 2026-03-31T15:32:03 | OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the | |
| CVE-2026-5121 | 9.8 | 0.18% | 1 | 0 | 2026-03-31T15:16:22.173000 | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerabi | |
| CVE-2026-3055 | 9.8 | 44.30% | 6 | 5 | template | 2026-03-31T13:18:14.213000 | Insufficient input validation in NetScaler ADC and NetScaler Gateway when config |
| CVE-2026-32920 | 9.8 | 0.01% | 1 | 0 | 2026-03-31T12:31:42 | OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenCl | |
| CVE-2026-32917 | 9.8 | 0.40% | 1 | 0 | 2026-03-31T12:31:42 | OpenClaw before 2026.3.13 contains a remote command injection vulnerability in t | |
| CVE-2026-34506 | 7.5 | 0.03% | 2 | 0 | 2026-03-31T12:31:42 | OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its | |
| CVE-2026-32988 | 7.5 | 0.01% | 2 | 0 | 2026-03-31T12:31:42 | OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs | |
| CVE-2026-32916 | 7.7 | 0.07% | 1 | 0 | 2026-03-31T12:31:42 | OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vuln | |
| CVE-2026-34509 | 7.5 | 0.03% | 1 | 0 | 2026-03-31T12:31:42 | OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its | |
| CVE-2026-4317 | None | 0.05% | 1 | 0 | 2026-03-31T12:31:42 | SQL inyection (SQLi) vulnerability in Umami Software web application through an | |
| CVE-2025-10551 | 8.7 | 0.03% | 2 | 0 | 2026-03-31T09:31:48 | A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management | |
| CVE-2025-10553 | 8.7 | 0.03% | 1 | 0 | 2026-03-31T09:31:48 | A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Man | |
| CVE-2026-3300 | 9.8 | 0.22% | 2 | 0 | 2026-03-31T03:31:35 | The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Executio | |
| CVE-2026-4020 | 7.5 | 0.05% | 1 | 0 | template | 2026-03-31T03:31:35 | The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exp |
| CVE-2026-33634 | None | 21.15% | 1 | 3 | 2026-03-30T20:51:04 | ## Summary On March 19, 2026, a threat actor used compromised credentials to pu | |
| CVE-2026-21643 | 9.8 | 0.05% | 4 | 2 | 2026-03-30T15:31:35 | An improper neutralization of special elements used in an sql command ('sql inje | |
| CVE-2026-34475 | 5.4 | 0.04% | 2 | 0 | 2026-03-30T13:26:07.647000 | Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain u | |
| CVE-2026-33017 | 9.8 | 5.65% | 1 | 6 | 2026-03-26T15:41:23 | ## Summary The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows b | |
| CVE-2026-20700 | 7.8 | 0.30% | 2 | 0 | 2026-03-25T17:39:37.227000 | A memory corruption issue was addressed with improved state management. This iss | |
| CVE-2026-32746 | 9.8 | 0.03% | 2 | 4 | 2026-03-23T15:31:40 | telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMO | |
| CVE-2026-4342 | 8.8 | 0.04% | 1 | 1 | 2026-03-20T17:26:11 | A security issue was discovered in ingress-nginx where a combination of Ingress | |
| CVE-2025-71260 | 8.8 | 9.15% | 1 | 1 | template | 2026-03-20T13:39:46.493000 | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserializa |
| CVE-2026-3888 | 7.9 | 0.01% | 2 | 6 | 2026-03-18T06:31:20 | Local privilege escalation in snapd on Linux allows local attackers to get root | |
| CVE-2026-2493 | 7.5 | 15.24% | 1 | 0 | 2026-03-16T14:53:07.390000 | IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. | |
| CVE-2026-2413 | 7.5 | 26.22% | 1 | 3 | template | 2026-03-11T06:31:47 | The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to S |
| CVE-2025-14558 | 7.2 | 53.60% | 1 | 2 | 2026-03-09T15:30:47 | The rtsol(8) and rtsold(8) programs do not validate the domain search list optio | |
| CVE-2026-29058 | 9.8 | 42.99% | 1 | 0 | 2026-03-06T21:56:51 | ## Impact An unauthenticated attacker can execute arbitrary OS commands on the | |
| CVE-2026-27971 | 9.8 | 23.12% | 1 | 0 | template | 2026-03-05T17:57:37.233000 | Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable |
| CVE-2026-2025 | 7.5 | 26.43% | 1 | 10 | template | 2026-03-04T18:32:57 | The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one |
| CVE-2023-7337 | 7.5 | 22.17% | 1 | 0 | template | 2026-03-04T12:30:39 | The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is |
| CVE-2026-1492 | 9.8 | 30.99% | 1 | 2 | template | 2026-03-03T21:52:29.877000 | The User Registration & Membership – Custom Registration Form Builder, Custom Lo |
| CVE-2026-21508 | 7.0 | 0.05% | 1 | 1 | 2026-02-10T18:30:53 | Improper authentication in Windows Storage allows an authorized attacker to elev | |
| CVE-2026-2150 | 4.3 | 0.01% | 1 | 11 | 2026-02-08T12:30:36 | A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queu | |
| CVE-2025-14847 | 7.5 | 74.63% | 1 | 39 | template | 2026-01-13T22:24:20.380000 | Mismatched length fields in Zlib compressed protocol headers may allow a read of |
| CVE-2026-21858 | 10.0 | 8.73% | 1 | 11 | template | 2026-01-13T15:05:00 | ### Impact A vulnerability in n8n allows an attacker to access files on the unde |
| CVE-2025-61594 | None | 0.01% | 1 | 0 | 2025-12-30T21:07:16 | ### Impact In affected URI version, a bypass exists for the fix to CVE-2025-272 | |
| CVE-2025-68664 | 9.3 | 0.04% | 1 | 2 | 2025-12-24T01:08:11 | ## Summary A serialization injection vulnerability exists in LangChain's `dumps | |
| CVE-2025-32975 | 10.0 | 0.17% | 2 | 0 | 2025-11-03T21:35:11 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x bef | |
| CVE-2023-4966 | 9.4 | 94.35% | 1 | 14 | template | 2025-10-24T13:42:55.550000 | Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when con |
| CVE-2021-23337 | 7.2 | 0.46% | 1 | 1 | 2025-08-12T21:44:25 | `lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the t | |
| CVE-2022-47392 | 6.5 | 0.31% | 1 | 0 | 2025-07-17T13:10:35.760000 | An authenticated, remote attacker may use a improper input validation vulnerabil | |
| CVE-2022-47389 | 8.8 | 4.37% | 1 | 0 | 2025-07-17T13:09:56.670000 | An authenticated, remote attacker may use a stack based out-of-bounds write vuln | |
| CVE-2022-47384 | 8.8 | 2.30% | 1 | 0 | 2025-07-17T13:01:49.327000 | An authenticated remote attacker may use a stack based out-of-bounds write vulne | |
| CVE-2022-47382 | 8.8 | 2.30% | 1 | 0 | 2025-07-17T12:50:47.377000 | An authenticated remote attacker may use a stack based out-of-bounds write vulne | |
| CVE-2022-47378 | 6.5 | 0.41% | 1 | 0 | 2025-07-17T12:38:13.340000 | Multiple CODESYS products in multiple versions are prone to a improper input val | |
| CVE-2025-6514 | 9.7 | 1.29% | 1 | 3 | 2025-07-09T18:08:46 | mcp-remote is exposed to OS command injection when connecting to untrusted MCP s | |
| CVE-2025-24076 | 7.3 | 1.60% | 1 | 1 | 2025-07-07T17:24:22.777000 | Improper access control in Windows Cross Device Service allows an authorized att | |
| CVE-2025-29970 | 7.8 | 0.69% | 1 | 0 | 2025-05-13T18:31:00 | Use after free in Microsoft Brokering File System allows an authorized attacker | |
| CVE-2022-47385 | 8.8 | 2.30% | 1 | 0 | 2024-04-11T21:18:07 | An authenticated, remote attacker may use a stack based out-of-bounds write vuln | |
| CVE-2022-47390 | 8.8 | 2.36% | 1 | 0 | 2024-04-11T21:18:06 | An authenticated, remote attacker may use a stack based out-of-bounds write vuln | |
| CVE-2022-47388 | 8.8 | 2.30% | 1 | 0 | 2024-04-04T05:43:02 | An authenticated, remote attacker may use a stack based out-of-bounds write vuln | |
| CVE-2022-47387 | 8.8 | 2.30% | 1 | 0 | 2024-04-04T05:43:02 | An authenticated remote attacker may use a stack based out-of-bounds write vulne | |
| CVE-2022-47386 | 8.8 | 2.30% | 1 | 0 | 2024-04-04T05:42:59 | An authenticated, remote attacker may use a stack based out-of-bounds write vuln | |
| CVE-2022-47383 | 8.8 | 2.30% | 1 | 0 | 2024-04-04T05:42:57 | An authenticated, remote attacker may use a stack based out-of-bounds write vuln | |
| CVE-2022-47379 | 8.8 | 2.81% | 1 | 0 | 2024-04-04T05:42:52 | An authenticated, remote attacker may use a out-of-bounds write vulnerability in | |
| CVE-2022-47381 | 8.8 | 2.30% | 1 | 0 | 2024-04-04T05:42:52 | An authenticated remote attacker may use a stack based out-of-bounds write vulne | |
| CVE-2022-47380 | 8.8 | 2.30% | 1 | 0 | 2024-04-04T05:42:52 | An authenticated remote attacker may use a stack based out-of-bounds write vuln | |
| CVE-2022-47393 | 6.5 | 0.52% | 1 | 0 | 2024-04-04T04:05:11 | An authenticated, remote attacker may use a Improper Restriction of Operations w | |
| CVE-2022-47391 | 7.5 | 0.59% | 1 | 0 | 2024-04-04T04:05:08 | In multiple CODESYS products in multiple versions an unauthorized, remote attack | |
| CVE-2026-34365 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-34367 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-5190 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-34163 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-34054 | 0 | 0.06% | 1 | 0 | N/A |
updated 2026-04-02T00:31:12
2 posts
🟠 CVE-2026-32926 - High (7.8)
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32926 - High (7.8)
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T00:31:12
2 posts
🟠 CVE-2026-32925 - High (7.8)
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32925/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32925 - High (7.8)
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32925/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T00:31:12
2 posts
🟠 CVE-2026-32929 - High (7.8)
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32929/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32929 - High (7.8)
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32929/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T00:31:12
2 posts
🟠 CVE-2026-32927 - High (7.8)
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32927/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32927 - High (7.8)
V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32927/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T00:31:12
2 posts
🟠 CVE-2026-21765 - High (8.8)
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21765/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21765 - High (8.8)
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21765/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-02T00:03:37
2 posts
🔴 CVE-2026-4370 - Critical (10)
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4370/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔥 CRITICAL: CVE-2026-4370 in Canonical Juju (3.2.0 – 3.6.19, 4.0 – 4.0.4) allows unauthenticated attackers to join Dqlite clusters via improper TLS validation. Patch or restrict port access now! https://radar.offseq.com/threat/cve-2026-4370-cwe-295-improper-certificate-validat-9bb2b3b6 #OffSeq #Juju #Vuln #Infosec
##updated 2026-04-01T23:17:03.267000
2 posts
🟠 CVE-2026-32928 - High (7.8)
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32928/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32928 - High (7.8)
V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32928/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T23:09:14
2 posts
🟠 CVE-2026-34784 - High (7.5)
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.71 and 9.7.1-alpha.1, file downloads via HTTP Range requests bypass the afterFind(Parse.File) trigger and its validators ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34784/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34784 - High (7.5)
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.71 and 9.7.1-alpha.1, file downloads via HTTP Range requests bypass the afterFind(Parse.File) trigger and its validators ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34784/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T22:16:21.030000
4 posts
🔴 CVE-2026-34571 - Critical (9.9)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting (Stored XSS) vulnerability exists in the backend...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34571/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: CVE-2026-34571 in ci4ms (<0.31.0.0) enables stored XSS in backend user management. Attackers can hijack admin sessions with persistent JS — upgrade to 0.31.0.0+ ASAP! https://radar.offseq.com/threat/cve-2026-34571-cwe-79-improper-neutralization-of-i-055c896a #OffSeq #XSS #CVE202634571 #WebSecurity
##🔴 CVE-2026-34571 - Critical (9.9)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting (Stored XSS) vulnerability exists in the backend...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34571/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: CVE-2026-34571 in ci4ms (<0.31.0.0) enables stored XSS in backend user management. Attackers can hijack admin sessions with persistent JS — upgrade to 0.31.0.0+ ASAP! https://radar.offseq.com/threat/cve-2026-34571-cwe-79-improper-neutralization-of-i-055c896a #OffSeq #XSS #CVE202634571 #WebSecurity
##updated 2026-04-01T22:09:41
2 posts
🟠 CVE-2026-34572 - High (8.8)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an accou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34572/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34572 - High (8.8)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an accou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34572/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T22:08:30
2 posts
🚨 CVE-2026-34570 (CVSS 10): CRITICAL improper access control in ci4ms < 0.31.0.0 lets deleted accounts retain access via active sessions. Patch to 0.31.0.0+ ASAP! Details: https://radar.offseq.com/threat/cve-2026-34570-cwe-284-improper-access-control-in--917f2c32 #OffSeq #CVE202634570 #AccessControl #Infosec
##🚨 CVE-2026-34570 (CVSS 10): CRITICAL improper access control in ci4ms < 0.31.0.0 lets deleted accounts retain access via active sessions. Patch to 0.31.0.0+ ASAP! Details: https://radar.offseq.com/threat/cve-2026-34570-cwe-284-improper-access-control-in--917f2c32 #OffSeq #CVE202634570 #AccessControl #Infosec
##updated 2026-04-01T22:07:38
4 posts
⚠️ CRITICAL XSS (CVE-2026-34569) in ci4ms (<0.31.0.0): Low-priv attackers can store JS in blog category titles, impacting public & admin views. Update to 0.31.0.0+ ASAP! Full compromise possible. Details: https://radar.offseq.com/threat/cve-2026-34569-cwe-79-improper-neutralization-of-i-ebe55431 #OffSeq #XSS #Infosec
##🔴 CVE-2026-34569 - Critical (9.9)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34569/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL XSS (CVE-2026-34569) in ci4ms (<0.31.0.0): Low-priv attackers can store JS in blog category titles, impacting public & admin views. Update to 0.31.0.0+ ASAP! Full compromise possible. Details: https://radar.offseq.com/threat/cve-2026-34569-cwe-79-improper-neutralization-of-i-ebe55431 #OffSeq #XSS #Infosec
##🔴 CVE-2026-34569 - Critical (9.9)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34569/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T22:07:15
2 posts
🔴 CVE-2026-34568 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34568/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34568 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34568/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T22:06:53
2 posts
🔴 CVE-2026-34567 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34567/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34567 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34567/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T22:06:28
2 posts
🔴 CVE-2026-34566 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Pa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34566/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34566 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Pa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34566/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T22:05:48
2 posts
🔴 CVE-2026-34565 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding P...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34565/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34565 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding P...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34565/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T22:04:54
2 posts
🔴 CVE-2026-34564 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding P...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34564/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34564 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding P...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34564/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T22:04:22
2 posts
🔴 CVE-2026-34563 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when handling...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34563/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34563 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when handling...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34563/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T21:54:28
2 posts
🔴 CVE-2026-34560 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interfa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34560/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34560 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interfa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34560/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T21:53:01
2 posts
🔴 CVE-2026-34559 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34559/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34559 - Critical (9.1)
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34559/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T21:31:34
2 posts
🔴 CVE-2026-30276 - Critical (9.8)
An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30276/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30276 - Critical (9.8)
An arbitrary file overwrite vulnerability in DeftPDF Document Translator v54.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30276/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T21:30:43
2 posts
🟠 CVE-2026-4101 - High (8.1)
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 under certain load cond...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4101 - High (8.1)
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 under certain load cond...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T21:30:28
13 posts
1 repos
https://github.com/umair-aziz025/CVE-2026-5281-Research-Toolkit
Critical Chrome Zero-Day CVE-2026-5281 Sparks Urgent Global Security Response + Video
Introduction: A Silent Browser Threat Escalates into a National Security Concern A newly discovered vulnerability inside Google Chrome’s graphics engine has quickly evolved from a technical flaw into a high-priority cybersecurity emergency. With active exploitation already confirmed in the wild, government agencies and security experts are sounding the alarm. The issue, tied to…
##🚨 [CISA-2026:0401] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0401)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-5281 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- Name: Google Dawn Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Dawn
- Notes: This vulnerability affects an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-5281
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260401 #cisa20260401 #cve_2026_5281 #cve20265281
##Google Chrome Security Release Addresses Critical Zero-Day CVE-2026-5281 and 21 Vulnerabilities + Video
Introduction: Urgent Browser Update After Active Exploitation Detected Google has issued a critical security update for its Chrome browser, responding to an actively exploited zero-day vulnerability that has already been observed in real-world attacks. The flaw, identified as CVE-2026-5281, affects a core graphics component and raises serious concerns about user…
##CVE ID: CVE-2026-5281
Vendor: Google
Product: Dawn
Date Added: 2026-04-01
Notes: This vulnerability affects an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-5281
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-5281
🟠 CVE-2026-5281 - High (8.8)
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5281/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Google on Tuesday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild.
https://thehackernews.com/2026/04/new-chrome-zero-day-cve-2026-5281-under.html
##🚨 [CISA-2026:0401] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0401)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-5281 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281)
- Name: Google Dawn Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Dawn
- Notes: This vulnerability affects an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-5281
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260401 #cisa20260401 #cve_2026_5281 #cve20265281
##CVE ID: CVE-2026-5281
Vendor: Google
Product: Dawn
Date Added: 2026-04-01
Notes: This vulnerability affects an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-5281
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-5281
🟠 CVE-2026-5281 - High (8.8)
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5281/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-5281 (Use after free in Dawn) included with this is a zero day
##Amongst other security improvements from Chromium upstream it includes a fix for CVE-2026-5281 (Use after free in Dawn), which has a known exploit in the wild.
##Amongst other security improvements from Chromium upstream it includes a fix for CVE-2026-5281 (Use after free in Dawn), which has a known exploit in the wild.
##Upstream release notes have been published. This release includes fixes for 21 CVES. Google is aware that an exploit for CVE-2026-5281 exists in the wild.
chromereleases.googleblog.com/2026/03/stab...
RE: https://bsky.app/profile/did:plc:6ol7vfhxcbk3ylrlbbioxlav/post/3mifg4rzfh22x
Stable Channel Update for Desk...
updated 2026-04-01T21:17:00.830000
2 posts
🟠 CVE-2026-34529 - High (7.6)
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the EPUB preview function in File Browser is vulnerable to Stored Cross-Site Scriptin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34529/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34529 - High (7.6)
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the EPUB preview function in File Browser is vulnerable to Stored Cross-Site Scriptin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34529/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T21:17:00.660000
2 posts
🟠 CVE-2026-34528 - High (8.1)
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Def...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34528/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34528 - High (8.1)
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Def...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34528/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T21:16:58.680000
2 posts
🟠 CVE-2026-25835 - High (7.7)
Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25835/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25835 - High (7.7)
Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25835/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T20:29:39.303000
1 posts
🚨 CVE-2026-21861: CRITICAL OS command injection in baserCMS < 5.2.3. Admins can execute arbitrary system commands via core update. Patch to 5.2.3+ ASAP to prevent full compromise. https://radar.offseq.com/threat/cve-2026-21861-cwe-78-improper-neutralization-of-s-7b86deef #OffSeq #baserCMS #CVE2026_21861 #infosec #patching
##updated 2026-04-01T20:28:43.797000
3 posts
🔥 CRITICAL: CVE-2026-30877 in baserCMS (<5.2.3) enables admin users to execute arbitrary OS commands via update functionality (CWE-78). Patch to 5.2.3+ immediately! https://radar.offseq.com/threat/cve-2026-30877-cwe-78-improper-neutralization-of-s-36a348b4 #OffSeq #baserCMS #CVE202630877 #infosec
##🔴 CVE-2026-30877 - Critical (9.1)
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30877/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30877 - Critical (9.1)
baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30877/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T20:16:27.673000
2 posts
🟠 CVE-2026-34874 - High (7.5)
An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34874/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34874 - High (7.5)
An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34874/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T20:16:27.493000
2 posts
🔴 CVE-2026-34872 - Critical (9.1)
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared sec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34872/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34872 - Critical (9.1)
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared sec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34872/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T20:16:27.040000
2 posts
🟠 CVE-2026-34748 - High (8.7)
Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/next, a stored Cross-Site Scripting (XSS) vulnerability existed in the admin panel. An authenticated user with write access to a collectio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34748/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34748 - High (8.7)
Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/next, a stored Cross-Site Scripting (XSS) vulnerability existed in the admin panel. An authenticated user with write access to a collectio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34748/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T20:16:26.887000
2 posts
🟠 CVE-2026-34747 - High (8.5)
Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifyi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34747/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34747 - High (8.5)
Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifyi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34747/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T20:16:26.727000
2 posts
🟠 CVE-2026-34746 - High (7.7)
Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the upload functionality. Authenticated users with create or update access t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34746/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34746 - High (7.7)
Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-Side Request Forgery (SSRF) vulnerability exists in the upload functionality. Authenticated users with create or update access t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34746/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T20:16:26.120000
2 posts
🔴 CVE-2026-34456 - Critical (9.1)
Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34456/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34456 - Critical (9.1)
Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34456/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T20:16:23.720000
2 posts
🟠 CVE-2026-25833 - High (7.5)
Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25833/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25833 - High (7.5)
Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25833/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T19:19:24.363000
1 posts
🔴 CVE-2026-33576 - Critical (9.8)
OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rej...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33576/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T19:17:23.120000
1 posts
🔴 CVE-2026-33577 - Critical (9.8)
OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33577/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T19:16:29.583000
2 posts
🔴 CVE-2026-30281 - Critical (9.8)
An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30281/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30281 - Critical (9.8)
An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30281/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T18:51:48.267000
1 posts
🟠 CVE-2025-71278 - High (8.8)
XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond thei...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71278/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T18:38:39.890000
1 posts
🔴 CVE-2026-34162 - Critical (10)
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint (/api/core/app/httpTools/runTool) is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-sup...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34162/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T18:37:43
2 posts
🟠 CVE-2026-34430 - High (8.8)
ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34430/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34430 - High (8.8)
ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34430/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T18:37:42.803000
1 posts
🟠 CVE-2026-34731 - High (7.5)
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo on_publish_done.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to m...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34731/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T18:37:42
2 posts
🟠 CVE-2026-33373 - High (8.8)
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Site Request Forgery (CSRF) vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state tr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33373/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33373 - High (8.8)
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Site Request Forgery (CSRF) vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state tr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33373/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T18:37:00
2 posts
And (drum roll) .... here it is. Grab a coffee, Cisco's having a bad hair day.
New.
Critical: CVE-2026-20160: Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr
Also new:
Critical: CVE-2026-20093: Cisco Integrated Management Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn
Three high-severity entries:
Four medium-severity entries toward the end of today's list: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #Cisco #vulnerability
##And (drum roll) .... here it is. Grab a coffee, Cisco's having a bad hair day.
New.
Critical: CVE-2026-20160: Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr
Also new:
Critical: CVE-2026-20093: Cisco Integrated Management Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn
Three high-severity entries:
Four medium-severity entries toward the end of today's list: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #Cisco #vulnerability
##updated 2026-04-01T18:36:52
2 posts
And (drum roll) .... here it is. Grab a coffee, Cisco's having a bad hair day.
New.
Critical: CVE-2026-20160: Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr
Also new:
Critical: CVE-2026-20093: Cisco Integrated Management Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn
Three high-severity entries:
Four medium-severity entries toward the end of today's list: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #Cisco #vulnerability
##And (drum roll) .... here it is. Grab a coffee, Cisco's having a bad hair day.
New.
Critical: CVE-2026-20160: Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr
Also new:
Critical: CVE-2026-20093: Cisco Integrated Management Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn
Three high-severity entries:
Four medium-severity entries toward the end of today's list: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #Cisco #vulnerability
##updated 2026-04-01T18:36:49
2 posts
🔴 CVE-2026-29014 - Critical (9.8)
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29014/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-29014 - Critical (9.8)
MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29014/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T18:36:47
2 posts
🟠 CVE-2026-5087 - High (7.5)
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely.
PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails (for example, on s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5087/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5087 - High (7.5)
PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely.
PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails (for example, on s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5087/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T18:16:31.277000
2 posts
🔴 CVE-2026-34751 - Critical (9.1)
Payload is a free and open source headless content management system. Prior to version 3.79.1 in @payloadcms/graphql and payload, a vulnerability in the password recovery flow could allow an unauthenticated attacker to perform actions on behalf of...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34751/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34751 - Critical (9.1)
Payload is a free and open source headless content management system. Prior to version 3.79.1 in @payloadcms/graphql and payload, a vulnerability in the password recovery flow could allow an unauthenticated attacker to perform actions on behalf of...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34751/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T17:28:39.507000
2 posts
🟠 CVE-2026-33949 - High (8.1)
Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33949/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-33949 - High (8.1)
Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33949/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T17:07:20.250000
2 posts
🟠 CVE-2026-5292 - High (8.8)
Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5292 - High (8.8)
Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T16:35:57.513000
2 posts
🟠 CVE-2026-5282 - High (8.1)
Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5282/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5282 - High (8.1)
Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5282/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T16:23:51.263000
2 posts
🟠 CVE-2026-4748 - High (7.5)
A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4748/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4748 - High (7.5)
A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4748/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T16:23:51.103000
2 posts
🟠 CVE-2026-3308 - High (7.8)
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds writ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3308/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3308 - High (7.8)
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds writ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3308/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:32:18
2 posts
🔴 CVE-2026-5288 - Critical (9.6)
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5288/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-5288 - Critical (9.6)
Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5288/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:32:18
1 posts
🚨 CVE-2026-2696: HIGH severity flaw in Export All URLs WP plugin (<5.1) leaks private post URLs via brute-forcible CSV files in uploads/. No auth needed. Upgrade ASAP & restrict dir access! https://radar.offseq.com/threat/cve-2026-2696-cwe-200-information-exposure-in-expo-c6c7420f #OffSeq #WordPress #CVE20262696
##updated 2026-04-01T15:32:17
2 posts
🔴 CVE-2026-5290 - Critical (9.6)
Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5290/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-5290 - Critical (9.6)
Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5290/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:32:17
2 posts
🔴 CVE-2026-5289 - Critical (9.6)
Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-5289 - Critical (9.6)
Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:32:17
3 posts
🟠 CVE-2026-5286 - High (8.8)
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5286/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5286 - High (8.8)
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5286/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-5286: HIGH severity use-after-free in Chrome’s Dawn component <146.0.7680.178. Remote code execution possible via crafted HTML. Patch now to stay protected! https://radar.offseq.com/threat/cve-2026-5286-use-after-free-in-google-chrome-34aabe80 #OffSeq #Chrome #Vuln #InfoSec
##updated 2026-04-01T15:31:22
4 posts
🟠 CVE-2026-35093 - High (8.8)
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the sam...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35093/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35093 - High (8.8)
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the sam...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35093/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35093 - High (8.8)
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the sam...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35093/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35093 - High (8.8)
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the sam...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35093/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:31:21
4 posts
🟠 CVE-2026-35091 - High (8.2)
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35091/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35091 - High (8.2)
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35091/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35091 - High (8.2)
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35091/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35091 - High (8.2)
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35091/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:31:15
2 posts
🟠 CVE-2026-5284 - High (7.5)
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5284/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5284 - High (7.5)
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5284/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:31:14
2 posts
🟠 CVE-2026-5277 - High (7.5)
Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5277/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5277 - High (7.5)
Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5277/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:31:14
2 posts
🟠 CVE-2026-5275 - High (8.8)
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5275/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5275 - High (8.8)
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5275/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:31:14
2 posts
🟠 CVE-2026-5274 - High (8.8)
Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5274/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5274 - High (8.8)
Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5274/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:31:14
2 posts
🟠 CVE-2026-5278 - High (8.8)
Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5278/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5278 - High (8.8)
Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5278/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:31:13
2 posts
🟠 CVE-2026-5272 - High (8.8)
Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5272/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5272 - High (8.8)
Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5272/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T15:23:23.797000
18 posts
Claude wrote a full FreeBSD remote kernel RCE with root shell: https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
Discussion: http://news.ycombinator.com/item?id=47597119
##Claude wrote a full FreeBSD remote kernel RCE with root shell
Link: https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
Discussion: https://news.ycombinator.com/item?id=47597119
https://github.com/califio/publications/tree/main/MADBugs/CVE-2026-4747
🧐
Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747): https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
Discussion: http://news.ycombinator.com/item?id=47597119
##📰 Today's Top 20 Hacker News Stories (Sorted by Score) 📰
----------------------------------------
🔖 Title: Claude Code Unpacked : A visual guide
🔗 URL: https://ccunpacked.dev/
👍 Score: [944]
💬 Discussion: https://news.ycombinator.com/item?id=47597085
----------------------------------------
🔖 Title: CERN levels up with new superconducting karts
🔗 URL: https://home.cern/news/news/engineering/cern-levels-new-superconducting-karts
👍 Score: [343]
💬 Discussion: https://news.ycombinator.com/item?id=47597935
----------------------------------------
🔖 Title: EmDash – a spiritual successor to WordPress that solves plugin security
🔗 URL: https://blog.cloudflare.com/emdash-wordpress/
👍 Score: [245]
💬 Discussion: https://news.ycombinator.com/item?id=47602832
----------------------------------------
🔖 Title: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
🔗 URL: https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
👍 Score: [198]
💬 Discussion: https://news.ycombinator.com/item?id=47597119
----------------------------------------
🔖 Title: Is BGP safe yet?
🔗 URL: https://isbgpsafeyet.com/
👍 Score: [196]
💬 Discussion: https://news.ycombinator.com/item?id=47600382
----------------------------------------
🔖 Title: Show HN: CLI to order groceries via reverse-engineered REWE API (Haskell)
🔗 URL: https://github.com/yannick-cw/korb
👍 Score: [177]
💬 Discussion: https://news.ycombinator.com/item?id=47571183
----------------------------------------
🔖 Title: NASA Artemis II moon mission live launch broadcast
🔗 URL: https://plus.nasa.gov/scheduled-video/nasas-artemis-ii-crew-launches-to-the-moon-official-broadcast/
👍 Score: [139]
💬 Discussion: https://news.ycombinator.com/item?id=47603657
----------------------------------------
🔖 Title: The OpenAI Graveyard: All the Deals and Products That Haven't Happened
🔗 URL: https://www.forbes.com/sites/phoebeliu/2026/03/31/openai-graveyard-deals-and-products-havent-happened-openai/
👍 Score: [132]
💬 Discussion: https://news.ycombinator.com/item?id=47602565
----------------------------------------
🔖 Title: Intuiting Pratt Parsing
🔗 URL: https://louis.co.nz/2026/03/26/pratt-parsing.html
👍 Score: [121]
💬 Discussion: https://news.ycombinator.com/item?id=47573450
----------------------------------------
🔖 Title: StepFun 3.5 Flash is #1 cost-effective model for OpenClaw tasks (300 battles)
🔗 URL: https://app.uniclaw.ai/arena?tab=costEffectiveness&via=hn
👍 Score: [80]
💬 Discussion: https://news.ycombinator.com/item?id=47602879
----------------------------------------
🔖 Title: Random numbers, Persian code: A mysterious signal transfixes radio sleuths
🔗 URL: https://www.rferl.org/a/mystery-numbers-station-persian-signal-iran-war/33700659.html
👍 Score: [74]
💬 Discussion: https://news.ycombinator.com/item?id=47599510
----------------------------------------
🔖 Title: Consider the Greenland Shark (2020)
🔗 URL: https://www.lrb.co.uk/the-paper/v42/n09/katherine-rundell/consider-the-greenland-shark
👍 Score: [68]
💬 Discussion: https://news.ycombinator.com/item?id=47539945
----------------------------------------
🔖 Title: The Document Foundation ejects its core developers
🔗 URL: https://www.collaboraonline.com/blog/tdf-ejects-its-core-developers/
👍 Score: [67]
💬 Discussion: https://news.ycombinator.com/item?id=47599305
----------------------------------------
🔖 Title: What Is Copilot Exactly?
🔗 URL: https://idiallo.com/blog/what-is-copilot-exactly
👍 Score: [62]
💬 Discussion: https://news.ycombinator.com/item?id=47603231
----------------------------------------
🔖 Title: AI for American-Produced Cement and Concrete
🔗 URL: https://engineering.fb.com/2026/03/30/data-center-engineering/ai-for-american-produced-cement-and-concrete/
👍 Score: [57]
💬 Discussion: https://news.ycombinator.com/item?id=47603737
----------------------------------------
🔖 Title: Show HN: Real-time dashboard for Claude Code agent teams
🔗 URL: https://github.com/simple10/agents-observe
👍 Score: [44]
💬 Discussion: https://news.ycombinator.com/item?id=47602986
----------------------------------------
🔖 Title: Show HN: Zerobox – Sandbox any command with file and network restrictions
🔗 URL: https://github.com/afshinm/zerobox
👍 Score: [36]
💬 Discussion: https://news.ycombinator.com/item?id=47574871
----------------------------------------
🔖 Title: Ada and Spark on ARM Cortex-M – A Tutorial with Arduino and Nucleo Examples
🔗 URL: http://inspirel.com/articles/Ada_On_Cortex.html
👍 Score: [36]
💬 Discussion: https://news.ycombinator.com/item?id=47552144
----------------------------------------
🔖 Title: Randomness on Apple Platforms (2024)
🔗 URL: https://blog.xoria.org/randomness-on-apple-platforms/
👍 Score: [34]
💬 Discussion: https://news.ycombinator.com/item?id=47543205
----------------------------------------
Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
Link: https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
Discussion: https://news.ycombinator.com/item?id=47597119
Claude wrote a full FreeBSD remote kernel RCE with root shell
Link: https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
Discussion: https://news.ycombinator.com/item?id=47597119
https://github.com/califio/publications/tree/main/MADBugs/CVE-2026-4747
🧐
Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
Link: https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
Discussion: https://news.ycombinator.com/item?id=47597119
Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
Link: https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
Discussion: https://news.ycombinator.com/item?id=47597119
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
##Wow, #Claude, you wrote a remote kernel #RCE with a root shell for FreeBSD? 🙄 I’m sure this groundbreaking achievement will be a thrilling bedtime story for security experts everywhere. 🤦♂️ Meanwhile, GitHub is still doing cartwheels about #AI writing better code so we can break it even faster. 💥
https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md #FreeBSD #cybersecurity #coding #HackerNews #ngated
Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
#HackerNews #FreeBSD #RCE #Security #CVE-2026-4747 #RootShell #CyberSecurity
##Claude wrote a full FreeBSD remote kernel RCE with root shell
https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
##@AmenZwa
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) https://lobste.rs/s/hsykbh #freebsd #security #vibecoding
https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
##Claude Wrote a Full #FreeBSD Remote Kernel #RCE with Root Shell (CVE-2026-4747): https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
##updated 2026-04-01T14:24:02.583000
2 posts
🟠 CVE-2026-24165 - High (7.8)
NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24165/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24165 - High (7.8)
NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24165/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2026-30309 - High (7.8)
InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerSh...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30309/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2026-5204 - High (8.8)
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5204/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🔴 CVE-2026-34156 - Critical (9.9)
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34156/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
Our colleague @mal had another look at OpenOLAT and found a nice RCE (CVE-2026-28228 and CVE-2026-28228). If you're interested, details can be found on our blog https://secfault-security.com/blog/openolat-ssti.html
##updated 2026-04-01T14:24:02.583000
2 posts
🔴 CVE-2026-34505 - Critical (9.8)
OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34505/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34505 - Critical (9.8)
OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34505/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2026-32982 - High (7.5)
OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file URLs containing bot tokens are em...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32982/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
2 posts
1 repos
🟠 CVE-2026-5201 - High (7.5)
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5201/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5201 - High (7.5)
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5201/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2026-34040 - High (8.8)
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34040/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2026-32716 - High (8.1)
SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match (startswith). This allows a token with access to a specific path (e.g., /joh...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32716/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:24:02.583000
1 posts
🟠 CVE-2026-34042 - High (8.2)
act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the inte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34042/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
2 posts
🟠 New security advisory:
CVE-2026-34585 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34585-siyuan-xss-to-rce
🟠 CVE-2026-34585 - High (8.6)
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34585/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
4 posts
🟠 CVE-2026-35092 - High (7.5)
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leadi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35092/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35092 - High (7.5)
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leadi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35092/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35092 - High (7.5)
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leadi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35092/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-35092 - High (7.5)
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leadi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35092/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
2 posts
🔴 CVE-2025-15484 - Critical (9.1)
The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, an...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15484/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-15484 - Critical (9.1)
The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, an...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15484/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
1 posts
1 repos
🟠 CVE-2026-4800 - High (8.1)
Impact:
The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Functi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4800/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
1 posts
🟠 CVE-2026-34366 - High (7.6)
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery (SSRF) vulnerability exists in the Payment receipt PDF genera...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34366/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
2 posts
🔴 CVE-2026-34448 - Critical (9)
SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From -> Asset ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34448/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL alert: CVE-2026-34448 in SiYuan (<3.6.2) enables stored XSS, escalating to OS command execution via unsafe Electron configs. Patch to 3.6.2+ & tighten app security! Details: https://radar.offseq.com/threat/cve-2026-34448-cwe-79-improper-neutralization-of-i-36bc82a3 #OffSeq #SiYuan #CVE202634448 #XSS #infosec
##updated 2026-04-01T14:23:37.727000
1 posts
🟠 CVE-2026-3775 - High (7.8)
The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3775/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
1 posts
🟠 CVE-2026-5214 - High (8.8)
A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
2 posts
🟠 CVE-2026-32726 - High (8.1)
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32726/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32726 - High (8.1)
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32726/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T14:23:37.727000
1 posts
🟠 CVE-2026-32725 - High (8.3)
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path fr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32725/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T12:31:34
1 posts
⚠️ CVE-2026-23898: HIGH-severity flaw in Joomla! CMS (4.0.0-5.4.3, 6.0.0-6.0.3) lets admin-level attackers delete arbitrary files, risking DoS or system compromise. Patch ASAP, restrict high-priv accounts, monitor for deletions. https://radar.offseq.com/threat/cve-2026-23898-cwe-73-destructive-file-deletion-an-4b16a48a #OffSeq #Joomla #Vuln
##updated 2026-04-01T06:31:32
1 posts
🟠 CVE-2026-3779 - High (7.8)
The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3779/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T06:11:50
1 posts
🟠 CVE-2026-26060 - High (8.8)
Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic could allow previously issued password reset tokens to remain valid after a user changes their password. As a result, a stale ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26060/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T03:31:46
1 posts
🟠 CVE-2025-13855 - High (7.6)
IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13855/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T03:31:46
1 posts
🟠 CVE-2025-71282 - High (7.5)
XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory structure.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71282/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T03:31:46
1 posts
🟠 CVE-2025-71281 - High (8.8)
XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used instead of a stricter first-word match for methods accessible through callbacks and variable method calls in templates, potential...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71281/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T03:31:46
1 posts
🔴 CVE-2025-71279 - Critical (9.8)
XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71279/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T03:31:46
1 posts
🟠 CVE-2026-35056 - High (8.8)
XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but malicious, admin users. An attacker with admin panel access can execute arbitrary code on the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35056/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-01T00:09:24
1 posts
⚠️ CRITICAL: CVE-2026-34558 in ci4ms (<0.31.0.0) — Stored DOM XSS in Methods Management lets attackers inject persistent JS into admin panels. Patch to 0.31.0.0+ ASAP! Details: https://radar.offseq.com/threat/cve-2026-34558-cwe-79-improper-neutralization-of-i-198231a4 #OffSeq #XSS #Vuln #AppSec
##updated 2026-04-01T00:01:11
2 posts
🔴 CVE-2026-33578 - Critical (9.8)
OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33578/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-33578 - Critical (9.8)
OpenClaw before 2026.3.28 contains a sender policy bypass vulnerability in the Google Chat and Zalouser extensions where route-level group allowlist policies silently downgrade to open policy. Attackers can exploit this policy resolution flaw to b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33578/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T23:52:04
1 posts
🟠 CVE-2026-34503 - High (7.5)
OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access through existing live sessions until forced reconnection.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34503/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T23:30:05
1 posts
🟠 CVE-2026-34453 - High (7.5)
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters boo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34453/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T23:29:01
2 posts
🔴 CVE-2026-34449 - Critical (9.6)
SiYuan is a personal knowledge management system. Prior to version 3.6.2, a malicious website can achieve Remote Code Execution (RCE) on any desktop running SiYuan by exploiting the permissive CORS policy (Access-Control-Allow-Origin: * + Access-C...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34449/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-34449: CRITICAL RCE in SiYuan (<3.6.2) via permissive CORS. Visiting a malicious site while SiYuan runs allows OS-level code exec. Patch to 3.6.2+ ASAP! https://radar.offseq.com/threat/cve-2026-34449-cwe-942-permissive-cross-domain-pol-0cb7b35e #OffSeq #SiYuan #CVE202634449 #RCE #InfoSec
##updated 2026-03-31T23:15:26
1 posts
🟠 CVE-2026-34394 - High (8.1)
WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint (admin/save.json.php) lacks any CSRF token validation. There is no call to isGlobalTokenValid() or verifyToken() before processi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34394/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T23:10:05
1 posts
🟠 CVE-2026-34381 - High (7.5)
Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my_files/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34381/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T23:09:20
1 posts
🟠 CVE-2026-34240 - High (7.5)
JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). Th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T22:51:38
1 posts
🟠 CVE-2026-32727 - High (8.1)
SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot (..) in the scope claim of a token to escape the intended director...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32727/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T22:49:18
1 posts
🔴 CVE-2026-32714 - Critical (9.8)
SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format() to construct SQL queries with user-supplied data (su...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32714/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T22:43:32
1 posts
baserCMS < 5.2.3 hit by CRITICAL OS command injection (CVE-2026-30880, CVSS 9.2). Remote unauthenticated RCE possible via installer. Patch to 5.2.3+ now or restrict installer access! https://radar.offseq.com/threat/cve-2026-30880-cwe-78-improper-neutralization-of-s-5ac38c48 #OffSeq #baserCMS #Vuln #infosec
##updated 2026-03-31T22:22:19
1 posts
🟠 CVE-2025-32957 - High (8.7)
baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-32957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T21:32:22
1 posts
🔴 CVE-2026-3256 - Critical (9.8)
HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids.
HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3256/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T21:32:22
1 posts
🔴 CVE-2026-4851 - Critical (9.8)
GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization.
GRID::Machine provides Remote Procedure Calls (RPC) over SSH for Perl. The client connects to remote hosts to execute code on them. A compro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4851/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T21:32:22
1 posts
🔴 CVE-2025-15618 - Critical (9.1)
Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key.
Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15618/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T21:31:31
3 posts
Critical Authentication Bypass in PX4 Autopilot Allows Remote Drone Takeover
PX4 Autopilot version v1.16.0 is vulnerable to a critical authentication bypass (CVE-2026-1579) that allows unauthenticated attackers to execute arbitrary shell commands via the MAVLink protocol. This flaw enables full system takeover of drones and autonomous vehicles used in defense and transportation.
**If you use PX4 Autopilot, you must enable MAVLink 2.0 message signing to prevent unauthorized command execution. Without this cryptographic check, anyone who can reach your drone's communication interface can take full control of the aircraft.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-px4-autopilot-allows-remote-drone-takeover-h-o-k-m-n/gD2P6Ple2L
🔴 CVE-2026-1579 - Critical (9.8)
The MAVLink communication protocol does not require cryptographic
authentication by default. When MAVLink 2.0 message signing is not
enabled, any message -- including SERIAL_CONTROL, which provides
interactive shell access -- can be sent by an ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1579/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-1579 (CRITICAL): PX4 Autopilot v1.16.0 SITL allows unauthenticated MAVLink commands — attackers can gain shell access if message signing is disabled. Enable MAVLink 2.0 signing now! https://radar.offseq.com/threat/cve-2026-1579-cwe-306-in-px4-autopilot-77f763f3 #OffSeq #CVE20261579 #DroneSec #Security
##updated 2026-03-31T21:31:31
1 posts
🟠 CVE-2026-5212 - High (8.8)
A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5212/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T21:31:31
1 posts
🟠 CVE-2026-5213 - High (8.8)
A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5213/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T21:31:30
1 posts
🟠 CVE-2026-5211 - High (8.8)
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 202602...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5211/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T21:31:19
3 posts
Critical Authentication Bypass in Anritsu Remote Spectrum Monitors Left Unpatched
CISA and Anritsu report a critical authentication bypass vulnerability (CVE-2026-3356) affecting all versions of its Remote Spectrum Monitors, which the company does not plan to patch. The flaw allows unauthenticated remote attackers to take full control of the devices, potentially disrupting critical communications and defense infrastructure.
**Since Anritsu will not patch this critical flaw, these devices are permanently insecure. Make sure to isolate them from the internet and all untrusted networks. Ideally, consider replacing them with hardware that supports modern authentication standards because no isolation is perfect.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-anritsu-remote-spectrum-monitors-left-unpatched-d-4-h-z-o/gD2P6Ple2L
Critical Authentication Bypass in Anritsu Remote Spectrum Monitors Left Unpatched
CISA and Anritsu report a critical authentication bypass vulnerability (CVE-2026-3356) affecting all versions of its Remote Spectrum Monitors, which the company does not plan to patch. The flaw allows unauthenticated remote attackers to take full control of the devices, potentially disrupting critical communications and defense infrastructure.
**Since Anritsu will not patch this critical flaw, these devices are permanently insecure. Make sure to isolate them from the internet and all untrusted networks. Ideally, consider replacing them with hardware that supports modern authentication standards because no isolation is perfect.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-in-anritsu-remote-spectrum-monitors-left-unpatched-d-4-h-z-o/gD2P6Ple2L
⚡️ CVE-2026-3356 (CVSS 9.3): Anritsu MS27100A lacks authentication for management — remote attackers can access & control all versions. No patch yet. Urgent: segment networks & restrict access! https://radar.offseq.com/threat/cve-2026-3356-cwe-306-missing-authentication-for-c-80869dad #OffSeq #CVE20263356 #IoTSecurity #Infosec
##updated 2026-03-31T18:55:52
2 posts
🔴 New security advisory:
CVE-2026-34361 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34361-hapi-fhir-auth-token-theft
🔴 CVE-2026-34361 - Critical (9.3)
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP requests to att...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34361/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:54:47
2 posts
🔴 CVE-2026-34243 - Critical (9.8)
wenxian is a tool to generate BIBTEX files from given identifiers (DOI, PMID, arXiv ID, or paper title). In versions 0.3.1 and prior, a GitHub Actions workflow uses untrusted user input from issue_comment.body directly inside a shell command, allo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34243/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-34243 - Critical (9.8)
wenxian is a tool to generate BIBTEX files from given identifiers (DOI, PMID, arXiv ID, or paper title). In versions 0.3.1 and prior, a GitHub Actions workflow uses untrusted user input from issue_comment.body directly inside a shell command, allo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34243/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:51:31
2 posts
🟠 CVE-2026-34214 - High (7.7)
Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34214 - High (7.7)
Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:51:06
1 posts
🟠 CVE-2026-34209 - High (7.5)
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "<" instead of "<=" against the on-chain settled amoun...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34209/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:41:15
3 posts
1 repos
🟠 CVE-2026-34070 - High (7.5)
LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34070/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34070 - High (7.5)
LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34070/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34070 - High (7.5)
LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchain_core.prompts.loading read files from paths embedded in deserialized config dicts without validating against directo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34070/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:32:38
1 posts
🔴 CVE-2026-2275 - Critical (9.6)
The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2275/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:32:38
1 posts
🟠 CVE-2026-29870 - High (7.6)
A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpoint_dir parameter in OfflineACE.run. The save_to_file method in ace/skillbook.py fails to normalize or valid...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29870/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:31:43
1 posts
🔴 CVE-2026-30282 - Critical (9)
An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30282/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:31:43
1 posts
🟠 CVE-2026-24164 - High (8.8)
NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24164/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:31:38
2 posts
🟠 CVE-2026-24154 - High (7.6)
NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24154/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24154 - High (7.6)
NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, d...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24154/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T18:31:37
1 posts
🟠 CVE-2026-24148 - High (8.3)
NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24148/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T17:12:31.053000
4 posts
📰 F5 BIG-IP Flaw Escalated to Critical 9.8 RCE, Now Under Active Attack
🚨 CRITICAL: F5 reclassifies a BIG-IP flaw (CVE-2025-53521) to a 9.8 CVSS RCE, and it's being actively exploited! Unauthenticated attackers can gain root access. CISA added to KEV. Patch NOW! 🔥 #F5 #BIGIP #CVE #RCE #CyberSecurity
##⚠️ Alerte CERT-FR ⚠️
La vulnérabilité CVE-2025-53521 est activement exploitée et permet de provoquer une exécution de code arbitraire à distance dans F5 Big-IP APM.
📢⚠️ Sicherheitswarnung: Version 1.0: F5 BIG-IP – Aktive Ausnutzung einer #Schwachstelle im Access Policy Manager
Am 27.03.2026 gab der Hersteller F5 ein Advisory heraus, in dem Details zu beobachteten Angriffen auf BIG-IP-Instanzen beschrieben wurden. Im Bericht enthalten waren im Wesentlichen Indicators of Compromise (IoCs), anhand derer eine Ausnutzung von CVE-2025-53521 detektiert werden kann.
Mehr Informationen gibt's hier: https://www.bsi.bund.de/dok/1195766
##F5 BIG-IP APM vulnerability (CVE-2025-53521) escalates to critical 9.8 RCE, actively exploited. Patch now, check IoCs, and secure vulnerable systems immediately.
Read: https://hackread.com/critical-f5-big-ip-flaw-upgrad-to-9-8-rce-exploited/
##updated 2026-03-31T15:32:03
1 posts
🟠 CVE-2026-34504 - High (8.3)
OpenClaw before 2026.3.28 contains a server-side request forgery vulnerability in the fal provider image-generation-provider.ts component that allows attackers to fetch internal URLs. A malicious or compromised fal relay can exploit unguarded imag...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34504/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T15:32:03
2 posts
🔴 CVE-2026-0596 - Critical (9.6)
A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without proper sanitization. If the `model_uri` contains s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0596/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-0596 - Critical (9.6)
A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without proper sanitization. If the `model_uri` contains s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0596/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T15:32:03
1 posts
🔴 CVE-2026-33579 - Critical (9.8)
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the /pair approve command path that fails to forward caller scopes into the core approval check. A caller with pairing privileges but without admin privileges can approve p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33579/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T15:32:03
1 posts
🔴 CVE-2026-33580 - Critical (9.8)
OpenClaw before 2026.3.28 contains a missing rate limiting vulnerability in the Nextcloud Talk webhook authentication that allows attackers to brute-force weak shared secrets. Attackers who can reach the webhook endpoint can exploit this to forge ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33580/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T15:16:22.173000
1 posts
🔴 CVE-2026-5121 - Critical (9.8)
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T13:18:14.213000
6 posts
5 repos
https://github.com/0xBlackash/CVE-2026-3055
https://github.com/l0lsec/check-cve-2026-3055-netscaler
https://github.com/fevar54/CVE-2026-3055---Citrix-NetScaler-Memory-Overread-PoC
https://github.com/RootAid/CVE-2026-3055
https://github.com/fevar54/CVE-2026-3055-Scanner---Herramienta-de-Detecci-n
Most security is passive. Your firewall is a bouncer; your antivirus is a janitor. The Ransier Sentinel (TRS) is different. Built on ARM64, it identifies threats like CVE-2026-3055 in real-time and welds the door shut before the breach. Active sovereignty for your precinct. 🛡️ #TheCyberMind #TRS
##Critical Citrix NetScaler Vulnerability CVE-2026-3055 Exploited in the Wild
Citrix NetScaler ADC and Gateway are facing active exploitation of a critical memory overread vulnerability, CVE-2026-3055 (CVSS score 9.3), which allows unauthenticated attackers to steal administrative session IDs and sensitive data.
**If you are using NetScaler, this is now urgent - the devices are under attack. If possible, make sure your NetScaler ADC and Gateway appliances are isolated from the internet and accessible from trusted networks only. Them plan an urgent update. Update the firmware to the fixed versions (14.1-66.59, 13.1-62.23, or 13.1-37.262 for FIPS/NDcPP).**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-citrix-netscaler-memory-overread-vulnerability-exploited-in-the-wild-l-i-k-1-a/gD2P6Ple2L
March 31, 2026
Axios npm Supply Chain Attack Deploys Cross-Platform RAT
A supply chain attack compromised the widely used Axios HTTP client library on npm, affecting versions 1.14.1 and 0.30.4. The attacker hijacked a maintainer account and injected a malicious dependency called "plain-crypto-js," which delivers a remote access trojan capable of executing arbitrary commands, exfiltrating data, and persisting across Windows, macOS, and Linux systems. Socket's automated detection flagged the package within six minutes of publication. With Axios receiving approximately 100 million weekly downloads, the blast radius is significant. The attack was carefully staged: payloads for three operating systems were pre-built, both release branches were hit within 39 minutes, and every trace was designed to self-destruct.
European Commission Confirms Cloud Data Breach
The European Commission confirmed a cyberattack affecting its cloud infrastructure hosting the Europa.eu platform. The ShinyHunters extortion gang claimed responsibility, posting screenshots suggesting possession of approximately 350 GB of data including mail server contents, databases, and confidential documents. The Commission stated its internal systems were not affected. This marks the second breach of EU institutions this year, following an earlier compromise of the Commission's mobile device management platform.
Citrix NetScaler Vulnerability Under Active Exploitation
CISA added CVE-2026-3055—a critical out-of-bounds read vulnerability (CVSS 9.3) in Citrix NetScaler ADC and Gateway—to its known exploited vulnerabilities list on March 30, based on evidence of active exploitation. The flaw affects systems configured as SAML Identity Providers and can leak sensitive memory contents. Threat actors have been probing honeypots to enumerate vulnerable configurations since at least March 27.
Iran-Linked Cyber Campaigns Escalate Amid Conflict
Iranian-linked groups have mounted nearly 5,800 cyberattacks since hostilities began, according to security firm DigiCert. A recent operation targeted Israeli Android users with texts offering bomb shelter information that instead downloaded spyware granting access to cameras, location data, and all device contents. Palo Alto's Unit 42 has identified 7,381 conflict-themed phishing URLs across 1,881 unique hostnames.
Iran's AI Deepfake Campaign Draws Hundreds of Millions of Views
A pro-Iran disinformation campaign has generated over 145 million views and nine million interactions across social media platforms. The New York Times identified more than 110 unique deepfakes conveying pro-Iran messaging in a two-week span. The majority are produced by Iranian government-linked networks and amplified by Russian and Chinese information ecosystems. The campaign uses tens of thousands of fake accounts to portray Iran as victorious and its adversaries as weakened. X announced it would penalize creators who post unlabeled AI war content by removing them from revenue-sharing for 90 days.
Russia–China–Iran Convergence in Cognitive Warfare
A Small Wars Journal analysis published March 18 documents how Russia, Iran, and China are coordinating narrative warfare to erode Western cohesion. Russia's 2026 budget increased information operations funding by 54%, adding $458 million for state-run media. Generative AI allows a single adversary to manage thousands of personas producing unique content at scale, while China uses state-aligned media accounts to echo anti-U.S. narratives.
Russia Expels British Diplomat on Espionage Allegations
Russia's FSB ordered the expulsion of British Embassy second secretary Albertus Gerhardus Janse van Rensburg, accusing him of economic espionage and providing false information to obtain entry to Russia. The FSB alleged he attempted to obtain sensitive information during informal meetings with Russian economic experts. The British Embassy dismissed the allegations as "completely unacceptable." Russian state TV reported he is the 16th British diplomat expelled over the past two years.
Pakistan-Linked Spy Network Dismantled in India
Indian police arrested 22 individuals operating a Pakistan-linked espionage network that used solar-powered CCTV cameras and GPS-enabled apps to monitor troop movements and critical infrastructure. The network installed surveillance equipment along the Delhi-Jammu railway corridor, with cameras recovered from Delhi Cantonment and Haryana's Sonipat found actively transmitting footage to Pakistan-based handlers. Nearly 50 such installations were planned nationwide. The Indian government has ordered a nationwide CCTV audit in response.
Russia Shifts to Vulnerable Recruits for European Operations
Following the mass expulsion of Russian intelligence officers from Europe, the GRU and FSB have shifted to recruiting financially vulnerable Europeans—including migrants, criminals, and the unemployed—for low-level sabotage and surveillance. Former Wagner Group operatives have been tasked with identifying recruits willing to carry out arson, assaults, or vandalism for small payments. More than 150 suspected hybrid incidents linked to Russia have been reported across the EU and NATO in early 2026.
ODNI Releases 2026 Annual Threat Assessment
DNI Gabbard released the 2026 Annual Threat Assessment on March 26. The report identifies lone wolf attackers as the most likely terrorist threat to the U.S. homeland, highlights Mexican cartels and Venezuelan organized crime as top domestic concerns, and warns that nuclear-capable adversaries could collectively field more than 16,000 missiles by 2035. The assessment also flags AI and quantum computing as critical emerging technology challenges, alongside cyberthreats from China and North Korea.
##RE: https://social.bund.de/@bsi/116295890584639194
📢⚠️ Update zur Sicherheitswarnung: Version 1.1: #Citrix NetScaler ADC & Gateway – #Schwachstellen gefährden Organisationen.
Seit dem Wochenende häufen sich Berichte über Angriffe auf Citrix-Systeme [WAT26], [XCO26]. So finden mindestens seit dem 27. März Angriffsversuche mithilfe von CVE-2026-3055 statt.
Mehr Informationen findet ihr hier: https://www.bsi.bund.de/dok/1195484
##Comme suite à la publication de la pertinente, agréable et incontournable PART 2 de l'analyse de watchTowr:
les nouveaux scans basés sur la présence de
GET /wsfed/passive?wctx
aka "This is Bad™" 😁
plutôt que sur la version, réduisent considérablement le nombre d'appliances exposées.
On passe à une petite centaine d'appliances potentiellement vulnérables sur les internets publics :gentleblob: , dont quelques-unes en Suisse selon ONYPHE. 📉
(CVE-2026-3055 couvre en réalité au moins deux vulnérabilités distinctes de memory overread — /saml/login et /wsfed/passive?wctx ce qui est, disons… discutable™" de la part de Citrix.)
##https://www.sentinelone.com/vulnerability-database/cve-2026-3055/
##updated 2026-03-31T12:31:42
1 posts
🔴 CVE-2026-32920 - Critical (9.8)
OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32920/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T12:31:42
1 posts
🔴 CVE-2026-32917 - Critical (9.8)
OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32917/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T12:31:42
2 posts
🟠 CVE-2026-34506 - High (7.5)
OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty group...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34506/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34506 - High (7.5)
OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty group...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34506/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T12:31:42
2 posts
🟠 CVE-2026-32988 - High (7.5)
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32988/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32988 - High (7.5)
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers can exploit a race condition in parent-path...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32988/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T12:31:42
1 posts
🟠 CVE-2026-32916 - High (7.7)
OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32916/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T12:31:42
1 posts
🟠 CVE-2026-34509 - High (7.5)
OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty group...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34509/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T12:31:42
1 posts
🔴 CRITICAL: CVE-2026-4317 in Umami 3.0.2 enables authenticated SQL injection via 'timezone' param. No patch yet — sanitize inputs, use parameterized queries, and enforce least privilege. Protect your data! https://radar.offseq.com/threat/cve-2026-4317-cwe-89-improper-neutralization-of-sp-e769b7b4 #OffSeq #CVE20264317 #SQLInjection #Vuln
##updated 2026-03-31T09:31:48
2 posts
🟠 CVE-2025-10551 - High (8.7)
A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10551/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-10551 - High (8.7)
A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10551/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T09:31:48
1 posts
🟠 CVE-2025-10553 - High (8.7)
A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10553/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T03:31:35
2 posts
🚨 CRITICAL: CVE-2026-3300 in Everest Forms Pro (all versions) enables unauthenticated RCE via "Complex Calculation" forms. Disable the feature or restrict access ASAP. No patch yet — monitor for updates. https://radar.offseq.com/threat/cve-2026-3300-cwe-94-improper-control-of-generatio-6c6e7217 #OffSeq #WordPress #CVE20263300 #RCE
##🔴 CVE-2026-3300 - Critical (9.8)
The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_filter() function concatenating user-submitted fo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3300/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-31T03:31:35
1 posts
🟠 CVE-2026-4020 - High (7.5)
The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permission_callback ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4020/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-30T20:51:04
1 posts
3 repos
https://github.com/ugurrates/teampcp-supply-chain-attack
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-30T15:31:35
4 posts
2 repos
Critical Fortinet FortiClient EMS SQL Injection Vulnerability Exploited in the Wild
Fortinet's FortiClient EMS is being exploited via a critical SQL injection vulnerability (CVE-2026-21643) that allows unauthenticated remote code execution.
**If you are using FortiClientEMS this is urgent: Make sure the management interface is isolated from the internet and accessible only from trusted networks. Then plan an immediate patch if you are on 7.4 versions. Attackers are exploiting this flaw.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-fortinet-forticlient-ems-sql-injection-vulnerability-exploited-in-the-wild-v-0-x-k-g/gD2P6Ple2L
CVE-2026-21643 – Cette faille critique dans FortiClient EMS est exploitée ! https://www.it-connect.fr/cve-2026-21643-cette-faille-critique-dans-forticlient-ems-est-exploitee/ #ActuCybersécurité #Cybersécurité #Fortinet
##Pre-Authentication SQL Injection in FortiClient EMS 7.4.4 - CVE-2026-21643
#CVE_2026_21643
https://bishopfox.com/blog/cve-2026-21643-pre-authentication-sql-injection-in-forticlient-ems-7-4-4
Critical supply chain attack on Axios npm distributed a Remote Access Trojan (RAT) via a `plain-crypto-js` dependency. Fortinet faces active exploitation of a critical SQL injection flaw (CVE-2026-21643). Geopolitically, Iran-US tensions escalate; a Kuwaiti oil tanker was hit, and Yemen launched strikes against Israeli sites.
##updated 2026-03-30T13:26:07.647000
2 posts
A CVE ID has been assigned: https://www.cve.org/CVERecord?id=CVE-2026-34475
##A CVE ID has been assigned: https://www.cve.org/CVERecord?id=CVE-2026-34475
##updated 2026-03-26T15:41:23
1 posts
6 repos
https://github.com/z4yd3/PoC-CVE-2026-33017
https://github.com/SimoesCTT/Sovereign-Echo-33017
https://github.com/omer-efe-curkus/CVE-2026-33017-Langflow-RCE-PoC
https://github.com/MaxMnMl/langflow-CVE-2026-33017-poc
Langflow – À peine dévoilée, déjà exploitée : attention à cette faille critique https://www.it-connect.fr/langflow-cve-2026-33017-cyberattaques-mars-2026/ #ActuCybersécurité #Cybersécurité
##updated 2026-03-25T17:39:37.227000
2 posts
There is a bunch of buzz along the lines of "Apple FINALLY backports DarkSword related fixes to 18.x and will release this on April 1".
Based on publicly available information this is incorrect.
What Apple has actually done broadened the device models that are eligible to upgrade to iOS/iPadOS 18.
Per Google [1] every vuln in the DarkSword kit except for CVE-2026-20700 had already been patched in iOS 18 as of 18.7.3 which was released on Dec 12, 2025.
Per Apple [2], CVE-2026-20700 is not included in 18.7.7 which was released today.
Apple has placed an easy to miss note at the top of the release notes:
"We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called Darksword. The fixes associated with the Darksword exploit first shipped in 2025."
Unfortunately I don't see an indication of which devices are newly eligible to upgrade to iOS/iPadOS 18.
References:
Google DarkSword writeup - https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
Apple iOS/iPadOS 18.7.7 release notes:
https://support.apple.com/en-us/126793
There is a bunch of buzz along the lines of "Apple FINALLY backports DarkSword related fixes to 18.x and will release this on April 1".
Based on publicly available information this is incorrect.
What Apple has actually done broadened the device models that are eligible to upgrade to iOS/iPadOS 18.
Per Google [1] every vuln in the DarkSword kit except for CVE-2026-20700 had already been patched in iOS 18 as of 18.7.3 which was released on Dec 12, 2025.
Per Apple [2], CVE-2026-20700 is not included in 18.7.7 which was released today.
Apple has placed an easy to miss note at the top of the release notes:
"We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called Darksword. The fixes associated with the Darksword exploit first shipped in 2025."
Unfortunately I don't see an indication of which devices are newly eligible to upgrade to iOS/iPadOS 18.
References:
Google DarkSword writeup - https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
Apple iOS/iPadOS 18.7.7 release notes:
https://support.apple.com/en-us/126793
updated 2026-03-23T15:31:40
2 posts
4 repos
https://github.com/danindiana/cve-2026-32746-mitigation
https://github.com/chosenonehacks/CVE-2026-32746
https://github.com/jeffaf/cve-2026-32746
https://github.com/watchtowrlabs/watchtowr-vs-telnetd-CVE-2026-32746
A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE) https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/
##A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE) https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/
##updated 2026-03-20T17:26:11
1 posts
1 repos
CVE-2026-4342 in Kubernetes ingress-nginx: annotation combo = config injection = RCE + Secrets leak. CVSS 8.8. Default controller sees ALL cluster Secrets. Patch now.
##updated 2026-03-20T13:39:46.493000
1 posts
1 repos
https://github.com/watchtowrlabs/watchTowr-vs-BMC-Footprints-RCE-CVE-2025-71257-CVE-2025-71260
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-18T06:31:20
2 posts
6 repos
https://github.com/fevar54/CVE-2026-3888-POC-all-from-the-Qualys-platform.
https://github.com/DanielTangnes/CVE-2026-3888
https://github.com/Many-Hat-Group/Ubuntu-CVE-2026-3888-patcher
https://github.com/netw0rk7/CVE-2026-3888-PoC
https://github.com/TheCyberGeek/CVE-2026-3888-snap-confine-systemd-tmpfiles-LPE
updated 2026-03-16T14:53:07.390000
1 posts
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-11T06:31:47
1 posts
3 repos
https://github.com/p3Nt3st3r-sTAr/CVE-2026-2413-POC
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-09T15:30:47
1 posts
2 repos
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-06T21:56:51
1 posts
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-05T17:57:37.233000
1 posts
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-04T18:32:57
1 posts
10 repos
https://github.com/fevra-dev/GitExpose
https://github.com/DeathShotXD/0xKern3lCrush-Foreverday-BYOVD-CVE-2026-0828
https://github.com/keyuraghao/CVE-2025-20260
https://github.com/magercode/List-CVE-2025-2026
https://github.com/R3lva/CVE-2025-54100-BYPASS-
https://github.com/wcnmwcis/CVE-2026-22777
https://github.com/ANYLNK/STProcessMonitorBYOVD
https://github.com/jordan922/cve2025-20265
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-04T12:30:39
1 posts
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-03-03T21:52:29.877000
1 posts
2 repos
📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 6145
Severity:
- Critical: 615
- High: 2408
- Medium: 2575
- Low: 237
- None: 310
Status:
- : 52
- Analyzed: 2872
- Awaiting Analysis: 2622
- Modified: 245
- Received: 185
- Rejected: 58
- Undergoing Analysis: 111
Top CNAs:
- GitHub, Inc.: 1471
- Patchstack: 699
- VulnCheck: 594
- VulDB: 577
- MITRE: 381
- Wordfence: 308
- kernel.org: 180
- Microsoft Corporation: 97
- Apple Inc.: 89
- Adobe Systems Incorporated: 86
Top Affected Products:
- UNKNOWN: 3040
- Openclaw: 173
- Google Android: 101
- Apple Macos: 79
- Google Chrome: 75
- Wwbn Avideo: 65
- Parseplatform Parse-server: 56
- Mozilla Firefox: 48
- Apple Ipados: 44
- Open-emr Openemr: 44
Top EPSS Score:
- CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058)
- CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492)
- CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025)
- CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971)
- CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337)
- CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634)
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
updated 2026-02-10T18:30:53
1 posts
1 repos
Yet another abuse of the missing "CrossDevice.Streaming.Source.dll" DLL!
After CVE-2025-24076 / CVE-2025-24076 found by Compass Security, Researcher Oscar Zanotti Campo found another vulnerability that he could exploit using the built-in misconfigured COM class referencing this DLL. This is CVE-2026-21508. 🔥
👉 https://0xc4r.github.io/posts/CVE-2026-21508/
👉 https://github.com/0xc4r/CVE-2026-21508_POC/
👉 https://blog.0patch.com/2026/03/micropatches-released-for-windows.html
updated 2026-02-08T12:30:36
1 posts
11 repos
https://github.com/gavz/CVE-2026-21509-PoC
https://github.com/SimoesCTT/CTT-MICROSOFT-OFFICE-OLE-MANIFOLD-BYPASS-CVE-2026-21509
https://github.com/YoussefMami/CVE2026_21509
https://github.com/0xc4r/CVE-2026-21508_POC
https://github.com/ksk-itdk/KSK-ITDK-CVE-2026-21509-Mitigation
https://github.com/suuhm/CVE-2026-21509-handler
https://github.com/decalage2/detect_CVE-2026-21509
https://github.com/DameDode/CVE-2026-21509-POC
https://github.com/kaizensecurity/CVE-2026-21509
Yet another abuse of the missing "CrossDevice.Streaming.Source.dll" DLL!
After CVE-2025-24076 / CVE-2025-24076 found by Compass Security, Researcher Oscar Zanotti Campo found another vulnerability that he could exploit using the built-in misconfigured COM class referencing this DLL. This is CVE-2026-21508. 🔥
👉 https://0xc4r.github.io/posts/CVE-2026-21508/
👉 https://github.com/0xc4r/CVE-2026-21508_POC/
👉 https://blog.0patch.com/2026/03/micropatches-released-for-windows.html
updated 2026-01-13T22:24:20.380000
1 posts
39 repos
https://github.com/Systemhaus-Schulz/MongoBleed-CVE-2025-14847
https://github.com/j0lt-github/mongobleedburp
https://github.com/JemHadar/MongoBleed-DFIR-Triage-Script-CVE-2025-14847
https://github.com/Black1hp/mongobleed-scanner
https://github.com/cybertechajju/CVE-2025-14847_Expolit
https://github.com/franksec42/mongobleed-exploit-CVE-2025-14847
https://github.com/14mb1v45h/CYBERDUDEBIVASH-MONGODB-DETECTOR-v2026
https://github.com/ProbiusOfficial/CVE-2025-14847
https://github.com/sahar042/CVE-2025-14847
https://github.com/saereya/CVE-2025-14847---MongoBleed
https://github.com/sho-luv/MongoBleed
https://github.com/waheeb71/CVE-2025-14847
https://github.com/joshuavanderpoll/CVE-2025-14847
https://github.com/Rishi-kaul/CVE-2025-14847-MongoBleed
https://github.com/lincemorado97/CVE-2025-14847
https://github.com/alexcyberx/CVE-2025-14847_Expolit
https://github.com/InfoSecAntara/CVE-2025-14847-MongoDB
https://github.com/pedrocruz2202/pedrocruz2202.github.io
https://github.com/keraattin/Mongobleed-Detector-CVE-2025-14847
https://github.com/tunahantekeoglu/MongoDeepDive
https://github.com/vfa-tuannt/CVE-2025-14847
https://github.com/CadGoose/MongoBleed-CVE-2025-14847-Fully-Automated-scanner
https://github.com/chinaxploiter/CVE-2025-14847-PoC
https://github.com/kuyrathdaro/cve-2025-14847
https://github.com/sakthivel10q/CVE-2025-14847
https://github.com/sakthivel10q/sakthivel10q.github.io
https://github.com/Security-Phoenix-demo/mongobleed-exploit-CVE-2025-14847
https://github.com/ElJoamy/MongoBleed-exploit
https://github.com/FurkanKAYAPINAR/CVE-2025-14847-MongoBleed-Exploit
https://github.com/im-hanzou/mongobleed
https://github.com/peakcyber-security/CVE-2025-14847
https://github.com/pedrocruz2202/mongobleed-scanner
https://github.com/onewinner/CVE-2025-14847
https://github.com/0xBlackash/CVE-2025-14847
https://github.com/AdolfBharath/mongobleed
https://github.com/nma-io/mongobleed
https://github.com/amnnrth/CVE-2025-14847
https://github.com/KingHacker353/CVE-2025-14847_Expolit
https://github.com/NoNameError/MongoBLEED---CVE-2025-14847-POC-
Mongobleed - CVE-2025-14847 https://doublepulsar.com/merry-christmas-day-have-a-mongodb-security-incident-9537f54289eb
##updated 2026-01-13T15:05:00
1 posts
11 repos
https://github.com/bgarz929/Ashwesker-CVE-2026-21858
https://github.com/cropnet/Ni8mare
https://github.com/Chocapikk/CVE-2026-21858
https://github.com/Alhakim88/CVE-2026-21858
https://github.com/SystemVll/CVE-2026-21858
https://github.com/0xBlackash/CVE-2026-21858
https://github.com/sec-dojo-com/CVE-2026-21858
https://github.com/EQSTLab/CVE-2026-21858
Ni8mare - Unauthenticated Remote Code Execution in n8n (CVE-2026-21858) https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858
##updated 2025-12-30T21:07:16
1 posts
ruby3.2 (3.2.3-1ubuntu0.24.04.7)
CVE-2025-61594へのセキュリティ対応
libruby3.2
#Mastodon v4.5 ではruby 3.4.7になっています。これは gem uri (default: 1.0.4)で、今回のCVEは uri 1.0.3 までが影響を受けるので、Mastodon v4.5 なら問題なさそうです。
pollinatee (4.33-3.1ubuntu1.3)
CVEセキュリティ対応ではない。
updated 2025-12-24T01:08:11
1 posts
2 repos
LangGrinch: A Bug in the Library, A Lesson for the Architecture https://amlalabs.com/blog/langgrinch-cve-2025-68664/
##updated 2025-11-03T21:35:11
2 posts
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems https://thehackernews.com/2026/03/hackers-exploit-cve-2025-32975-cvss-100.html
##Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems https://thehackernews.com/2026/03/hackers-exploit-cve-2025-32975-cvss-100.html
##updated 2025-10-24T13:42:55.550000
1 posts
14 repos
https://github.com/akshthejo/CVE-2023-4966-exploit
https://github.com/jmussmann/cve-2023-4966-iocs
https://github.com/morganwdavis/overread
https://github.com/dinosn/citrix_cve-2023-4966
https://github.com/RevoltSecurities/CVE-2023-4966
https://github.com/mlynchcogent/CVE-2023-4966-POC
https://github.com/0xKayala/CVE-2023-4966
https://github.com/s-bt/CVE-2023-4966
https://github.com/IceBreakerCode/CVE-2023-4966
https://github.com/vignesh-hp/LockBit-Ransomware-Analysis
https://github.com/byte4RR4Y/CVE-2023-4966
https://github.com/Chocapikk/CVE-2023-4966
CISA just added CVE-2023-4966 to its Known Exploited Vulnerabilities catalog and is giving federal agencies until Thursday to patch Citrix Net Scaler devices.
Read more: https://steelefortress.com/botzi1
InfoSec #Cybersecurity #Security
##updated 2025-08-12T21:44:25
1 posts
1 repos
🟠 CVE-2026-4800 - High (8.1)
Impact:
The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Functi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4800/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2025-07-17T13:10:35.760000
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2025-07-17T13:09:56.670000
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2025-07-17T13:01:49.327000
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2025-07-17T12:50:47.377000
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2025-07-17T12:38:13.340000
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2025-07-09T18:08:46
1 posts
3 repos
https://github.com/darshjme/mcp-security-audit
When OAuth Becomes a Weapon: Lessons from CVE-2025-6514 https://amlalabs.com/blog/oauth-cve-2025-6514/
##updated 2025-07-07T17:24:22.777000
1 posts
1 repos
Yet another abuse of the missing "CrossDevice.Streaming.Source.dll" DLL!
After CVE-2025-24076 / CVE-2025-24076 found by Compass Security, Researcher Oscar Zanotti Campo found another vulnerability that he could exploit using the built-in misconfigured COM class referencing this DLL. This is CVE-2026-21508. 🔥
👉 https://0xc4r.github.io/posts/CVE-2026-21508/
👉 https://github.com/0xc4r/CVE-2026-21508_POC/
👉 https://blog.0patch.com/2026/03/micropatches-released-for-windows.html
updated 2025-05-13T18:31:00
1 posts
Microsoft Brokering File System Elevation of Privilege Vulnerability (CVE--2025-29970) https://www.pixiepointsecurity.com/blog/nday-cve-2025-29970/
##updated 2024-04-11T21:18:07
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-11T21:18:06
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-04T05:43:02
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-04T05:43:02
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-04T05:42:59
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-04T05:42:57
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-04T05:42:52
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-04T05:42:52
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-04T05:42:52
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-04T04:05:11
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##updated 2024-04-04T04:05:08
1 posts
#OT #Advisory VDE-2026-003
Endress+Hauser: Multiple products prone to multiple vulnerabilities in e!Runtime and CODESYS V3 Runtime
Multiple Endress+Hauser devices are prone to vulnerabilities found in e!Runtime and the CODESYS V3 framework.
#CVE CVE-2022-47390, CVE-2022-47389, CVE-2022-47388, CVE-2022-47387, CVE-2022-47386, CVE-2022-47385, CVE-2022-47384, CVE-2022-47383, CVE-2022-47382, CVE-2022-47381, CVE-2022-47380, CVE-2022-47379, CVE-2022-47391, CVE-2022-47393, CVE-2022-47392, CVE-2022-47378
https://certvde.com/en/advisories/vde-2026-003/
#CSAF https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-003.json
##🟠 CVE-2026-34365 - High (7.6)
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery (SSRF) vulnerability exists in the Estimate PDF generation mo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34365/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34367 - High (7.6)
InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery (SSRF) vulnerability exists in the Invoice PDF generation mod...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34367/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-5190 - High (7.5)
Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0.6.0 might allow a third party operating a server to cause memory corruption leading to arbitrary code execution on a client application that processes crafted ev...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5190/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34163 - High (7.7)
FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, FastGPT's MCP (Model Context Protocol) tools endpoints (/api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool) accept a user-supplied URL parameter and make server-s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34163/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34054 - High (7.8)
vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patche...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34054/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##