| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-56265 | 9.8 | 0.00% | 2 | 0 | 2026-06-21T14:16:24.980000 | Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a h | |
| CVE-2026-12786 | 7.8 | 0.00% | 2 | 0 | 2026-06-21T09:30:57 | A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76 | |
| CVE-2026-12784 | 7.8 | 0.00% | 2 | 0 | 2026-06-21T09:30:51 | A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This a | |
| CVE-2026-12781 | 7.8 | 0.00% | 2 | 0 | 2026-06-21T09:30:50 | A vulnerability was identified in EaseUS Partition Master up to 14.5. The affect | |
| CVE-2026-12782 | 7.8 | 0.00% | 2 | 0 | 2026-06-21T09:30:50 | A security flaw has been discovered in EaseUS Partition Master up to 14.5. The i | |
| CVE-2026-56099 | 5.3 | 0.00% | 1 | 0 | 2026-06-21T09:16:26.140000 | OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulner | |
| CVE-2025-20701 | 8.8 | 4.30% | 2 | 0 | 2026-06-21T09:16:24.777000 | In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth aud | |
| CVE-2026-12780 | 7.8 | 0.00% | 2 | 0 | 2026-06-21T06:32:14 | A vulnerability was determined in AOMEI Backupper up to 8.3.0. Impacted is an un | |
| CVE-2026-12779 | 7.8 | 0.00% | 2 | 0 | 2026-06-21T06:16:22.807000 | A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issu | |
| CVE-2026-12774 | 6.3 | 0.00% | 2 | 0 | 2026-06-21T04:16:31.717000 | A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affe | |
| CVE-2026-5366 | 9.9 | 0.00% | 2 | 0 | 2026-06-20T18:31:35 | Prefect version 3.6.23 is vulnerable to remote code execution due to improper ha | |
| CVE-2026-48939 | None | 0.00% | 2 | 0 | 2026-06-20T15:32:25 | A vulnerability in the iCagenda extension for Joomla allows the upload of arbitr | |
| CVE-2026-48909 | None | 0.00% | 2 | 1 | 2026-06-20T15:32:23 | SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie dat | |
| CVE-2026-48908 | None | 0.00% | 2 | 1 | 2026-06-20T15:32:23 | A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary | |
| CVE-2026-11912 | 7.5 | 0.00% | 2 | 1 | 2026-06-20T09:16:15.460000 | The Simple File List plugin for WordPress is vulnerable to arbitrary file modifi | |
| CVE-2026-11911 | 7.5 | 0.00% | 2 | 0 | 2026-06-20T09:16:13.910000 | The Simple File List plugin for WordPress is vulnerable to arbitrary file deleti | |
| CVE-2026-9843 | 8.1 | 0.00% | 3 | 0 | 2026-06-20T03:32:36 | The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress i | |
| CVE-2026-56082 | 7.5 | 0.00% | 2 | 0 | 2026-06-20T00:34:15 | Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnera | |
| CVE-2026-56081 | 9.1 | 0.00% | 4 | 0 | 2026-06-20T00:34:14 | Cap-go before 12.128.2 contains an authentication logic flaw that lets an attack | |
| CVE-2026-56073 | 9.4 | 0.00% | 2 | 0 | 2026-06-20T00:34:08 | Cap-go before 12.128.2 contains an authentication bypass vulnerability in OTP ve | |
| CVE-2026-11551 | 9.8 | 0.00% | 5 | 3 | 2026-06-20T00:16:15.580000 | The Branda plugin for WordPress is vulnerable to privilege escalation via accoun | |
| CVE-2026-9375 | 7.5 | 0.00% | 1 | 0 | 2026-06-19T21:32:59 | urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its stream | |
| CVE-2026-47645 | 8.8 | 0.00% | 1 | 0 | 2026-06-19T21:32:59 | Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's B | |
| CVE-2026-42824 | 6.5 | 0.50% | 1 | 0 | 2026-06-19T21:16:42.893000 | Missing authentication for critical function in M365 Copilot allows an unauthori | |
| CVE-2026-32208 | 8.8 | 0.00% | 1 | 0 | 2026-06-19T21:16:41.883000 | Improper neutralization of input during web page generation ('cross-site scripti | |
| CVE-2026-48772 | 10.0 | 0.00% | 2 | 0 | 2026-06-19T20:16:17.803000 | ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions | |
| CVE-2026-39999 | None | 0.00% | 2 | 0 | 2026-06-19T18:32:31 | Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker | |
| CVE-2026-49287 | 7.4 | 0.00% | 2 | 0 | 2026-06-19T18:16:19.617000 | Statamic is a Laravel and Git powered content management system (CMS). Prior to | |
| CVE-2026-11718 | None | 0.20% | 1 | 0 | 2026-06-19T16:59:28 | An authentication bypass vulnerability exists in the generic opaque token valida | |
| CVE-2026-56142 | 9.9 | 0.00% | 1 | 0 | 2026-06-19T15:33:25 | In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.14812 | |
| CVE-2026-50242 | 10.0 | 0.00% | 1 | 0 | 2026-06-19T15:33:15 | In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.14812 | |
| CVE-2026-12530 | 7.3 | 0.30% | 1 | 0 | 2026-06-19T14:46:33 | ### Summary The AWS Bedrock AgentCore Python SDK (bedrock-agentcore) is an open- | |
| CVE-2026-9142 | 9.1 | 0.00% | 2 | 0 | 2026-06-19T14:16:24.423000 | There is an insecure default credentials vulnerability in NI grpc-device when TL | |
| CVE-2026-48814 | 9.1 | 0.30% | 1 | 0 | 2026-06-19T13:34:25 | ## Advisory / Disclosure # Network-AI — CVE-2026-46701 fix is incomplete: the " | |
| CVE-2026-56141 | 9.8 | 0.00% | 1 | 0 | 2026-06-19T13:16:37.203000 | In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.14812 | |
| CVE-2026-46461 | 7.8 | 0.00% | 1 | 0 | 2026-06-19T08:16:16.840000 | Dell Server Hardware Manager, versions prior to 3.2.2, contains an Improper Acce | |
| CVE-2026-8713 | 9.1 | 0.00% | 1 | 0 | 2026-06-19T06:32:02 | The Avada (Fusion) Builder plugin for WordPress is vulnerable to arbitrary file | |
| CVE-2026-7515 | 9.8 | 0.00% | 1 | 2 | 2026-06-19T06:17:10.430000 | The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in | |
| CVE-2026-54414 | 9.8 | 0.00% | 1 | 0 | 2026-06-19T06:17:09.830000 | FileRise before 3.16.0 is vulnerable to path traversal in the shared-folder uplo | |
| CVE-2026-54104 | 8.8 | 0.00% | 2 | 0 | 2026-06-19T06:17:09.720000 | The U.S. Government Accountability Office (GAO) Electronic Protest Docketing Sys | |
| CVE-2026-54103 | 9.8 | 0.00% | 3 | 0 | 2026-06-19T06:17:09.580000 | The U.S. Government Accountability Office (GAO) Electronic Protest Docketing Sys | |
| CVE-2026-12044 | 8.8 | 0.00% | 1 | 0 | 2026-06-19T00:31:46 | SQL injection in pgAdmin 4 across every dialog template that renders ``COMMENT O | |
| CVE-2026-40624 | 9.8 | 0.00% | 1 | 0 | 2026-06-19T00:31:46 | Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras | |
| CVE-2026-12048 | 9.3 | 0.00% | 1 | 0 | 2026-06-19T00:31:46 | Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-renderi | |
| CVE-2026-56075 | 8.8 | 0.00% | 1 | 0 | 2026-06-19T00:31:41 | PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerabi | |
| CVE-2026-47633 | 7.5 | 0.00% | 1 | 0 | 2026-06-19T00:31:41 | Exposure of sensitive information to an unauthorized actor in Cost Management In | |
| CVE-2026-54130 | 9.8 | 0.00% | 1 | 0 | 2026-06-19T00:31:41 | Missing authentication for critical function in M365 Copilot allows an unauthori | |
| CVE-2026-32174 | 7.7 | 0.00% | 1 | 0 | 2026-06-19T00:31:37 | Improper authentication in Azure Bot Service allows an authorized attacker to el | |
| CVE-2026-47647 | 9.9 | 0.00% | 1 | 0 | 2026-06-18T22:16:31.747000 | Improper access control in Microsoft Dynamics 365 allows an authorized attacker | |
| CVE-2026-48937 | 5.3 | 0.00% | 1 | 0 | 2026-06-18T21:32:38 | A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data eve | |
| CVE-2026-47846 | 9.8 | 0.00% | 2 | 0 | 2026-06-18T21:16:29.190000 | Bitnami Cassandra container images are affected by a retained default superuser | |
| CVE-2026-53849 | 8.1 | 0.21% | 1 | 0 | 2026-06-18T20:36:32 | ### Summary Discord allowFrom could bind to mutable display names. In affected | |
| CVE-2026-53853 | 7.1 | 0.33% | 1 | 0 | 2026-06-18T20:33:23 | ### Summary OpenClaw's exec allowlist supported optional `argPattern` entries t | |
| CVE-2026-53855 | 8.1 | 0.26% | 1 | 0 | 2026-06-18T20:12:14 | ### Summary Shell positional parameters could weaken strict inline-eval checks. | |
| CVE-2026-28573 | 5.5 | 0.15% | 1 | 0 | 2026-06-18T18:38:48.913000 | In AndroidManifest.xml, there is a possible persistent denial of service due to | |
| CVE-2026-54390 | 9.8 | 0.00% | 1 | 0 | 2026-06-18T18:35:31 | JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection | |
| CVE-2026-20253 | 9.8 | 10.04% | 19 | 3 | template | 2026-06-18T18:35:18 | In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform |
| CVE-2026-55203 | 7.5 | 0.00% | 1 | 0 | 2026-06-18T17:16:34.373000 | HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vul | |
| CVE-2026-8024 | 9.8 | 0.55% | 2 | 0 | 2026-06-18T15:32:09 | A remote, unauthenticated attacker may exploit a deserialization of untrusted da | |
| CVE-2026-47103 | 9.8 | 0.80% | 1 | 0 | 2026-06-18T14:28:03 | ### Summary python-statemachine 3.1.2 evaluates `<data expr="...">` attributes | |
| CVE-2026-55740 | 9.8 | 0.37% | 1 | 0 | 2026-06-18T14:17:33.980000 | Nur-Alam39 bus-ticket (no released versions; latest commit 459cabdbeb99c00225b26 | |
| CVE-2026-12569 | 0 | 0.50% | 1 | 1 | 2026-06-18T14:17:23.863000 | A critical remote code execution (RCE) vulnerability has been reported in PTC Wi | |
| CVE-2026-11717 | 0 | 0.19% | 1 | 0 | 2026-06-18T14:17:20.013000 | An authentication bypass vulnerability exists in the generic opaque token valida | |
| CVE-2026-12441 | 8.8 | 0.29% | 1 | 0 | 2026-06-18T13:47:13.653000 | Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 a | |
| CVE-2026-53843 | 8.8 | 0.27% | 1 | 0 | 2026-06-18T13:03:25 | ### Summary In affected releases, a surviving pairing-scoped session for a devi | |
| CVE-2026-46850 | 9.9 | 0.48% | 1 | 0 | 2026-06-18T04:16:48.923000 | Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell for V | |
| CVE-2026-20181 | 9.1 | 0.57% | 6 | 0 | 2026-06-18T04:16:45 | A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote at | |
| CVE-2026-55200 | 8.1 | 0.55% | 1 | 0 | 2026-06-17T21:34:45 | libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write | |
| CVE-2026-2467 | 0 | 0.21% | 1 | 0 | 2026-06-17T20:20:10.920000 | Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libra | |
| CVE-2026-20190 | 7.5 | 0.37% | 3 | 0 | 2026-06-17T20:17:50.620000 | A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote | |
| CVE-2026-53805 | 9.8 | 0.69% | 1 | 0 | 2026-06-17T19:18:10.363000 | NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthenticated remote | |
| CVE-2026-47747 | 7.8 | 0.14% | 1 | 0 | 2026-06-17T19:18:08.253000 | stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable | |
| CVE-2026-50656 | 7.8 | 0.34% | 4 | 1 | 2026-06-17T19:10:40.163000 | Microsoft is aware of an elevation of privilege in the Microsoft Malware Protect | |
| CVE-2026-42530 | 8.1 | 0.76% | 5 | 3 | 2026-06-17T18:36:07 | NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGI | |
| CVE-2026-42055 | 8.1 | 0.64% | 3 | 1 | 2026-06-17T18:36:07 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_m | |
| CVE-2026-5667 | None | 0.15% | 1 | 0 | 2026-06-17T18:36:07 | Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Cond | |
| CVE-2026-3894 | None | 0.20% | 1 | 1 | 2026-06-17T18:36:07 | Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) al | |
| CVE-2026-20266 | 9.1 | 0.45% | 1 | 0 | 2026-06-17T18:35:58 | In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin" Splunk r | |
| CVE-2026-12440 | 9.6 | 0.31% | 1 | 0 | 2026-06-17T18:35:53 | Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0. | |
| CVE-2026-12442 | 8.8 | 0.38% | 1 | 0 | 2026-06-17T18:35:53 | Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 | |
| CVE-2026-12443 | 8.8 | 0.52% | 1 | 0 | 2026-06-17T18:35:53 | Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 al | |
| CVE-2026-48907 | 9.8 | 6.85% | 8 | 7 | template | 2026-06-17T14:06:35.153000 | A vulnerability in the JCE editor extension for Joomla allows the creation of ne |
| CVE-2026-54420 | 8.5 | 0.65% | 1 | 4 | 2026-06-17T10:58:13.830000 | LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn bef | |
| CVE-2026-49110 | 7.5 | 0.24% | 1 | 0 | 2026-06-17T10:55:31.073000 | Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce | |
| CVE-2026-49068 | 7.5 | 0.40% | 1 | 0 | 2026-06-17T10:55:29.337000 | Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions. | |
| CVE-2026-47162 | 8.8 | 0.27% | 1 | 0 | 2026-06-17T10:54:21.830000 | Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vi | |
| CVE-2026-41175 | 8.1 | 0.30% | 2 | 0 | 2026-06-17T10:46:16.607000 | Statamic is a Laravel and Git powered content management system (CMS). Prior to | |
| CVE-2025-60485 | 5.5 | 0.17% | 1 | 0 | 2026-06-17T09:49:47.307000 | A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/iso | |
| CVE-2025-55649 | 5.5 | 0.19% | 1 | 0 | 2026-06-17T09:41:56.933000 | A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_to | |
| CVE-2026-12317 | 7.5 | 0.29% | 1 | 0 | 2026-06-16T21:33:05 | Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox | |
| CVE-2026-12316 | 9.1 | 0.24% | 1 | 0 | 2026-06-16T21:33:05 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed i | |
| CVE-2026-12314 | 7.5 | 0.25% | 1 | 0 | 2026-06-16T21:33:05 | Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox | |
| CVE-2026-12305 | 7.5 | 0.37% | 1 | 0 | 2026-06-16T21:33:04 | Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox | |
| CVE-2026-22312 | 8.6 | 0.23% | 2 | 0 | 2026-06-16T21:32:14 | The device has a webserver that exposes a REST API authenticated with a constant | |
| CVE-2026-22313 | 9.1 | 0.92% | 2 | 0 | 2026-06-16T21:32:14 | The device has a webserver that exposes a REST API authenticated with a token on | |
| CVE-2026-47964 | 7.8 | 0.20% | 1 | 0 | 2026-06-16T21:32:08 | DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Over | |
| CVE-2026-12003 | None | 0.14% | 2 | 0 | 2026-06-16T21:31:56 | To allow builds of Python to be run from an in-tree layout (rather than an insta | |
| CVE-2026-12312 | 7.5 | 0.25% | 1 | 0 | 2026-06-16T21:31:56 | Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox | |
| CVE-2026-12310 | 7.5 | 0.25% | 1 | 0 | 2026-06-16T21:31:56 | Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox | |
| CVE-2026-12315 | 9.1 | 0.25% | 1 | 0 | 2026-06-16T21:31:56 | Mitigation bypass in the DOM: Security component. This vulnerability was fixed i | |
| CVE-2026-10649 | 8.6 | 0.46% | 1 | 0 | 2026-06-16T21:31:56 | A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an | |
| CVE-2026-12304 | 9.1 | 0.17% | 1 | 0 | 2026-06-16T21:31:55 | Same-origin policy bypass in the Networking: Cookies component. This vulnerabili | |
| CVE-2026-11832 | 9.1 | 0.33% | 1 | 0 | 2026-06-16T18:33:40 | Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predicta | |
| CVE-2026-12087 | 9.1 | 0.39% | 1 | 0 | 2026-06-16T18:33:40 | Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socke | |
| CVE-2026-12205 | 9.1 | 0.29% | 1 | 0 | 2026-06-16T18:33:40 | Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, lea | |
| CVE-2026-12161 | 8.8 | 0.29% | 1 | 0 | 2026-06-16T18:33:40 | Improper input validation in the SSH Elevate Shell feature in Devolutions Remot | |
| CVE-2026-24155 | 7.8 | 0.19% | 1 | 0 | 2026-06-16T18:32:44 | NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. | |
| CVE-2026-24228 | 7.8 | 0.16% | 1 | 0 | 2026-06-16T18:32:44 | NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may c | |
| CVE-2026-8444 | 8.8 | 0.25% | 1 | 0 | 2026-06-16T09:32:42 | The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via | |
| CVE-2026-49112 | 7.5 | 0.33% | 1 | 0 | 2026-06-15T21:31:02 | Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions. | |
| CVE-2026-49105 | 9.8 | 0.38% | 1 | 1 | 2026-06-15T21:31:02 | Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, | |
| CVE-2026-49067 | 9.3 | 0.30% | 1 | 0 | 2026-06-15T21:30:59 | Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions | |
| CVE-2026-49106 | 9.8 | 0.38% | 1 | 0 | 2026-06-15T21:30:59 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Const | |
| CVE-2026-49104 | 9.8 | 0.38% | 1 | 1 | 2026-06-15T21:30:59 | Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Co | |
| CVE-2026-49066 | 7.5 | 0.30% | 1 | 0 | 2026-06-15T21:30:58 | Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 vers | |
| CVE-2026-49065 | 8.2 | 0.24% | 1 | 0 | 2026-06-15T21:30:58 | Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1. | |
| CVE-2026-49061 | 7.5 | 0.37% | 1 | 0 | 2026-06-15T21:30:58 | Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce < | |
| CVE-2026-49109 | 9.8 | 0.38% | 1 | 0 | 2026-06-15T21:30:58 | Unauthenticated PHP Object Injection in Integration for Salesforce and Contact F | |
| CVE-2026-49085 | 9.8 | 0.38% | 1 | 1 | 2026-06-15T21:30:58 | Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms | |
| CVE-2026-48558 | 10.0 | 0.63% | 2 | 0 | 2026-06-12T18:32:06 | SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an aut | |
| CVE-2026-35273 | 9.8 | 7.51% | 1 | 3 | template | 2026-06-12T18:31:50 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleS |
| CVE-2026-10520 | 10.0 | 59.52% | 2 | 6 | template | 2026-06-11T21:31:50 | An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6 |
| CVE-2026-42271 | 8.8 | 53.70% | 1 | 2 | template | 2026-06-09T13:07:08 | ### Impact Two endpoints used to preview an MCP server before saving it — `POST |
| CVE-2026-50751 | 9.3 | 41.15% | 1 | 8 | template | 2026-06-08T21:31:49 | A logic flow weakness in Remote Access and Mobile Access certificate validation |
| CVE-2026-23111 | 7.8 | 0.19% | 1 | 5 | 2026-06-02T15:31:53 | In the Linux kernel, the following vulnerability has been resolved: netfilter: | |
| CVE-2026-8206 | 9.8 | 0.62% | 1 | 3 | 2026-06-02T06:30:33 | The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordP | |
| CVE-2026-47717 | 7.5 | 0.00% | 1 | 0 | template | 2026-05-27T22:51:19 | ### Summary The GET /api/project endpoint exposes sensitive project configurati |
| CVE-2026-42069 | None | 0.23% | 1 | 0 | 2026-05-13T13:38:50 | ### TL;DR This vulnerability affects all Kirby sites that might have potential | |
| CVE-2026-39987 | 9.8 | 95.64% | 2 | 12 | template | 2026-04-27T16:30:09 | ## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal |
| CVE-2026-4272 | 8.1 | 0.45% | 1 | 0 | 2026-04-06T00:30:31 | Missing Authentication for Critical Function vulnerability in Honeywell Handheld | |
| CVE-2026-4020 | 7.5 | 2.98% | 11 | 0 | template | 2026-03-31T03:31:35 | The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exp |
| CVE-2026-2751 | 8.3 | 0.27% | 1 | 1 | 2026-02-27T15:34:20 | Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. | |
| CVE-2026-0843 | 6.3 | 0.20% | 1 | 0 | 2026-01-11T09:30:26 | A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjs | |
| CVE-2025-8088 | 8.8 | 81.35% | 1 | 31 | 2025-10-22T00:34:26 | A path traversal vulnerability affecting the Windows version of WinRAR allows th | |
| CVE-2026-25262 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-48137 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-47729 | 0 | 0.00% | 4 | 1 | N/A | ||
| CVE-2026-48773 | 0 | 0.00% | 3 | 0 | N/A | ||
| CVE-2025-60467 | 0 | 0.00% | 4 | 0 | N/A | ||
| CVE-2025-60474 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2025-60473 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2025-60466 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2025-60465 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-60471 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2025-60464 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-48979 | 0 | 0.27% | 1 | 0 | N/A | ||
| CVE-2026-49252 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-49454 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-49257 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-55074 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-48615 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-48618 | 0 | 0.00% | 3 | 0 | N/A | ||
| CVE-2026-48933 | 0 | 0.00% | 3 | 0 | N/A | ||
| CVE-2025-55640 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-52291 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-55639 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-55654 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2025-55653 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-48768 | 0 | 0.27% | 1 | 0 | N/A | ||
| CVE-2026-24252 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-4855 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-48095 | 0 | 0.70% | 1 | 1 | N/A | ||
| CVE-2019-25293 | 0 | 0.13% | 1 | 0 | N/A | ||
| CVE-2026-47749 | 0 | 0.16% | 1 | 0 | N/A | ||
| CVE-2026-48745 | 0 | 0.41% | 1 | 0 | N/A | ||
| CVE-2026-48797 | 0 | 0.44% | 1 | 0 | N/A | ||
| CVE-2026-47750 | 0 | 0.14% | 1 | 0 | N/A |
updated 2026-06-21T14:16:24.980000
2 posts
Go fuck some shit up, y'all: https://db.gcve.eu/vuln/cve-2026-56265
##Go fuck some shit up, y'all: https://db.gcve.eu/vuln/cve-2026-56265
##updated 2026-06-21T09:30:57
2 posts
UltraISO Premium Edition ≤9.76 hit by HIGH severity vuln (CVE-2026-12786) in bootpt64.sys — local attackers can bypass kernel access controls. No patch yet. Restrict local access & monitor activity. https://radar.offseq.com/threat/cve-2026-12786-improper-access-controls-in-ezbsyst-f7dadfd56c360b89 #OffSeq #Vulnerability #InfoSec #UltraISO
##UltraISO Premium Edition ≤9.76 hit by HIGH severity vuln (CVE-2026-12786) in bootpt64.sys — local attackers can bypass kernel access controls. No patch yet. Restrict local access & monitor activity. https://radar.offseq.com/threat/cve-2026-12786-improper-access-controls-in-ezbsyst-f7dadfd56c360b89 #OffSeq #Vulnerability #InfoSec #UltraISO
##updated 2026-06-21T09:30:51
2 posts
CVE-2026-12784 | HIGH severity in IM-Magic Partition Resizer ≤7.9.0: improper access controls in MDA_NTDRV.sys kernel driver. Local exploit is public. Restrict access or remove vulnerable versions. https://radar.offseq.com/threat/cve-2026-12784-improper-access-controls-in-im-magi-c8e575e26aa27402 #OffSeq #Vulnerability #SysSec #CVE2026
##CVE-2026-12784 | HIGH severity in IM-Magic Partition Resizer ≤7.9.0: improper access controls in MDA_NTDRV.sys kernel driver. Local exploit is public. Restrict access or remove vulnerable versions. https://radar.offseq.com/threat/cve-2026-12784-improper-access-controls-in-im-magi-c8e575e26aa27402 #OffSeq #Vulnerability #SysSec #CVE2026
##updated 2026-06-21T09:30:50
2 posts
CVE-2026-12781 (HIGH, CVSS 8.5) found in EaseUS Partition Master 14.0 – 14.5: improper access controls in kernel driver epmntdrv.sys enable local privilege escalation. Upgrade to latest version ASAP. https://radar.offseq.com/threat/cve-2026-12781-improper-access-controls-in-easeus--0c0fae83fd7ebb81 #OffSeq #Vulnerability #PrivilegeEscalation #CyberSecurity
##CVE-2026-12781 (HIGH, CVSS 8.5) found in EaseUS Partition Master 14.0 – 14.5: improper access controls in kernel driver epmntdrv.sys enable local privilege escalation. Upgrade to latest version ASAP. https://radar.offseq.com/threat/cve-2026-12781-improper-access-controls-in-easeus--0c0fae83fd7ebb81 #OffSeq #Vulnerability #PrivilegeEscalation #CyberSecurity
##updated 2026-06-21T09:30:50
2 posts
CVE-2026-12782: HIGH severity vuln in EaseUS Partition Master (14.0 – 14.5). Improper access in kernel driver (EUEDKEPM.sys), local attack, public exploit out. Upgrade ASAP. Details: https://radar.offseq.com/threat/cve-2026-12782-improper-access-controls-in-easeus--1339881f4c691ee7 #OffSeq #Vulnerability #InfoSec #CVE202612782
##CVE-2026-12782: HIGH severity vuln in EaseUS Partition Master (14.0 – 14.5). Improper access in kernel driver (EUEDKEPM.sys), local attack, public exploit out. Upgrade ASAP. Details: https://radar.offseq.com/threat/cve-2026-12782-improper-access-controls-in-easeus--1339881f4c691ee7 #OffSeq #Vulnerability #InfoSec #CVE202612782
##updated 2026-06-21T09:16:26.140000
1 posts
OpenBSD MPLS kernel stack leaks remotely (CVE-2026-56099) https://pop.argus-systems.ai/advisory/adv-040.html
##updated 2026-06-21T09:16:24.777000
2 posts
Apple Patches Beats Studio Buds Eavesdropping Flaw
Apple patched a high-severity flaw (CVE-2025-20701) in Beats Studio Buds that allowed nearby attackers to eavesdrop via the microphone.
**Update your Beats Studio Buds firmware immediately to version 1B211 to prevent unauthorized microphone access.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apple-patches-beats-studio-buds-eavesdropping-flaw-4-l-h-1-u/gD2P6Ple2L
Apple Patches Beats Studio Buds Eavesdropping Flaw
Apple patched a high-severity flaw (CVE-2025-20701) in Beats Studio Buds that allowed nearby attackers to eavesdrop via the microphone.
**Update your Beats Studio Buds firmware immediately to version 1B211 to prevent unauthorized microphone access.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apple-patches-beats-studio-buds-eavesdropping-flaw-4-l-h-1-u/gD2P6Ple2L
updated 2026-06-21T06:32:14
2 posts
CVE-2026-12780: HIGH severity vuln in AOMEI Backupper ≤8.3.0. Local attackers can abuse improper access controls in amwrtdrv.sys for potential privilege escalation. No patch available — limit local access & watch for updates. https://radar.offseq.com/threat/cve-2026-12780-improper-access-controls-in-aomei-b-bd5bc4597d816b66 #OffSeq #Vuln #AOMEI
##CVE-2026-12780: HIGH severity vuln in AOMEI Backupper ≤8.3.0. Local attackers can abuse improper access controls in amwrtdrv.sys for potential privilege escalation. No patch available — limit local access & watch for updates. https://radar.offseq.com/threat/cve-2026-12780-improper-access-controls-in-aomei-b-bd5bc4597d816b66 #OffSeq #Vuln #AOMEI
##updated 2026-06-21T06:16:22.807000
2 posts
AOMEI Dynamic Disk Manager ≤10.10.1: CVE-2026-12779 (HIGH, CVSS 8.5) allows local privilege abuse via improper access controls in ddmdrv.sys. Exploit is public, no patch available. Restrict access & monitor systems. https://radar.offseq.com/threat/cve-2026-12779-improper-access-controls-in-aomei-d-5bbdcb6786a305ad #OffSeq #CVE202612779 #vuln #cybersecurity
##AOMEI Dynamic Disk Manager ≤10.10.1: CVE-2026-12779 (HIGH, CVSS 8.5) allows local privilege abuse via improper access controls in ddmdrv.sys. Exploit is public, no patch available. Restrict access & monitor systems. https://radar.offseq.com/threat/cve-2026-12779-improper-access-controls-in-aomei-d-5bbdcb6786a305ad #OffSeq #CVE202612779 #vuln #cybersecurity
##updated 2026-06-21T04:16:31.717000
2 posts
CVE-2026-12774: SSRF in BerriAI litellm v1.82.0 – 1.82.2 (MEDIUM, CVSS 5.3). Remote attackers can manipulate server requests via _execute_with_mcp_client. No patch yet — monitor vendor advisories. https://radar.offseq.com/threat/cve-2026-12774-server-side-request-forgery-in-berr-96b3ed54597a7e96 #OffSeq #Infosec #SSRF #Vuln
##CVE-2026-12774: SSRF in BerriAI litellm v1.82.0 – 1.82.2 (MEDIUM, CVSS 5.3). Remote attackers can manipulate server requests via _execute_with_mcp_client. No patch yet — monitor vendor advisories. https://radar.offseq.com/threat/cve-2026-12774-server-side-request-forgery-in-berr-96b3ed54597a7e96 #OffSeq #Infosec #SSRF #Vuln
##updated 2026-06-20T18:31:35
2 posts
CVE-2026-5366 (CRITICAL, CVSS 9.9): prefecthq/prefect 3.6.23 lets users with deployment creation rights inject git flags via commit_sha/directories in GitRepository, enabling remote code exec. Restrict permissions & monitor updates. https://radar.offseq.com/threat/cve-2026-5366-cwe-94-improper-control-of-generatio-ef5838b1259ff631 #OffSeq #CVE20265366 #infosec
##CVE-2026-5366 (CRITICAL, CVSS 9.9): prefecthq/prefect 3.6.23 lets users with deployment creation rights inject git flags via commit_sha/directories in GitRepository, enabling remote code exec. Restrict permissions & monitor updates. https://radar.offseq.com/threat/cve-2026-5366-cwe-94-improper-control-of-generatio-ef5838b1259ff631 #OffSeq #CVE20265366 #infosec
##updated 2026-06-20T15:32:25
2 posts
CVE-2026-48939 (CRITICAL): iCagenda for Joomla (v1.0.0-3.9.14, 4.0.0-4.0.7) allows unauthenticated PHP file upload & execution. No patch yet — disable or restrict access, use WAF to block. Full site/server compromise risk. Details: https://radar.offseq.com/threat/cve-2026-48939-cwe-284-improper-access-control-in--bc923bedc1d1c47e #OffSeq #Joomla #infosec
##CVE-2026-48939 (CRITICAL): iCagenda for Joomla (v1.0.0-3.9.14, 4.0.0-4.0.7) allows unauthenticated PHP file upload & execution. No patch yet — disable or restrict access, use WAF to block. Full site/server compromise risk. Details: https://radar.offseq.com/threat/cve-2026-48939-cwe-284-improper-access-control-in--bc923bedc1d1c47e #OffSeq #Joomla #infosec
##updated 2026-06-20T15:32:23
2 posts
1 repos
JoomShaper SP LMS for Joomla (v1.0.0 – 4.1.3) hit by CRITICAL vuln (CVE-2026-48909): unsafe cookie deserialization enables unauth RCE. No patch yet — restrict access & monitor traffic. Details: https://radar.offseq.com/threat/cve-2026-48909-cwe-502-deserialization-of-untruste-b0460f6997894c12 #OffSeq #Joomla #CVE #infosec
##JoomShaper SP LMS for Joomla (v1.0.0 – 4.1.3) hit by CRITICAL vuln (CVE-2026-48909): unsafe cookie deserialization enables unauth RCE. No patch yet — restrict access & monitor traffic. Details: https://radar.offseq.com/threat/cve-2026-48909-cwe-502-deserialization-of-untruste-b0460f6997894c12 #OffSeq #Joomla #CVE #infosec
##updated 2026-06-20T15:32:23
2 posts
1 repos
CRITICAL vuln (CVSS 10) in Joomla SP Page Builder (1.0.0 – 6.6.1): CVE-2026-48908 enables unauthenticated PHP uploads, risking full compromise. No patch yet — restrict/disable extension, monitor activity. Details: https://radar.offseq.com/threat/cve-2026-48908-cwe-284-improper-access-control-in--a8937f9d4a0573e0 #OffSeq #Joomla #CVE #AppSec
##CRITICAL vuln (CVSS 10) in Joomla SP Page Builder (1.0.0 – 6.6.1): CVE-2026-48908 enables unauthenticated PHP uploads, risking full compromise. No patch yet — restrict/disable extension, monitor activity. Details: https://radar.offseq.com/threat/cve-2026-48908-cwe-284-improper-access-control-in--a8937f9d4a0573e0 #OffSeq #Joomla #CVE #AppSec
##updated 2026-06-20T09:16:15.460000
2 posts
1 repos
CVE-2026-11912: HIGH severity vulnerability in eemitch Simple File List ≤6.3.7 lets unauthenticated attackers modify/delete server files due to missing auth checks. No patch yet — restrict or disable plugin. https://radar.offseq.com/threat/cve-2026-11912-cwe-862-missing-authorization-in-ee-9819171d864aac20 #OffSeq #WordPress #vuln
##CVE-2026-11912: HIGH severity vulnerability in eemitch Simple File List ≤6.3.7 lets unauthenticated attackers modify/delete server files due to missing auth checks. No patch yet — restrict or disable plugin. https://radar.offseq.com/threat/cve-2026-11912-cwe-862-missing-authorization-in-ee-9819171d864aac20 #OffSeq #WordPress #vuln
##updated 2026-06-20T09:16:13.910000
2 posts
CVE-2026-11911: HIGH severity path traversal in eemitch Simple File List (≤6.3.7). Unauth attackers can delete files via exposed AJAX action, risking RCE. Restrict admin-ajax.php or disable plugin. Details: https://radar.offseq.com/threat/cve-2026-11911-cwe-22-improper-limitation-of-a-pat-c1bb6257a58c2645 #OffSeq #WordPress #Security
##CVE-2026-11911: HIGH severity path traversal in eemitch Simple File List (≤6.3.7). Unauth attackers can delete files via exposed AJAX action, risking RCE. Restrict admin-ajax.php or disable plugin. Details: https://radar.offseq.com/threat/cve-2026-11911-cwe-22-improper-limitation-of-a-pat-c1bb6257a58c2645 #OffSeq #WordPress #Security
##updated 2026-06-20T03:32:36
3 posts
CVE-2026-9843 - Critical RCE in Database for Contact Form 7, WPforms, Elementor forms for WordPress. Arbitrary file deletion via insufficient path validation. CVSS 8.1. No patch available. Immediately review and restrict plugin usage. #CVE #WordPress #infosec
##CVE-2026-9843: HIGH severity (CVSS 8.1) path traversal in crmperks Database for Contact Form 7, WPforms, Elementor forms (≤1.5.1). Unauthenticated file deletion possible if admin interacts with malicious entries. Restrict access, monitor logs. https://radar.offseq.com/threat/cve-2026-9843-cwe-22-improper-limitation-of-a-path-a3dfc4d21233784d #OffSeq #WordPress #CVE20269843 #BlueTeam
##CVE-2026-9843: HIGH severity (CVSS 8.1) path traversal in crmperks Database for Contact Form 7, WPforms, Elementor forms (≤1.5.1). Unauthenticated file deletion possible if admin interacts with malicious entries. Restrict access, monitor logs. https://radar.offseq.com/threat/cve-2026-9843-cwe-22-improper-limitation-of-a-path-a3dfc4d21233784d #OffSeq #WordPress #CVE20269843 #BlueTeam
##updated 2026-06-20T00:34:15
2 posts
🟠 CVE-2026-56082 - High (7.5)
Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.record_build_time, which is granted to the anon role and callable with only the public Supabase publishabl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56082/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-56082 - High (7.5)
Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.record_build_time, which is granted to the anon role and callable with only the public Supabase publishabl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56082/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-20T00:34:14
4 posts
CRITICAL: Cap-go capgo (<12.128.2) hit by CVE-2026-56081. Attackers can register with victim emails pre-verification, enable 2FA, and fully take over accounts — including org policy control. No patch confirmed. Monitor new signups. https://radar.offseq.com/threat/cve-2026-56081-weak-password-recovery-mechanism-fo-0cc6e5efaf2e4722 #OffSeq #CVE202656081 #Infosec
##🔴 CVE-2026-56081 - Critical (9.1)
Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email address before that email is verified. By enabling two-factor authentication on the pre-registered account...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56081/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CRITICAL: Cap-go capgo (<12.128.2) hit by CVE-2026-56081. Attackers can register with victim emails pre-verification, enable 2FA, and fully take over accounts — including org policy control. No patch confirmed. Monitor new signups. https://radar.offseq.com/threat/cve-2026-56081-weak-password-recovery-mechanism-fo-0cc6e5efaf2e4722 #OffSeq #CVE202656081 #Infosec
##🔴 CVE-2026-56081 - Critical (9.1)
Cap-go before 12.128.2 contains an authentication logic flaw that lets an attacker register and control an account bound to a victim's email address before that email is verified. By enabling two-factor authentication on the pre-registered account...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-56081/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-20T00:34:08
2 posts
CVE-2026-56073 (CRITICAL) affects Cap-go capgo <12.128.2: Insufficient data authenticity checks allow OTP bypass, enabling attackers to activate 2FA & take over accounts. No patch yet — monitor vendor updates. https://radar.offseq.com/threat/cve-2026-56073-insufficient-verification-of-data-a-d7403d6896f5b084 #OffSeq #CVE #Infosec #AppSec
##CVE-2026-56073 (CRITICAL) affects Cap-go capgo <12.128.2: Insufficient data authenticity checks allow OTP bypass, enabling attackers to activate 2FA & take over accounts. No patch yet — monitor vendor updates. https://radar.offseq.com/threat/cve-2026-56073-insufficient-verification-of-data-a-d7403d6896f5b084 #OffSeq #CVE #Infosec #AppSec
##updated 2026-06-20T00:16:15.580000
5 posts
3 repos
https://github.com/Polosss/By-Poloss..-..CVE-2026-11551-PoC
CVE-2026-11551 - Critical privilege escalation in Branda WordPress plugin. Unauthenticated account takeover via improper password reset validation. CVSS 9.8. No patch available. Disable immediately. #CVE #WordPress #infosec
##🔴 CVE-2026-11551 - Critical (9.8)
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is due to the plugin not properly validating a user's identity prior to updating their password. This mak...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-11551/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-11551: CRITICAL (CVSS 9.8) privilege escalation in wpmudev Branda ≤3.4.29. Weak password recovery lets unauthenticated attackers reset admin passwords. No patch. Restrict or disable plugin, monitor activity. https://radar.offseq.com/threat/cve-2026-11551-cwe-640-weak-password-recovery-mech-4f398affc6b799d5 #OffSeq #WordPress #Vuln #BlueTeam
##🔴 CVE-2026-11551 - Critical (9.8)
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.29. This is due to the plugin not properly validating a user's identity prior to updating their password. This mak...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-11551/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-11551: CRITICAL (CVSS 9.8) privilege escalation in wpmudev Branda ≤3.4.29. Weak password recovery lets unauthenticated attackers reset admin passwords. No patch. Restrict or disable plugin, monitor activity. https://radar.offseq.com/threat/cve-2026-11551-cwe-640-weak-password-recovery-mech-4f398affc6b799d5 #OffSeq #WordPress #Vuln #BlueTeam
##updated 2026-06-19T21:32:59
1 posts
CVE-2026-9375 - DoS in Urllib3. Decompression bomb bypass in streaming API with Brotli. CVSS 7.5. No patch available yet. Monitor for updates. #CVE #infosec #python
##updated 2026-06-19T21:32:59
1 posts
CVE-2026-47645 - Open redirect in Microsoft 365 Copilot. CVSS 8.8. Privilege escalation via untrusted URL redirection. No patch available. Monitor activity and restrict access. #CVE #Microsoft #infosec
##updated 2026-06-19T21:16:42.893000
1 posts
⚪️ Critical Copilot bug allowed theft of two-factor authentication codes
🗨️ In early June, Microsoft engineers announced that they had fixed a critical vulnerability, CVE-2026-42824. Now specialists from Varonis have revealed the details of this issue and described an attack that has been dubbed SearchLeak. As it turned out, the vulnerability…
##updated 2026-06-19T21:16:41.883000
1 posts
CVE-2026-32208 - XSS flaw in Microsoft Edge allows spoofing. CVSS 8.8. No patch yet. Update when available. #CVE #MicrosoftEdge #infosec
##updated 2026-06-19T20:16:17.803000
2 posts
CVE-2026-48772 (CRITICAL): ProxySQL 2.0.0 – 3.0.8 lets attackers spoof source IPs via PROXY protocol v1, bypassing routing & ACLs. Upgrade to 3.0.9 or later. Restrict frontend port access. Details: https://radar.offseq.com/threat/cve-2026-48772-cwe-348-use-of-less-trusted-source--40b83fbf2f9ef184 #OffSeq #ProxySQL #CVE202648772 #Security
##CVE-2026-48772 (CRITICAL): ProxySQL 2.0.0 – 3.0.8 lets attackers spoof source IPs via PROXY protocol v1, bypassing routing & ACLs. Upgrade to 3.0.9 or later. Restrict frontend port access. Details: https://radar.offseq.com/threat/cve-2026-48772-cwe-348-use-of-less-trusted-source--40b83fbf2f9ef184 #OffSeq #ProxySQL #CVE202648772 #Security
##updated 2026-06-19T18:32:31
2 posts
CVE-2026-39999 matters to anyone fronting services with Apache APISIX and the jwt-auth plugin. The authentication-bypass-by-spoofing flaw spans versions 2.2 through 3.16.0, a range broad enough that long-running production gateways are likely in scope. Upgrading to 3.17.0 closes it; the advisory claims CVSS v4.0 7.0. Beyond patching, do you have a way to detect spoofed tokens that already got through?
#APISIX #security
The Apache APISIX project published CVE-2026-39999 on June 19, 2026: an authentication-bypass-by-spoofing flaw in the jwt-auth plugin. It affects versions 2.2 through 3.16.0 and is fixed in 3.17.0, with a claimed CVSS v4.0 score of 7.0. If your API gateway leans on jwt-auth to keep callers out, this one moves to the top of the patch queue. What is your rollback plan if 3.17.0 changes plugin behavior?
#APISIX #security
updated 2026-06-19T18:16:19.617000
2 posts
CVE-2026-49287 - Supply chain risk in Statamic. Unaddressed incomplete fix from CVE-2026-41175. Sort param manipulation could delete content/assets. CVSS 7.4. No patch; review templates immediately. #CVE #Statamic #infosec
##CVE-2026-49287 - Supply chain risk in Statamic. Unaddressed incomplete fix from CVE-2026-41175. Sort param manipulation could delete content/assets. CVSS 7.4. No patch; review templates immediately. #CVE #Statamic #infosec
##updated 2026-06-19T16:59:28
1 posts
CVE-2026-11718 (CRITICAL): Google MCP Toolbox for Databases v1.0.0 has an auth bypass flaw in token validation. Issuer checks can be skipped, enabling unauthorized access. Avoid v1.0.0 & monitor for fixes. https://radar.offseq.com/threat/cve-2026-11718-cwe-287-improper-authentication-in--680f47148b06b96d #OffSeq #CVE202611718 #infosec #oauth2
##updated 2026-06-19T15:33:25
1 posts
CVE-2026-56142 - Critical privilege escalation in JetBrains Hub. CVSS 9.6. Attackers can attach auth details to accounts. No patch yet. Monitor and restrict access now. #CVE #JetBrains #infosec
##updated 2026-06-19T15:33:15
1 posts
CVE-2026-50242 CRITICAL Authentication Bypass in JetBrains Hub. Direct DB access grants admin control. CVSS 10.0. No patch yet—mitigate immediately. #CVE #JetBrains #infosec
##updated 2026-06-19T14:46:33
1 posts
🚨 CRITICAL: CVE-2026-12530 impacts AWS Bedrock AgentCore Python SDK (v1.1.3 – 1.6.1). Incomplete input sanitization in install_packages() lets attackers abuse pip flags. Update now! https://radar.offseq.com/threat/cve-2026-12530-improper-neutralization-of-argument-917f42dfcc3cfd56 #OffSeq #AWSSecurity #Python #CVE2026_12530
##updated 2026-06-19T14:16:24.423000
2 posts
NI grpc-device ≤2.17.0 hit by CRITICAL vuln (CVE-2026-9142, CVSS 9.1) 🛡️ Missing authentication when TLS isn't set & server exposed beyond loopback. Unauthenticated LAN access possible. Mitigate by enabling TLS & restricting binding. https://radar.offseq.com/threat/cve-2026-9142-cwe-306-missing-authentication-for-c-f718635a9d1e7a48 #OffSeq #NI #Vuln
##NI grpc-device ≤2.17.0 hit by CRITICAL vuln (CVE-2026-9142, CVSS 9.1) 🛡️ Missing authentication when TLS isn't set & server exposed beyond loopback. Unauthenticated LAN access possible. Mitigate by enabling TLS & restricting binding. https://radar.offseq.com/threat/cve-2026-9142-cwe-306-missing-authentication-for-c-f718635a9d1e7a48 #OffSeq #NI #Vuln
##updated 2026-06-19T13:34:25
1 posts
🚨 CRITICAL: CVE-2026-48814 in Jovancoding Network-AI ≤5.7.1 lets unauthenticated users access all 22 MCP tools if default secret is unset. Patch to 5.7.2 now! Details: https://radar.offseq.com/threat/cve-2026-48814-cwe-306-missing-authentication-for--a37c283f4afc7554 #OffSeq #CVE202648814 #Nodejs #Infosec
##updated 2026-06-19T13:16:37.203000
1 posts
CVE-2026-56141 - Critical account takeover in JetBrains Hub via predictable restore codes. CVSS 9.8. No patch available. Update to latest version immediately. #CVE #JetBrains #infosec
##updated 2026-06-19T08:16:16.840000
1 posts
CVE-2026-46461 - Dell Server Hardware Manager improper access control. Low-privileged local user can gain elevated privileges. CVSS 7.8. No patch yet. Restrict local access immediately. #CVE #Dell #infosec
##updated 2026-06-19T06:32:02
1 posts
CVE-2026-8713: CRITICAL path traversal (CVSS 9.1) in Avada (Fusion) Builder ≤3.15.3. Unauthenticated file deletion possible; RCE risk if wp-config.php is removed. Restrict access, monitor usage, check vendor for fixes. https://radar.offseq.com/threat/cve-2026-8713-cwe-22-improper-limitation-of-a-path-82beab53eaced0fc #OffSeq #WordPress #Infosec
##updated 2026-06-19T06:17:10.430000
1 posts
2 repos
CVE-2026-7515 | CRITICAL LFI in BetterDocs Pro ≤3.8.0: Unauthenticated attackers can execute arbitrary PHP via doc_style, risking full server compromise. Patch status unknown — check vendor. https://radar.offseq.com/threat/cve-2026-7515-cwe-98-improper-control-of-filename--18dc28a9a40e8b75 #OffSeq #WordPress #Vulnerability #CVE20267515
##updated 2026-06-19T06:17:09.830000
1 posts
CVE-2026-54414: Critical path traversal in FileRise <3.16.0 allows attackers with a valid shared-folder upload link to write files outside the intended dir — can lead to admin takeover & RCE. Patch to 3.16.0+ ASAP. https://radar.offseq.com/threat/cve-2026-54414-cwe-22-improper-limitation-of-a-pat-b161bf82d6c29f3c #OffSeq #vuln #FileRise
##updated 2026-06-19T06:17:09.720000
2 posts
updated 2026-06-19T06:17:09.580000
3 posts
lol. lmao.
https://nvd.nist.gov/vuln/detail/CVE-2026-54103
##The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic Docketing System (EDS) does not authenticate password change requests to the '/update-profile/N' API endpoint. A remote, unauthenticated attacker could change an arbitrary user's password.
https://db.gcve.eu/vuln/cve-2026-54103
https://db.gcve.eu/vuln/cve-2026-54104
:blobcatthinkingglare:
##CVE-2026-54103 (CRITICAL, CVSS 9.8): GAO EPDS & CBCA EDS lack authentication on password change API, enabling remote takeover. No patch yet. Restrict access, monitor logs. Details: https://radar.offseq.com/threat/cve-2026-54103-cwe-306-missing-authentication-for--c02db531e70d9ca2 #OffSeq #Vuln #CVE202654103 #GovSec
##updated 2026-06-19T00:31:46
1 posts
🟠 CVE-2026-12044 - High (8.8)
SQL injection in pgAdmin 4 across every dialog template that renders ``COMMENT ON ... IS ''`` for a user-supplied description field. The Jinja templates for Domains (and their constraints), Foreign Tables, Languages, and Event Triggers, plus the V...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12044/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-19T00:31:46
1 posts
🔴 CVE-2026-40624 - Critical (9.8)
Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115+
cameras may allow a remote, unauthenticated attacker to achieve
arbitrary code execution via a specially crafted web request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40624/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-19T00:31:46
1 posts
🔴 CVE-2026-12048 - Critical (9.3)
Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Rec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-19T00:31:41
1 posts
[1/6]
Most Impactful Security Incidents & Vulnerabilities ( {date_limit} → today)
Below is a curated list that follows the three‑tier priority you asked for. All entries are taken from the sources you supplied – no external knowledge has been added. Where a CVSS score was published in the source it is shown; otherwise “high” is used when the description (e.g., kernel‑level memory corruption, authentication bypass) makes the impact clear.
---
🎯 Priority 1 – Critical / High‑Severity Flaws :
CVE‑2026‑47065
• Apache MINA SSHD (ssh‑git bundle) – path‑traversal in `git‑upload‑pack` / `git‑receive‑pack`
• All versions that include the sshd‑git module; fixed in 2.18.0 (or 3.0.0‑M4 for upcoming major).
• 9.8
• Allows an authenticated SSH user to read/write files outside the repository root – full repo takeover.
• https://www.redpacketsecurity.com/cve-alert-cve-2026-56075-praisonai-praisonai/
CVE‑2026‑10840
• Red Hat OpenShift Pipelines (tekton‑scheduler‑rolebinding) – over‑privileged ClusterRoleBinding
• All OpenShift 4.x clusters with the Pipelines operator installed.
• 9.6
• Any authenticated user can modify Kueue / cert‑manager CRDs, disrupt scheduling or replace TLS secrets for the ingress controller.
• https://www.redpacketsecurity.com/cve-alert-cve-2026-56075-praisonai-praisonai/
CVE‑2026‑11332
• Ansible Core – `ansible‑galaxy role install` argument injection via malformed `src` field in `requirements.yml`
• All versions prior to the fix released on 2026‑06‑05.
• 7.8
• Remote code execution when a malicious role is installed from an untrusted source.
• https://www.redpacketsecurity.com/cve-alert-cve-2026-56075-praisonai-praisonai/
CVE‑2026‑10118
• Poppler (Splash backend) – integer overflow in `tilingPatternFill` → out‑of‑bounds write
• All Poppler versions shipped with major Linux distros before the 2026‑06‑01 fix.
• 7.8
• Crafted PDF can lead to arbitrary code execution or DoS in any viewer using Poppler (e.g., Chrome, Evince).
• https://www.redpacketsecurity.com/cve-alert-cve-2026-56075-praisonai-praisonai/
updated 2026-06-19T00:31:41
1 posts
Microsoft Cost Management is affected by CVE-2026-47633 (HIGH, CVSS 7.5) — remote attackers can access sensitive info with no auth or user interaction. Patch available: https://radar.offseq.com/threat/cve-2026-47633-cwe-200-exposure-of-sensitive-infor-9882c245b9fe08eb #OffSeq #Microsoft #CVE #BlueTeam
##updated 2026-06-19T00:31:41
1 posts
Microsoft 365 Copilot hit by CVE-2026-54130 (CRITICAL, CVSS 9.8): Missing authentication lets attackers disclose info over the network. Official fix deployed — verify your cloud service is updated. 📢 https://radar.offseq.com/threat/cve-2026-54130-cwe-306-missing-authentication-for--8486327e51e4c768 #OffSeq #Microsoft365 #CVE #CloudSecurity
##updated 2026-06-19T00:31:37
1 posts
CVE-2026-32174: HIGH severity improper authentication in Microsoft Azure AI Bot Service (CVSS 7.7). Privilege escalation possible for authorized users. Microsoft has issued a server-side fix. No active exploits. Details: https://radar.offseq.com/threat/cve-2026-32174-cwe-287-improper-authentication-in--3888a626d33fd2e5 #OffSeq #Azure #Vuln #CloudSec
##updated 2026-06-18T22:16:31.747000
1 posts
CVE-2026-47647 (CRITICAL, CVSS 9.9) affects Microsoft Dynamics 365: improper access control lets authorized users escalate privileges over the network. Fix applied by Microsoft server-side — admins should confirm updates. Details: https://radar.offseq.com/threat/cve-2026-47647-cwe-284-improper-access-control-in--2000e43e6c3db613 #OffSeq #Microsoft #Infosec #CVE
##updated 2026-06-18T21:32:38
1 posts
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48937) deps: fix...
updated 2026-06-18T21:16:29.190000
2 posts
CVE-2026-47846 - Critical supply chain attack in Bitnami Cassandra containers. Default superuser cassandra:cassandra retained after custom admin setup. CVSS 9.8. Update all affected images immediately. #CVE #Bitnami #infosec
##Bitnami Cassandra container images (4.0.0, 4.1.0, 5.0.0) have a CRITICAL flaw (CVE-2026-47846): default cassandra:cassandra superuser may remain after custom admin setup. Update urgently! https://radar.offseq.com/threat/cve-2026-47846-cwe-798-use-of-hard-coded-credentia-ebcf63185c71b6d0 #OffSeq #Cassandra #Vuln #CloudSecurity
##updated 2026-06-18T20:36:32
1 posts
🟠 CVE-2026-53849 - High (8.1)
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability where the allowFrom feature improperly validates Discord account identity using mutable display names instead of immutable user IDs. Attackers with Discord accounts can change ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53849/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-18T20:33:23
1 posts
🟠 CVE-2026-53853 - High (8.3)
OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowed arguments for allowlisted executables on Linux and macOS systems. Attackers can bypass configured argPattern...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53853/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-18T20:12:14
1 posts
🟠 CVE-2026-53855 - High (8.1)
OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks via shell positional parameters. Attackers can combine allowlisted tools with shell positional arguments to pl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53855/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-18T18:38:48.913000
1 posts
CRITICAL: CVE-2026-28573 targets Android 14 & 16 via missing permission check, enabling persistent local DoS — no user interaction or privileges needed. Patch status unknown. Stay updated: https://radar.offseq.com/threat/cve-2026-28573-denial-of-service-in-google-android-3a071465298b8ea9 #OffSeq #Android #InfoSec #CVE #Vuln
##updated 2026-06-18T18:35:31
1 posts
CRITICAL: CVE-2026-54390 in JTL Shop (5.2.0 – 5.7.1) enables unauthenticated template injection. Attackers can extract secrets; RCE possible in 5.4.0+. No patch yet — restrict access & monitor logs. https://radar.offseq.com/threat/cve-2026-54390-improper-neutralization-of-special--56e42e7fa37d20ee #OffSeq #CVE202654390 #infosec #websecurity
##updated 2026-06-18T18:35:18
19 posts
3 repos
https://github.com/watchtowrlabs/watchTowr-vs-Splunk-CVE-2026-20253
⚠️ CRITICAL: CISA: Splunk Enterprise flaw actively exploited, patch by Sunday
CVE-2026-20253 in Splunk Enterprise is actively exploited in the wild, allowing attackers to create or truncate arbitrary files on vulnerable systems. Federal agencies are mandated to patch by Sunday. Any organization running unpatched Splunk Enterprise is at immediate risk of file manipulation and…
##⚠️ CRITICAL: Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure
CVE-2026-20253 is a critical unauthenticated RCE in Splunk Enterprise being actively exploited in the wild. Attackers can create or truncate arbitrary files via the PostgreSQL sidecar service. All Splunk Enterprise instances are at risk and federal agencies have been mandated to patch by June 21st.
##🚨 Attention Splunk Users: The Threat is Still Active!
Despite security advisories, recent scans reveal that thousands of global Splunk systems remain unpatched against CVE-2026-20253. Threat actors are already actively scanning for this critical flaw.
This dangerous multi-stage exploit abuses the PostgreSQL sidecar service, allowing attackers to achieve full Pre-Auth RCE with zero authentication.
👉 https://denizhalil.com/2026/06/15/cve-2026-20253-splunk-unauthenticated-rce-analysis/
#Cybersecurity #Splunk #Vulnerability #RCE #Infosec #ThreatIntel
##Splunk Enterprise PostgreSQL Sidecar Vulnerability Exploited in the Wild
A critical, actively exploited vulnerability (CVE-2026-20253) in Splunk Enterprise allows anyone on the network to bypass authentication and manipulate files, leading to potential system takeover. Patches are available in versions 10.4.0, 10.2.4, and 10.0.7.
**Check your versions and patch Splunk Enterprise to 10.4.0, 10.2.4, or 10.0.7 immediately. If you cannot patch today, mitigate the risk right now by disabling the PostgreSQL sidecar service. Finally, verify your network architecture: ensure Splunk Web (port 8000) and management ports are restricted by a firewall, placed on an isolated network segment, and only accessible remotely via a VPN.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/splunk-enterprise-postgresql-sidecar-vulnerability-exploited-in-the-wild-h-u-h-s-6/gD2P6Ple2L
Here's a summary of recent geopolitical, technology, and cybersecurity news:
Geopolitical: Western allies pledged $4B military aid to Ukraine (June 18). US-Iran talks stalled, and a Lebanon ceasefire was agreed. France emphasized tech sovereignty, ditching US vendors.
Technology: Anthropic's Fable 5 AI model returned with restricted access after a government-forced shutdown.
Cybersecurity: An unpatchable 'usbliter8' exploit impacts Apple A12/A13 chips. A critical Splunk Enterprise vulnerability (CVE-2026-20253) is actively exploited; CISA urged urgent patching (June 19).
##📰 Splunk Scrambles to Patch Critical 9.8 CVSS Flaw Allowing Unauthenticated RCE
🚨 CRITICAL Splunk Enterprise flaw (CVE-2026-20253) allows unauthenticated RCE! CVSS 9.8. Attackers can execute code via an insecure PostgreSQL endpoint. On-premise versions 10.0.x and 10.2.x are vulnerable. Patch now! #Splunk #RCE #CyberSecurity
🌐 cyber[.]netsecops[.]io
##CVE-2026-20253 Splunk Vulnerability. Active exploitation is confirmed. CROs and Boards must prioritize this directive to secure enterprise assets and prevent privilege escalation. Review our latest C-SUITE intelligence brief now. https://thecybermind.co/xo4x
##⚠️ CRITICAL: CISA: Splunk Enterprise flaw actively exploited, patch by Sunday
CVE-2026-20253 in Splunk Enterprise is actively exploited in the wild, allowing attackers to create or truncate arbitrary files on vulnerable systems. Federal agencies are mandated to patch by Sunday. Any organization running unpatched Splunk Enterprise is at immediate risk of file manipulation and…
##⚠️ CRITICAL: Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure
CVE-2026-20253 is a critical unauthenticated RCE in Splunk Enterprise being actively exploited in the wild. Attackers can create or truncate arbitrary files via the PostgreSQL sidecar service. All Splunk Enterprise instances are at risk and federal agencies have been mandated to patch by June 21st.
##Splunk Enterprise PostgreSQL Sidecar Vulnerability Exploited in the Wild
A critical, actively exploited vulnerability (CVE-2026-20253) in Splunk Enterprise allows anyone on the network to bypass authentication and manipulate files, leading to potential system takeover. Patches are available in versions 10.4.0, 10.2.4, and 10.0.7.
**Check your versions and patch Splunk Enterprise to 10.4.0, 10.2.4, or 10.0.7 immediately. If you cannot patch today, mitigate the risk right now by disabling the PostgreSQL sidecar service. Finally, verify your network architecture: ensure Splunk Web (port 8000) and management ports are restricted by a firewall, placed on an isolated network segment, and only accessible remotely via a VPN.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/splunk-enterprise-postgresql-sidecar-vulnerability-exploited-in-the-wild-h-u-h-s-6/gD2P6Ple2L
Here's a summary of recent geopolitical, technology, and cybersecurity news:
Geopolitical: Western allies pledged $4B military aid to Ukraine (June 18). US-Iran talks stalled, and a Lebanon ceasefire was agreed. France emphasized tech sovereignty, ditching US vendors.
Technology: Anthropic's Fable 5 AI model returned with restricted access after a government-forced shutdown.
Cybersecurity: An unpatchable 'usbliter8' exploit impacts Apple A12/A13 chips. A critical Splunk Enterprise vulnerability (CVE-2026-20253) is actively exploited; CISA urged urgent patching (June 19).
##CVE-2026-20253 Splunk Vulnerability. Active exploitation is confirmed. CROs and Boards must prioritize this directive to secure enterprise assets and prevent privilege escalation. Review our latest C-SUITE intelligence brief now. https://thecybermind.co/xo4x
##Latest Geopolitical: An interim US-Iran agreement aims to de-escalate tensions and reopen the Strait of Hormuz, while Moscow endured its largest Ukrainian drone attack, hitting an oil refinery.
Technology: Anthropic's Claude Fable 5 AI is back online after a six-day shutdown, as Google makes Gemini 2.5 Flash its default model.
Cybersecurity: CISA issued alerts for an actively exploited Splunk vulnerability (CVE-2026-20253) and widespread Fortinet "FortiBleed" attacks. Accenture also acquired key OT security firms.
##ACTIVE THREAT: CVE-2026-20253 Splunk Enterprise vulnerability is being exploited in the wild. Our latest TSUITE Brief provides a full SQL injection defense playbook, including n8n automation triggers for your SOC. Secure your infrastructure now. https://thecybermind.co/2yn5
##📢 CVE-2026-20253 : RCE pré-authentifiée dans Splunk Enterprise via le service PostgreSQL Sidecar
📝 ## 🔍 Contexte
Le 12 juin 2026, watchTowr Labs (Piotr Bazy...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-18-cve-2026-20253-rce-pre-authentifiee-dans-splunk-enterprise-via-le-service-postgresql-sidecar/
🌐 source : https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce
#CVE_2026_20253 #IOC #Cyberveille
CVE ID: CVE-2026-20253
Vendor: Splunk
Product: Enterprise
Date Added: 2026-06-18
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20253
🚨 [CISA-2026:0618] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-20253 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20253)
- Name: Splunk Enterprise Missing Authentication for Critical Function Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Splunk
- Product: Enterprise
- Notes: https://advisory.splunk.com/advisories/SVD-2026-0603 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-20253
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260618 #cisa20260618 #cve_2026_20253 #cve202620253
##CISA has added one vulnerability to the KEV catalogue.
- CVE-2026-20253: Splunk Enterprise Missing Authentication for Critical Function Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20253#CISA #infosec #vulnerability
##Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/
##updated 2026-06-18T17:16:34.373000
1 posts
:blobcat_thisisfine:
https://nvd.nist.gov/vuln/detail/CVE-2026-55203
sev:CRIT 9.0 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N
##HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and allowing malicious FastCGI backends to desynchronize the FCGI framing parser, potentially causing request routing errors, response smuggling, or memory safety issues.
updated 2026-06-18T15:32:09
2 posts
#OT #Advisory VDE-2026-051
iba: Deserialization vulnerability in ibaPDA and ibaDatCoordinator
Remote Code Execution (RCE) running under the service user account, thereby allowing privilege escalation.
#CVE CVE-2026-8024
https://certvde.com/en/advisories/vde-2026-051/
#oCSAF
#CSAF https://iba.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-051.json
New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##updated 2026-06-18T14:28:03
1 posts
⚡️ CRITICAL: CVE-2026-47103 in python-statemachine (3.0.0 – <3.2.0) lets attackers execute code remotely via unsanitized eval() in SCXML. Avoid untrusted SCXML until patch. Details: https://radar.offseq.com/threat/cve-2026-47103-improper-neutralization-of-directiv-73074fb6af41b907 #OffSeq #python #security #CVE202647103
##updated 2026-06-18T14:17:33.980000
1 posts
🚨 CRITICAL: CVE-2026-55740 in Nur-Alam39 bus-ticket — unauthenticated SQL injection via busid in bus_info.php. Runs as MySQL root/no password! Restrict access & avoid use in production until fixed. Details: https://radar.offseq.com/threat/cve-2026-55740-cwe-89-improper-neutralization-of-s-40562f666d6be857 #OffSeq #SQLInjection #Vuln
##updated 2026-06-18T14:17:23.863000
1 posts
1 repos
🔥 CRITICAL: CVE-2026-12569 in PTC Windchill PDMLink (RCE, CVSS 9.3). Affects versions 11.2.1.0 — 13.1.3.0. No patch yet — restrict access & monitor advisories. Details: https://radar.offseq.com/threat/cve-2026-12569-cwe-20-improper-input-validation-in-d3c6b7768402d666 #OffSeq #CVE202612569 #Vuln #RCE
##updated 2026-06-18T14:17:20.013000
1 posts
CVE-2026-11717: CRITICAL vuln in googleapis/mcp-toolbox v1.0.0. Improper auth check lets tokens without 'active' field bypass controls — unauthorized access risk. Patch unconfirmed, monitor advisories: https://radar.offseq.com/threat/cve-2026-11717-cwe-287-improper-authentication-in--13893f570bf80e27 #OffSeq #CVE202611717 #OAuth2 #CloudSecurity
##updated 2026-06-18T13:47:13.653000
1 posts
🔒 CRITICAL: CVE-2026-12441 in Chrome <149.0.7827.155 on Linux — use-after-free in File Input. Remote attacker can trigger heap corruption via crafted HTML. Update Chrome ASAP! https://radar.offseq.com/threat/cve-2026-12441-use-after-free-in-google-chrome-643def61 #OffSeq #Chrome #Linux #Vuln
##updated 2026-06-18T13:03:25
1 posts
🟠 CVE-2026-53843 - High (8.8)
OpenClaw before 2026.5.26 contains an authorization bypass vulnerability where a surviving pairing-scoped device session can re-establish node token authority after revocation. Attackers with a paired device can regain WebSocket node-level access ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-53843/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-18T04:16:48.923000
1 posts
Oracle's June 2026 CRITICAL update fixes 245 vulns (incl. CVE-2026-46850) in MySQL Shell, Router, NDB Cluster, Server (8.0.11-8.0.46, 8.4.0-8.4.9, 9.0.0-9.7.0, 2026.2.0+9.6.1). Patch promptly — no exploits yet. https://radar.offseq.com/threat/kwetsbaarheden-verholpen-in-oracle-mysql-producten-948cec13 #OffSeq #MySQL #Oracle #CVE202646850
##updated 2026-06-18T04:16:45
6 posts
📢 Cisco corrige une vulnérabilité critique d'exécution de commandes dans ISE (CVE-2026-20181)
📝 📰 Source : SecurityWeek, publié le 18 juin 2026 par Ionut Arghire.
📖 cyberveille : https://cyberveille.ch/posts/2026-06-19-cisco-corrige-une-vulnerabilite-critique-d-execution-de-commandes-dans-ise-cve-2026-20181/
🌐 source : https://www.securityweek.com/critical-command-execution-vulnerability-patched-in-cisco-ise
#CVE_2026_20181 #CVE_2026_20190 #Cyberveille
New advisory.
This relates to critical CVE-2026-20181 and CVE-2026-20190 vulnerabilities, published on the 17th.
Cisco: CRITICAL: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv @TalosSecurity #Cisco #infosec #vulnerability
##Cisco Patches Critical Root RCE and Credential Theft Flaws in ISE
Cisco patched a critical root RCE vulnerability (CVE-2026-20181) and a high-severity information disclosure flaw (CVE-2026-20190) in its Identity Services Engine. These vulnerabilities allow authenticated root access or theft of hashed credentials.
**Make sure your Cisco ISE and ISE-PIC systems are isolated from the internet and reachable only from trusted management networks. Apply the latest patches immediately (ISE 3.3 Patch 11, 3.4 Patch 6, or 3.5 Patch 3) and for the 3.5 command-execution fix, request the hotfix from Cisco TAC now. Don't wait for Patch 4 in August 2026.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisco-patches-critical-root-rce-and-credential-theft-flaws-in-ise-o-v-f-q-7/gD2P6Ple2L
CVE-2026-20181: Cisco ISE/ISE-PIC critical command execution vuln lets authenticated admins run arbitrary OS commands & escalate to root. Patch ISE 3.3/3.4/3.5 ASAP. No active exploitation reported. https://radar.offseq.com/threat/critical-command-execution-vulnerability-patched-i-a05f1533b3fe52d4 #OffSeq #Cisco #Vuln #Infosec
##New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##🚨 CRITICAL: CVE-2026-20181 in Cisco ISE (v3.1 – 3.5) allows authenticated attackers to run OS commands & escalate to root, risking DoS. Restrict admin access & monitor for patches. https://radar.offseq.com/threat/cve-2026-20181-improper-limitation-of-a-pathname-t-3c6d1c8d7d1de462 #OffSeq #Cisco #Vuln #BlueTeam
##updated 2026-06-17T21:34:45
1 posts
Oh my.
https://nvd.nist.gov/vuln/detail/CVE-2026-55200
sev:CRIT 9.2 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
##libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
updated 2026-06-17T20:20:10.920000
1 posts
🔍 CRITICAL: CVE-2026-2467 in RTI Connext Professional (v5.0.0 – 7.4.0) enables heap-based buffer overflow, risking RCE & DoS. No patch yet — monitor vendor updates. CVSS 9.2. Details: https://radar.offseq.com/threat/cve-2026-2467-cwe-122-heap-based-buffer-overflow-i-3103978a721b1a1c #OffSeq #Vuln #CVE20262467 #RTI #Infosec
##updated 2026-06-17T20:17:50.620000
3 posts
New advisory.
This relates to critical CVE-2026-20181 and CVE-2026-20190 vulnerabilities, published on the 17th.
Cisco: CRITICAL: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-G5WP8vv @TalosSecurity #Cisco #infosec #vulnerability
##Cisco Patches Critical Root RCE and Credential Theft Flaws in ISE
Cisco patched a critical root RCE vulnerability (CVE-2026-20181) and a high-severity information disclosure flaw (CVE-2026-20190) in its Identity Services Engine. These vulnerabilities allow authenticated root access or theft of hashed credentials.
**Make sure your Cisco ISE and ISE-PIC systems are isolated from the internet and reachable only from trusted management networks. Apply the latest patches immediately (ISE 3.3 Patch 11, 3.4 Patch 6, or 3.5 Patch 3) and for the 3.5 command-execution fix, request the hotfix from Cisco TAC now. Don't wait for Patch 4 in August 2026.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisco-patches-critical-root-rce-and-credential-theft-flaws-in-ise-o-v-f-q-7/gD2P6Ple2L
New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##updated 2026-06-17T19:18:10.363000
1 posts
⚠️ CRITICAL: nv-tlabs GEN3C has a remote code execution bug (CVE-2026-53805). Unauthenticated attackers can run code via /request-inference & /seed-model endpoints using pickle.loads(). No patch yet — restrict access! https://radar.offseq.com/threat/cve-2026-53805-deserialization-of-untrusted-data-i-8f7f573a4ff60cff #OffSeq #CVE202653805 #NVIDIA #infosec
##updated 2026-06-17T19:18:08.253000
1 posts
🟠 CVE-2026-47747 - High (7.8)
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47747/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T19:10:40.163000
4 posts
1 repos
Windows Defender Vulnerability Exposed as RoguePlanet PoC Spreads Online
A newly disclosed Windows Defender vulnerability, tracked as CVE-2026-50656 and dubbed RoguePlanet, has raised concerns across the cybersecurity...
🔗️ [Thecyberexpress] https://link.is.it/k5s4I4
##New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##🟠 CVE-2026-50656 - High (7.8)
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnera...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-50656/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Nightmare Eclipses RoguePlanet now has a CVE 🎉: https://nvd.nist.gov/vuln/detail/cve-2026-50656
Not any new detail in there & no fix yet (has only been a week, give them some time...).
Much less relevant but annoying me personally: It taking them a week to ... sorry, shit this out. Broken description in the CVE form & even in the MSRC page it's pretty obvious no one even proofread the non-description. Also empty Acknoledgement section despite link to the Github (not the first time btw)... at least they didn't have it taken down this time? 🙃
##updated 2026-06-17T18:36:07
5 posts
3 repos
https://github.com/0xBlackash/CVE-2026-42530
Use-after-free in the QPACK encoder of nginx HTTP/3 - CVE-2026-42530 https://cystack.net/vi/research/cve-2026-42530-nginx-en
##@c0dec0dec0de RCEs this time, not DoS. CVE-2026-42530 & CVE-2026-42055
##F5 Patches Critical Remote Code Execution Flaws in NGINX Open Source and Plus
F5 addressed two critical vulnerabilities (CVE-2026-42530 and CVE-2026-42055) in NGINX that allow unauthenticated remote code execution or denial-of-service. The flaws affect NGINX Open Source, NGINX Plus, and several related gateway and controller products.
**If you run NGINX (Open Source, Plus, Ingress Controller, Gateway Fabric, Instance Manager, or App Protect WAF), update immediately to the fixed versions F5 released: NGINX Open Source 1.31.2 or 1.30.3, and NGINX Plus 37.0.2.1 or R36 P6. If you can't patch right away, temporarily disable HTTP/3 by removing "quic" from all listen directives, and remove the "ignore_invalid_headers off" directive or shrink "large_client_header_buffers" to block these attacks until you update.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/f5-patches-critical-remote-code-execution-flaws-in-nginx-open-source-and-plus-q-l-g-f-a/gD2P6Ple2L
⚠️ CRITICAL: F5 Patches Critical, High-Severity NGINX Vulnerabilities
F5 released patches for critical unauthenticated RCE and DoS vulnerabilities in NGINX (CVE-2026-42530, CVE-2026-42055) affecting NGINX Plus, Controller, and related products. Attackers can exploit heap buffer overflows and use-after-free flaws without credentials to crash services or execute arbitr…
##CVE-2026-42530: Use after free in nginx HTTP/3 QUIC module https://lobste.rs/s/pbvqlz #security
https://www.cve.org/CVERecord?id=CVE-2026-42530
updated 2026-06-17T18:36:07
3 posts
1 repos
@c0dec0dec0de RCEs this time, not DoS. CVE-2026-42530 & CVE-2026-42055
##F5 Patches Critical Remote Code Execution Flaws in NGINX Open Source and Plus
F5 addressed two critical vulnerabilities (CVE-2026-42530 and CVE-2026-42055) in NGINX that allow unauthenticated remote code execution or denial-of-service. The flaws affect NGINX Open Source, NGINX Plus, and several related gateway and controller products.
**If you run NGINX (Open Source, Plus, Ingress Controller, Gateway Fabric, Instance Manager, or App Protect WAF), update immediately to the fixed versions F5 released: NGINX Open Source 1.31.2 or 1.30.3, and NGINX Plus 37.0.2.1 or R36 P6. If you can't patch right away, temporarily disable HTTP/3 by removing "quic" from all listen directives, and remove the "ignore_invalid_headers off" directive or shrink "large_client_header_buffers" to block these attacks until you update.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/f5-patches-critical-remote-code-execution-flaws-in-nginx-open-source-and-plus-q-l-g-f-a/gD2P6Ple2L
⚠️ CRITICAL: F5 Patches Critical, High-Severity NGINX Vulnerabilities
F5 released patches for critical unauthenticated RCE and DoS vulnerabilities in NGINX (CVE-2026-42530, CVE-2026-42055) affecting NGINX Plus, Controller, and related products. Attackers can exploit heap buffer overflows and use-after-free flaws without credentials to crash services or execute arbitr…
##updated 2026-06-17T18:36:07
1 posts
CVE-2026-5667: Unauthenticated Remote Control of Mitsubishi MAC-577IF-2E WiFi Adapters via Probe Request Reconnaissance https://innerfirez.github.io/posts/the-secret-life-of-probe-requests/
##updated 2026-06-17T18:36:07
1 posts
1 repos
CVE-2026-3894 (CRITICAL, CVSS 9.2): Out-of-bounds read in RTI Connext Professional (versions 7.4.0, 7.0.0, 6.1.0, 6.0.0, 5.3.0, 5.0.0). Remote exploitation possible, no patch yet. Monitor vendor updates! https://radar.offseq.com/threat/cve-2026-3894-cwe-125-out-of-bounds-read-in-rti-co-970a787b05fc31ca #OffSeq #CVE20263894 #ICS #vuln
##updated 2026-06-17T18:35:58
1 posts
🚨 CRITICAL: CVE-2026-20266 in Splunk AI Toolkit 5.7 lets admins run arbitrary OS commands due to unsafe shell execution. Restrict admin roles & monitor for abuse until patched. Details: https://radar.offseq.com/threat/cve-2026-20266-the-software-constructs-all-or-part-32c0ef3d9fc0383c #OffSeq #Splunk #Vuln #CommandInjection
##updated 2026-06-17T18:35:53
1 posts
🚨 CRITICAL: CVE-2026-12440 in Chrome DigitalCredentials (Windows <149.0.7827.155) allows remote sandbox escape. Patch to 149.0.7827.155 ASAP! Exploitation risk is high. https://radar.offseq.com/threat/cve-2026-12440-use-after-free-in-google-chrome-c0fe93a4 #OffSeq #Chrome #InfoSec #Vulnerability
##updated 2026-06-17T18:35:53
1 posts
🔴 CRITICAL: CVE-2026-12442 — Chrome on Android <149.0.7827.155 has a use-after-free vuln in Passwords. Remote attackers can execute code via crafted HTML. Update Chrome now! https://radar.offseq.com/threat/cve-2026-12442-use-after-free-in-google-chrome-a5d127b6 #OffSeq #Chrome #Android #Vuln #InfoSec
##updated 2026-06-17T18:35:53
1 posts
🚩 CRITICAL: Chrome Web Authentication use-after-free (CVE-2026-12443) enables remote code execution in versions <149.0.7827.155. Patch immediately to stay secure. Vendor fix available. https://radar.offseq.com/threat/cve-2026-12443-use-after-free-in-google-chrome-564c6d01 #OffSeq #Chrome #InfoSec #Vuln
##updated 2026-06-17T14:06:35.153000
8 posts
7 repos
https://github.com/webshellseo8/CVE-2026-48907-Unauthenticated-RCE-in-JCE
https://github.com/HORKimhab/CVE-2026-48907
https://github.com/0xBlackash/CVE-2026-48907
https://github.com/wearehackers160/CVE-2026-48907
https://github.com/87achrafg-stack/CVE-2026-48907
https://github.com/g0thamRabb1t/joomla-jce-cve-2026-48907-detection
CVE-2026-48907 and LiteSpeed cPanel Plugin Flaws Come Under Active Attack
Attackers are exploiting CVE-2026-48907 in Joomla JCE and a LiteSpeed cPanel plugin flaw, enabling PHP code execution and privilege escalation.
🔗️ [Thecyberexpress] https://link.is.it/SGbmfn
##⚠️ CRITICAL: Joomla, LiteSpeed Vulnerabilities Exploited in Attacks
Attackers are actively exploiting CVE-2026-48907 in Joomla Content Editor (JCE) to upload malicious PHP files and execute arbitrary code on all versions before 2.9.99.5. CVE-2026-54420 in LiteSpeed's cPanel plugin allows privilege escalation to root on shared hosting environments. Both vulnerabilit…
##Joomla Content Editor Flaw Allows Unauthenticated Remote Code Execution
A critical vulnerability in the Joomla Content Editor (JCE) extension (CVE-2026-48907) allows unauthenticated attackers to create rogue profiles and execute PHP code. CISA has confirmed active exploitation.
**If you run the JCE extension on your Joomla site, this is urgent. Attackers are actively taking over sites through this flaw. Update it to version 2.9.99.6 or later right away (or apply the free stopgap patch if you're on an older 2.7.x–2.9.x version). Patching alone won't remove malware already planted, so also check for rogue editor profiles and unexpected PHP files in your /images, /media, and /tmp folders, delete anything suspicious, run a full malware scan, and change all admin passwords and database credentials.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/joomla-content-editor-flaw-allows-unauthenticated-remote-code-execution-1-i-2-w-m/gD2P6Ple2L
Alert: CVE-2026-48907. A severe access control flaw in Widget Factory Joomla Content Editor allows unauthenticated PHP script execution. Lock down your CMS. Read our tactical engineering runbook for full IOCs and endpoint hardening steps. https://thecybermind.co/unjv
##URGENT: CVE-2026-48907 is seeing active exploitation in Joomla! JCE extensions. This critical RCE flaw allows unauthenticated attackers to take full control. Read our executive remediation brief to harden your environment now.
https://thecybermind.co/ic6z
#CyberSecurity #Joomla #Infosec #KEV
⚠️ Vous administrez un site Joomla ?
Petit point sécurité : la faille CVE-2026-48907 touche l’extension **JCE / Joomla Content Editor **et elle est déjà exploitée automatiquement sur Internet.
👇 🩹
https://www.joomlacontenteditor.net/news/jce-security-update-and-a-free-patch-for-older-sites
En clair : un site vulnérable peut être compromis même sans compte public ni inscription ouverte.
À faire dès que possible:
• mettre JCE à jour en 2.9.99.6 ou plus récent
• vérifier les profils/comptes suspects
• changer les mots de passe admin, base de données et hébergement
• lancer un scan serveur
(La mise à jour ferme la porte, mais ne nettoie pas forcément ce qui aurait déjà été déposé.)
##🚨 New critical improper access control vulnerability tagged CVE-2026-48907, affecting Widget Factory Joomla Content Editor is seeing active exploitation in the wild as reported by CISA.
Vulnerability detection script available below:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-48907.yaml
Patches and mitigations are available:
https://www.sentinelone.com/vulnerability-database/cve-2026-48907/
🚨 [CISA-2026:0616] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-48907 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48907)
- Name: Widget Factory Joomla Content Editor Improper Access Control Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Widget Factory
- Product: Joomla Content Editor
- Notes: https://www.joomlacontenteditor.net/news/jce-security-update-and-a-free-patch-for-older-sites ; https://www.joomlacontenteditor.net/support/changelog/editor ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-48907
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260616 #cisa20260616 #cve_2026_48907 #cve202648907
##updated 2026-06-17T10:58:13.830000
1 posts
4 repos
https://github.com/HORKimhab/CVE-2026-54420
https://github.com/Resellnom/litespeed-cpanel-cve-2026-54420-fix
https://github.com/fevar54/CVE-2026-54420-LiteSpeed-Symlink-Exploit
https://github.com/mahfuzreham/litespeed-cpanel-cve-2026-54420-fix
⚠️ CRITICAL: Joomla, LiteSpeed Vulnerabilities Exploited in Attacks
Attackers are actively exploiting CVE-2026-48907 in Joomla Content Editor (JCE) to upload malicious PHP files and execute arbitrary code on all versions before 2.9.99.5. CVE-2026-54420 in LiteSpeed's cPanel plugin allows privilege escalation to root on shared hosting environments. Both vulnerabilit…
##updated 2026-06-17T10:55:31.073000
1 posts
🟠 CVE-2026-49110 - High (7.5)
Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49110/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:55:29.337000
1 posts
🟠 CVE-2026-49068 - High (7.5)
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49068/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-17T10:54:21.830000
1 posts
The Vim project shipped fixes for two code-injection flaws in plugins that come bundled with the editor. CVE-2026-47162 in netrw is fixed in 9.2.0495, and a PowerShell command injection in zip.vim, triggered by crafted archive entry names, is fixed in 9.2.0678. Because these plugins ship with stock Vim, simply opening a malicious archive could be the trigger. Do you treat your editor as part of your attack surface?
#Vim #security
updated 2026-06-17T10:46:16.607000
2 posts
CVE-2026-49287 - Supply chain risk in Statamic. Unaddressed incomplete fix from CVE-2026-41175. Sort param manipulation could delete content/assets. CVSS 7.4. No patch; review templates immediately. #CVE #Statamic #infosec
##CVE-2026-49287 - Supply chain risk in Statamic. Unaddressed incomplete fix from CVE-2026-41175. Sort param manipulation could delete content/assets. CVSS 7.4. No patch; review templates immediately. #CVE #Statamic #infosec
##updated 2026-06-17T09:49:47.307000
1 posts
@iamleot Of course, requests to add links were sent in the follow-up email regarding the publication. I noticed that the original links were missing for some CVE entries, but my process hasn't changed recently.
full-context:
https://www.cve.org/CVERecord?id=CVE-2025-60485
truncated:
https://www.cve.org/CVERecord?id=CVE-2025-55649
updated 2026-06-17T09:41:56.933000
1 posts
@iamleot Of course, requests to add links were sent in the follow-up email regarding the publication. I noticed that the original links were missing for some CVE entries, but my process hasn't changed recently.
full-context:
https://www.cve.org/CVERecord?id=CVE-2025-60485
truncated:
https://www.cve.org/CVERecord?id=CVE-2025-55649
updated 2026-06-16T21:33:05
1 posts
🟠 CVE-2026-12317 - High (7.5)
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12317/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:33:05
1 posts
🔴 CVE-2026-12316 - Critical (9.1)
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12316/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:33:05
1 posts
🟠 CVE-2026-12314 - High (7.5)
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12314/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:33:04
1 posts
🟠 CVE-2026-12305 - High (7.5)
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12305/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:32:14
2 posts
Command injection and hardcoded creds in Radiflow iSAP Smart Collector. Nice.
##🟠 CVE-2026-22312 - High (8.6)
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration
and execute some commands (e.g. system reboot).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:32:14
2 posts
Command injection and hardcoded creds in Radiflow iSAP Smart Collector. Nice.
##🔴 CVE-2026-22313 - Critical (9.1)
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send
arbitrary commands to the device that are executed with...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:32:08
1 posts
🟠 CVE-2026-47964 - High (7.8)
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a vic...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47964/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:31:56
2 posts
Who is affected by CVE-2026-12003? Anyone running CPython on Windows across 3.11.15, 3.12.13, 3.13.14, 3.14.6, 3.15.0b2 and earlier. Jake Yamaki of Bishop Fox showed that a low-privilege user can create a path CPython checks for in-tree builds and inject malicious library folders to escalate privileges. It is rated CVSSv4 5.3. With this many affected versions, how do you even inventory every CPython on a Windows fleet?
#Python #Security
Jake Yamaki of Bishop Fox disclosed CVE-2026-12003 in CPython. The interpreter's VPATH variable, combined with a Modules/setup.local landmark used to locate in-tree builds, lets a low-privilege Windows user create that path outside the install directory and inject malicious library folders, escalating privileges. Rated CVSSv4 5.3, it affects 3.11.15, 3.12.13, 3.13.14, 3.14.6, 3.15.0b2 and earlier. Should build-detection logic ever survive into a release binary?
#Python #Security
updated 2026-06-16T21:31:56
1 posts
🟠 CVE-2026-12312 - High (7.5)
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:31:56
1 posts
🟠 CVE-2026-12310 - High (7.5)
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12310/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:31:56
1 posts
🔴 CVE-2026-12315 - Critical (9.1)
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12315/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:31:56
1 posts
🟠 CVE-2026-10649 - High (8.6)
A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacke...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-10649/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T21:31:55
1 posts
🔴 CVE-2026-12304 - Critical (9.1)
Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12304/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T18:33:40
1 posts
🔴 CVE-2026-11832 - Critical (9.1)
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce.
The default nonce was generated using an MD5 hash of the epoch time, which is predictable.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-11832/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T18:33:40
1 posts
🔴 CVE-2026-12087 - Critical (9.1)
Socket versions before 2.041 for Perl have an out-of-bounds heap read.
In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12087/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T18:33:40
1 posts
🔴 CVE-2026-12205 - Critical (9.1)
Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery.
Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it.
The first sign() on a Key object p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12205/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T18:33:40
1 posts
🟠 CVE-2026-12161 - High (8.8)
Improper input validation in the SSH Elevate Shell feature in
Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user
with permission to create or modify a shared SSH entry to execute
arbitrary commands on a remote SSH host usi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-12161/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-16T18:32:44
1 posts
New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##updated 2026-06-16T18:32:44
1 posts
New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##updated 2026-06-16T09:32:42
1 posts
🟠 CVE-2026-8444 - High (8.8)
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $_POST['curselrevs'] ra...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8444/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
🟠 CVE-2026-49112 - High (7.5)
Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:31:02
1 posts
1 repos
🔴 CVE-2026-49105 - Critical (9.8)
Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49105/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:30:59
1 posts
🔴 CVE-2026-49067 - Critical (9.3)
Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49067/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:30:59
1 posts
🔴 CVE-2026-49106 - Critical (9.8)
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49106/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:30:59
1 posts
1 repos
🔴 CVE-2026-49104 - Critical (9.8)
Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49104/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:30:58
1 posts
🟠 CVE-2026-49066 - High (7.5)
Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= 6.0.0 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49066/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:30:58
1 posts
🟠 CVE-2026-49065 - High (8.2)
Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49065/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:30:58
1 posts
🟠 CVE-2026-49061 - High (7.5)
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49061/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:30:58
1 posts
🔴 CVE-2026-49109 - Critical (9.8)
Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49109/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-15T21:30:58
1 posts
1 repos
🔴 CVE-2026-49085 - Critical (9.8)
Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-49085/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-06-12T18:32:06
2 posts
📢 ~14 000 serveurs SimpleHelp exposés via un contournement d'authentification critique (CVE-2026-48558)
📝 📰 **Source** : CybersecurityNews.com — **Date de publication** : 16 juin 2026
...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-18-14-000-serveurs-simplehelp-exposes-via-un-contournement-d-authentification-critique-cve-2026-48558/
🌐 source : https://cybersecuritynews.com/simplehelp-servers-exposed-authentication-bypass-disclosure/
#CVE_2026_48558 #IOC #Cyberveille
📢 CVE-2026-48558 : Contournement d'authentification critique dans SimpleHelp via OIDC
📝 ## 🔍 Contexte
Le 12 juin 2026, Horizon3.ai publie une divulgation technique concernant **CVE-2026-4855...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-17-cve-2026-48558-contournement-d-authentification-critique-dans-simplehelp-via-oidc/
🌐 source : https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/
#CVE_2026_48558 #IOC #Cyberveille
updated 2026-06-12T18:31:50
1 posts
3 repos
https://github.com/0xBlackash/CVE-2026-35273
Oracle Patches 245 Vulnerabilities Including Actively Exploited PeopleSoft Zero-Day
Oracle's June 2026 monthly Critical Security Patch Update delivers 245 patches across eleven product families, roughly 120 rated critical including eleven maximum-severity (CVSS 10.0) remotely exploitable unauthenticated flaws concentrated in Fusion Middleware (Coherence, WebCenter, WebLogic) plus Solaris, alongside the fix for a PeopleSoft code-injection vulnerability (CVE-2026-35273) that's reportedly exploited in the wild.
**If you are using Oracle products, review the advisory in detail. Prioritize the maximum-severity (CVSS 10.0) flaws in Fusion Middleware products like Coherence, WebCenter, and WebLogic, since these can be exploited remotely without any login. Pay urgent attention to the PeopleSoft fix (CVE-2026-35273), as attackers are already actively breaking into organizations. Use isolation from the internet and reduced user privileges only as a temporary fix until you can fully patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/oracle-patches-245-vulnerabilities-including-actively-exploited-peoplesoft-zero-day-1-m-q-9-5/gD2P6Ple2L
updated 2026-06-11T21:31:50
2 posts
6 repos
https://github.com/error-inside/CVE-2026-10520
https://github.com/gagaltotal/CVE-2026-10523-Ivanti-sentry
https://github.com/0xBlackash/CVE-2026-10520
https://github.com/HORKimhab/CVE-2026-10520-10523
https://github.com/watchtowrlabs/watchTowr-vs-Ivanti-Sentry-RCE-CVE-2026-10520-CVE-2026-10523
More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520) https://labs.watchtowr.com/more-evidence-that-words-dont-mean-what-we-thought-they-meant-ivanti-sentry-pre-auth-os-command-injection-cve-2026-10520/
##More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520) https://labs.watchtowr.com/more-evidence-that-words-dont-mean-what-we-thought-they-meant-ivanti-sentry-pre-auth-os-command-injection-cve-2026-10520/
##updated 2026-06-09T13:07:08
1 posts
2 repos
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html
##updated 2026-06-08T21:31:49
1 posts
8 repos
https://github.com/bolubey/CVE-2026-50751
https://github.com/hlkysipv/CVE-2026-50751-Check-Point-IKEv1-Authentication-Bypass
https://github.com/fevar54/CVE-2026-50751---Check-Point-IKEv1-Authentication-Bypass-Exploit
https://github.com/WadesWeaponShed/CVE-2026-50751-Mitigation-Scripts
https://github.com/0xBlackash/CVE-2026-50751
https://github.com/fernstedt/CVE-2026-50751
https://github.com/WadesWeaponShed/CheckPoint-CVE-Webscanner
https://github.com/watchtowrlabs/watchTowr-vs-Check-Point-CVE-2026-50751
Marking Your Own Homework (Check Point Remote Access VPN IKEv1 Authentication Bypass CVE-2026-50751) https://labs.watchtowr.com/marking-your-own-homework-check-point-remote-access-vpn-ikev1-authentication-bypass-cve-2026-50751/
##updated 2026-06-02T15:31:53
1 posts
5 repos
https://github.com/seguridadentrerios/CVE-2026-23111
https://github.com/0xBlackash/CVE-2026-23111
https://github.com/criann/check-cve-2026-23111
🐧 SIGINT // Ubuntu Watch — 2026-06-21
CVE-2026-23111 now has a public exploit enabling local root and container escape via a one-character nf_tables bug. If you run unpatched Ubuntu with containers, this is actively exploitable and needs immediate attention.
##updated 2026-06-02T06:30:33
1 posts
3 repos
https://github.com/Jenderal92/CVE-2026-8206
🚨 KTRYTYCZNA PODSTNOŚĆ WE WTYCZCE #WORDPRESS!
Jak podaje #Sekurak, we wtyczce #Kirki wykryto lukę, pozwalającą na przejęcie dowolnego konta, w tym administratora.
Jeśli masz to rozszerzenie, zaktualizuj je natychmiast do najnowszej wersji!
CVE-2026-8206
CVSS: 9.8
updated 2026-05-27T22:51:19
1 posts
🚨 CVE-2026-47717: Dive into my deep technical analysis of the FUXA SCADA API logic flaw that allows unauthenticated attackers to leak critical project configurations and operational data.
Read the full analysis here: 👇 https://denizhalil.com/2026/06/19/cve-2026-47717-fuxa-scada-data-disclosure/
##updated 2026-05-13T13:38:50
1 posts
the moment you visit cve.org you are loading 1.xMB of data. This includes everything except binary data (images etc) and CVE data itself.
You wanna learn more about the board? the DOM is built from that one script & populated from a json blob in that script. Well, a string which is then decoded
Wanna look up the contact method for NVIDIAs CNA? Every website on the path to get there is built from that script & already contained in that script as a json blob.
Want to know the geometry of Antarctica? You bet there is a couple of polygons in that script! (I don't know where they are used).
Every linked youtube video that explains something? It's in there!!
Or in other words: You are downloading 1.xMB of data (uncompressed: 4MB) that is probably not very cacheable data past the current session & of which you probably aren't gonna use much of anyway - you just clicked a link to see whats up with CVE-2026-42069 & now you downloaded 400kB of CNA data!
##updated 2026-04-27T16:30:09
2 posts
12 repos
https://github.com/0xBlackash/CVE-2026-39987
https://github.com/Nxploited/CVE-2026-39987
https://github.com/fevar54/marimo_CVE-2026-39987_RCE_PoC
https://github.com/Dhiaelhak-Rached/CVE-2026-39987-lab-or-marimo-cve-lab
https://github.com/0xdeadroot/CVE-2026-39987-marimo-rce
https://github.com/HORKimhab/CVE-2026-39987
https://github.com/keraattin/CVE-2026-39987
https://github.com/M3PH1569/CVE-2026-39987-POC
https://github.com/h3raklez/CVE-2026-39987
https://github.com/rootdirective-sec/CVE-2026-39987-Lab
Plataforma Marimo sofre falha crítica que permite acesso a servidores sem credenciais. A vulnerabilidade CVE-2026-39987 foi ativamente explorada em menos de dez horas após divulgação pública 🔒
##Plataforma Marimo sofre falha crítica que permite acesso a servidores sem credenciais. A vulnerabilidade CVE-2026-39987 foi ativamente explorada em menos de dez horas após divulgação pública 🔒
##updated 2026-04-06T00:30:31
1 posts
Q: Am I counting these?
('https://https:', {'https://https://docs.tenable.com/release-notes/Content/security-center/2026.htm', 'https://https://www.asustor.com/security/security_advisory_detail?id=55', 'https://https://www.tenable.com/security/tns-2026-07', 'https://https://talosintelligence.com/vulnerability_reports/', 'https://https://mail.python.org/archives/list/security-announce@python.org/thread/JIFOBO7UX3LY4VJKJUOKYJV62CFR2IRH/', 'https://https://www.geovision.com.tw/cyber_security.php', 'https://https://nvd.nist.gov/vuln/detail/CVE-2026-4272', 'https://https://github.com/videolan/vlc-android/releases/tag/3.7.0', 'https://https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504'})
updated 2026-03-31T03:31:35
11 posts
📰 Hackers Actively Exploit Gravity SMTP Flaw (CVE-2026-4020) to Steal API Keys from 100K WordPress Sites
📢 ATTENTION WordPress Admins: A flaw in the Gravity SMTP plugin (CVE-2026-4020) is being mass-exploited to steal API keys. 100K sites at risk. Update to v2.1.5 & rotate all email service credentials NOW! #WordPress #Vulnerability #CyberSecurity
🌐 cyber[.]netsecops[.]io
🔗 https://cyber.netsecops.io/articles/gravity-smtp-wordpress-plugin-flaw-cve-2026-4020-activel…
##Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites
https://thenextweb.com/news/gravity-smtp-wordpress-plugin-vulnerability-cve-2026-4020-api-keys-exploit?utm_source=flipboard&utm_medium=activitypub
Posted into Cybersecurity Today @cybersecurity-today-rhudaur
##Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites
https://thenextweb.com/news/gravity-smtp-wordpress-plugin-vulnerability-cve-2026-4020-api-keys-exploit?utm_source=flipboard&utm_medium=activitypub
Posted into Sustainability @sustainability-thenextweb
##Massive Data Leak Hits WordPress Sites via Gravity SMTP Plugin Flaw Exploited by Attackers Across Millions of Requests + Video
Critical Exposure Found in Popular Email Plugin Powering 100,000 WordPress Sites A recently patched vulnerability in the Gravity SMTP plugin, widely used across the WordPress ecosystem, has exposed tens of thousands of websites to serious information leakage risks. The flaw, tracked as CVE-2026-4020, allows unauthenticated attackers to quietly…
##Critical WordPress Security Alert: Gravity SMTP Vulnerability Could Expose API Keys and Email Credentials Across 100,000+ Websites, Dark Web Recent Claims + Video
Introduction: A New WordPress Threat Raises Concerns Across the Website Security Community A newly reported cybersecurity warning is drawing attention from researchers and website administrators after claims emerged that attackers are actively exploiting a vulnerability identified as CVE-2026-4020 in Gravity…
##Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites
https://thenextweb.com/news/gravity-smtp-wordpress-plugin-vulnerability-cve-2026-4020-api-keys-exploit?utm_source=flipboard&utm_medium=activitypub
Posted into Cybersecurity Today @cybersecurity-today-rhudaur
##Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites
https://thenextweb.com/news/gravity-smtp-wordpress-plugin-vulnerability-cve-2026-4020-api-keys-exploit?utm_source=flipboard&utm_medium=activitypub
Posted into Sustainability @sustainability-thenextweb
##Solid breakdown by @honeylabs of the opportunistic activity against CVE-2026-4020
~560 IPs rotating through ~3,300 UAs
Rly important to heed the info further down in the article re: "attacking the CVE" vs "added yet-another-cred path to existing scans".
https://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020
##Most of the CVE-2026-4020 attackers are the same client - https://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020
##🤔 Ah, the classic "same client" saga with CVE-2026-4020—because who needs originality in #hacking when you have a Google Cloud fleet playing dress-up with 3,299 user agents? 🌍📬 Apparently, exploiting Gravity #SMTP is a team sport, but only if your team is a single IP address with a personality disorder. What a performance! 🎭💻
https://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020 #CVE20264020 #GoogleCloud #SecurityFlaw #Cybersecurity #HackerNews #ngated
Most of the CVE-2026-4020 attackers are the same client
https://honeylabs.net/blog/the-cloud-fleet-behind-cve-2026-4020
#HackerNews #CVE20264020 #cybersecurity #cloudfleet #attackers #analysis
##updated 2026-02-27T15:34:20
1 posts
1 repos
Q: Am I counting these?
('https://https:', {'https://https://docs.tenable.com/release-notes/Content/security-center/2026.htm', 'https://https://www.asustor.com/security/security_advisory_detail?id=55', 'https://https://www.tenable.com/security/tns-2026-07', 'https://https://talosintelligence.com/vulnerability_reports/', 'https://https://mail.python.org/archives/list/security-announce@python.org/thread/JIFOBO7UX3LY4VJKJUOKYJV62CFR2IRH/', 'https://https://www.geovision.com.tw/cyber_security.php', 'https://https://nvd.nist.gov/vuln/detail/CVE-2026-4272', 'https://https://github.com/videolan/vlc-android/releases/tag/3.7.0', 'https://https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504'})
updated 2026-01-11T09:30:26
1 posts
https://www.cve.org/CVERecord?id=CVE-2026-0843 - do I dare click that reference... :neocat_scream_scared:
##updated 2025-10-22T00:34:26
1 posts
31 repos
https://github.com/lennertdefauw/CVE-2025-8088
https://github.com/travisbgreen/cve-2025-8088
https://github.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal
https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder
https://github.com/hexsecteam/CVE-2025-8088-Winrar-Tool
https://github.com/undefined-name12/CVE-2025-8088-Winrar
https://github.com/techcorp/CVE-2025-8088-Exploit
https://github.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR
https://github.com/nhattanhh/CVE-2025-8088
https://github.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC
https://github.com/pentestfunctions/best-CVE-2025-8088
https://github.com/hbesljx/CVE-2025-8088-EXP
https://github.com/nuky-alt/CVE-2025-8088
https://github.com/IsmaelCosma/CVE-2025-8088
https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool
https://github.com/ghostn4444/CVE-2025-8088
https://github.com/aldisakti2/CVE-2025-8088-BUILDER-Winrar-Tool
https://github.com/starfallreverie/winrar-exploit
https://github.com/Shinkirou789/Cve-2025-8088-WinRar-vulnerability
https://github.com/jordan922/CVE-2025-8088
https://github.com/walidpyh/CVE-2025-8088
https://github.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC
https://github.com/pentestfunctions/CVE-2025-8088-Multi-Document
https://github.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition
https://github.com/ilhamrzr/RAR-Anomaly-Inspector
https://github.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui
https://github.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC
https://github.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit-
https://github.com/shaheeryasirofficial/CVE-2025-8088
https://github.com/pescada-dev/-CVE-2025-8088
https://github.com/xi0onamdev/WinRAR-CVE-2025-8088-Exploitation-Toolkit
Just two recent examples of vulnerablities from 7-Zip and RAR.
Also keep in mind that distros are not always great at updating and if you installed one of these yourself, it is also on you (plus neither autoupdate on Windows or macOS).
##📢 CVE-2026-25262 : faille non corrigeable dans la BootROM Qualcomm, accès physique suffisant
📝 ## 🔍 Contexte
Publié le 16 juin 2026 sur le blog Kaspersky, cet article rapporte la découverte par **Alexander Kozlov et Sergey Anufr...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-21-cve-2026-25262-faille-non-corrigeable-dans-la-bootrom-qualcomm-acces-physique-suffisant/
🌐 source : https://www.kaspersky.fr/blog/qualcomm-cve-2026-25262/23988/
#Android #BootROM #Cyberveille
CVE-2026-48137 - Critical RCE in NI grpc-device. Untrusted pointer dereference in sideband streaming API. CVSS 9.1. No patch available. Update immediately or mitigate. #CVE #infosec #NI
##https://thecybersecguru.com/news/squidbleed-cve-2026-47729-squid-proxy-heap-overread/
##29-year-old bug in Squid that can leak internal memory, works in default configs
##29-year-old bug in Squid that can leak internal memory, works in default configs
##Squidbleed (CVE-2026-47729) - Heartbleed-style vulnerability that leaks internal memory from every version of Squid Proxy, in its default configuration https://blog.calif.io/p/squidbleed-cve-2026-47729
##CVE-2026-48773 - Critical RCE in Proxysql. Pre-auth heap memory corruption via oversized packet. CVSS 9.8. Patch to v3.0.9 immediately. #CVE #infosec #Proxysql
##ProxySQL (2.0.18 – 3.0.8) hit by CRITICAL CVE-2026-48773: pre-auth heap memory corruption (CWE-787) allows remote unauthenticated attackers to trigger out-of-bounds write. Upgrade to 3.0.9 ASAP. https://radar.offseq.com/threat/cve-2026-48773-cwe-787-out-of-bounds-write-in-syso-7cef27326cf25a33 #OffSeq #ProxySQL #CVE202648773 #infosec
##ProxySQL (2.0.18 – 3.0.8) hit by CRITICAL CVE-2026-48773: pre-auth heap memory corruption (CWE-787) allows remote unauthenticated attackers to trigger out-of-bounds write. Upgrade to 3.0.9 ASAP. https://radar.offseq.com/threat/cve-2026-48773-cwe-787-out-of-bounds-write-in-syso-7cef27326cf25a33 #OffSeq #ProxySQL #CVE202648773 #infosec
##Security Advisory: CVE-2025-60467 - Use-After-Free in GPAC MP4Box Filter PID Cleanup
A use-after-free vulnerability exists in GPAC MP4Box when processing a crafted MPEG-2 TS/MP4 file. The issue is triggered during filter teardown in `gf_filter_pid_inst_swap_delete_task()` and can cause MP4Box to crash.
Summary:
AddressSanitizer confirms a heap-use-after-free in `filter_core/filter_pid.c:580`, where code reads from a PID instance object after it has already been freed during swap/delete cleanup.
The crafted file contains malformed MPEG-2 TS structures, including broken PMT descriptors and invalid PID metadata. While MP4Box processes the file with `-info`, the filter core performs PID instance cleanup. During this cleanup path, a PID instance is freed and later accessed again by `gf_filter_pid_inst_swap_delete_task()`.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:580
Function: gf_filter_pid_inst_swap_delete_task()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
```
2.5-DEV-rev1593-gfe88c3545-master
Commit: fe88c3545aadd597b250ccf23271d5d3de50ccc8
```
Attack Conditions:
An attacker supplies a crafted input file that is processed by MP4Box. The issue can be reproduced locally with:
```
./MP4Box -info 39_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_580
```
The prepared CVSS vector:
```
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
```
Impact:
denial of service via application crash; local triage notes also identify potential arbitrary code execution risk
Fix / mitigation status:
Users should update to a fixed GPAC release or apply the vendor-confirmed patch. Verify the final vendor fix commit before public release if the advisory is published independently.
References:
- Issue: https://github.com/gpac/gpac/issues/3290
- Fix: https://github.com/gpac/gpac/commit/aed9c94e92e8ba362ddb29c767c519478f46f195
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/39/39_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_580
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60467
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60467 - Use-After-Free in GPAC MP4Box PID Swap Delete Task
Processing a crafted media file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_inst_swap_delete_task()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_inst_swap_delete_task()` function in `filter_core/filter_pid.c` can access a `GF_FilterPidInstance` object after it has already been freed by `gf_filter_pid_inst_swap_delete()`. Crafted input that exercises filter reconfiguration and deferred teardown paths can cause the scheduler to process a delete task with a stale pointer.
AddressSanitizer reports a `heap-use-after-free` at `filter_core/filter_pid.c:574`, with a `READ of size 4` from a previously freed 336-byte heap region.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:574
Function: gf_filter_pid_inst_swap_delete_task()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77` should be considered affected if they contain the vulnerable deferred PID swap delete task path.
Attack Conditions:
An attacker supplies a crafted media file or filter graph input that is processed by MP4Box through the info/import path and triggers PID reconfiguration and deferred teardown. The issue can be reproduced locally with:
```
./MP4Box -info 37_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_574
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77
```
Users should update to a GPAC build containing this commit or later. The affected deferred task path should ensure that `GF_FilterPidInstance` lifetime remains valid before a scheduled delete task accesses it.
References:
- Issue: https://github.com/gpac/gpac/issues/3286
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/37/37_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_574
- Fix: https://github.com/gpac/gpac/commit/976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60467
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60467 - Use-After-Free in GPAC MP4Box Filter PID Cleanup
A use-after-free vulnerability exists in GPAC MP4Box when processing a crafted MPEG-2 TS/MP4 file. The issue is triggered during filter teardown in `gf_filter_pid_inst_swap_delete_task()` and can cause MP4Box to crash.
Summary:
AddressSanitizer confirms a heap-use-after-free in `filter_core/filter_pid.c:580`, where code reads from a PID instance object after it has already been freed during swap/delete cleanup.
The crafted file contains malformed MPEG-2 TS structures, including broken PMT descriptors and invalid PID metadata. While MP4Box processes the file with `-info`, the filter core performs PID instance cleanup. During this cleanup path, a PID instance is freed and later accessed again by `gf_filter_pid_inst_swap_delete_task()`.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:580
Function: gf_filter_pid_inst_swap_delete_task()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
```
2.5-DEV-rev1593-gfe88c3545-master
Commit: fe88c3545aadd597b250ccf23271d5d3de50ccc8
```
Attack Conditions:
An attacker supplies a crafted input file that is processed by MP4Box. The issue can be reproduced locally with:
```
./MP4Box -info 39_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_580
```
The prepared CVSS vector:
```
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
```
Impact:
denial of service via application crash; local triage notes also identify potential arbitrary code execution risk
Fix / mitigation status:
Users should update to a fixed GPAC release or apply the vendor-confirmed patch. Verify the final vendor fix commit before public release if the advisory is published independently.
References:
- Issue: https://github.com/gpac/gpac/issues/3290
- Fix: https://github.com/gpac/gpac/commit/aed9c94e92e8ba362ddb29c767c519478f46f195
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/39/39_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_580
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60467
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60467 - Use-After-Free in GPAC MP4Box PID Swap Delete Task
Processing a crafted media file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_inst_swap_delete_task()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_inst_swap_delete_task()` function in `filter_core/filter_pid.c` can access a `GF_FilterPidInstance` object after it has already been freed by `gf_filter_pid_inst_swap_delete()`. Crafted input that exercises filter reconfiguration and deferred teardown paths can cause the scheduler to process a delete task with a stale pointer.
AddressSanitizer reports a `heap-use-after-free` at `filter_core/filter_pid.c:574`, with a `READ of size 4` from a previously freed 336-byte heap region.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:574
Function: gf_filter_pid_inst_swap_delete_task()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77` should be considered affected if they contain the vulnerable deferred PID swap delete task path.
Attack Conditions:
An attacker supplies a crafted media file or filter graph input that is processed by MP4Box through the info/import path and triggers PID reconfiguration and deferred teardown. The issue can be reproduced locally with:
```
./MP4Box -info 37_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_574
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77
```
Users should update to a GPAC build containing this commit or later. The affected deferred task path should ensure that `GF_FilterPidInstance` lifetime remains valid before a scheduled delete task accesses it.
References:
- Issue: https://github.com/gpac/gpac/issues/3286
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/37/37_gf_filter_pid_inst_swap_delete_task_filter_core_filter_pid_c_574
- Fix: https://github.com/gpac/gpac/commit/976dacf65cb6986a4e4f350fb8d3ed0a17dc3a77
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60467
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60474 - Heap Buffer Overflow in GPAC MP4Box Media Import
A heap buffer overflow vulnerability exists in GPAC MP4Box when processing a crafted media file with the `-info` option. The issue occurs in `gf_media_import()` in `media_tools/media_import.c` and can be triggered by supplying a malformed input file to MP4Box.
Summary:
AddressSanitizer confirms an out-of-bounds read at `media_tools/media_import.c:1297`. The vulnerable code reads 1 byte at offset `[1]` from a 1-byte heap buffer allocated from an empty string via `strdup("")`, where only offset `[0]` is valid.
The crafted input reaches MP4Box media import handling and causes `gf_media_import()` to access memory immediately after a 1-byte heap allocation. The allocation originates from property handling for an empty string and is later read out of bounds during media import processing.
CWE:
CWE-122 - Heap-based Buffer Overflow
Affected Component:
```
media_tools/media_import.c:1297
Function: gf_media_import()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
```
2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
Attack Conditions:
An attacker supplies a crafted input file that is processed by MP4Box. The issue can be reproduced locally with:
```
./MP4Box -info 38_gf_media_import_media_tools_media_import_c_1297
```
The prepared CVSS vector:
```
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
```
Impact:
denial of service via application crash; local triage notes also identify potential code execution risk
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
bd7fd6be546e0cd9e599c6b262c338c5f2ecec5c
```
Users should update to a GPAC build containing this commit or later.
References:
- Issue: https://github.com/gpac/gpac/issues/3287
- Fix: https://github.com/gpac/gpac/commit/bd7fd6be546e0cd9e599c6b262c338c5f2ecec5c
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/38/38_gf_media_import_media_tools_media_import_c_1297
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60474
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60474 - Heap Buffer Overflow in GPAC MP4Box Media Import
A heap buffer overflow vulnerability exists in GPAC MP4Box when processing a crafted media file with the `-info` option. The issue occurs in `gf_media_import()` in `media_tools/media_import.c` and can be triggered by supplying a malformed input file to MP4Box.
Summary:
AddressSanitizer confirms an out-of-bounds read at `media_tools/media_import.c:1297`. The vulnerable code reads 1 byte at offset `[1]` from a 1-byte heap buffer allocated from an empty string via `strdup("")`, where only offset `[0]` is valid.
The crafted input reaches MP4Box media import handling and causes `gf_media_import()` to access memory immediately after a 1-byte heap allocation. The allocation originates from property handling for an empty string and is later read out of bounds during media import processing.
CWE:
CWE-122 - Heap-based Buffer Overflow
Affected Component:
```
media_tools/media_import.c:1297
Function: gf_media_import()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
```
2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
Attack Conditions:
An attacker supplies a crafted input file that is processed by MP4Box. The issue can be reproduced locally with:
```
./MP4Box -info 38_gf_media_import_media_tools_media_import_c_1297
```
The prepared CVSS vector:
```
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
```
Impact:
denial of service via application crash; local triage notes also identify potential code execution risk
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
bd7fd6be546e0cd9e599c6b262c338c5f2ecec5c
```
Users should update to a GPAC build containing this commit or later.
References:
- Issue: https://github.com/gpac/gpac/issues/3287
- Fix: https://github.com/gpac/gpac/commit/bd7fd6be546e0cd9e599c6b262c338c5f2ecec5c
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/38/38_gf_media_import_media_tools_media_import_c_1297
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60474
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60473 - NULL Pointer Dereference in GPAC MP4Box Filter Parent Chain
Processing a crafted media file with MP4Box `-info` can trigger a NULL pointer dereference in `gf_filter_in_parent_chain()`, causing a Denial of Service.
Summary:
The `gf_filter_in_parent_chain()` function in `filter_core/filter_pid.c` does not sufficiently validate a parent filter pointer before dereferencing it. When MP4Box processes a specially crafted media file with malformed MPEG-2 TS data and a corrupted PID/filter chain, the vulnerable path can attempt to read from address `0x000000000008`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
filter_core/filter_pid.c:2145
Function: gf_filter_in_parent_chain()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `b8d80b44718de10b101e1d7fc17c84d69feb092e` should be considered affected if they contain the vulnerable filter parent-chain validation path.
Attack Conditions:
An attacker supplies a crafted media file with malformed MPEG-2 TS packet data and a corrupted PID/filter chain. The issue can be reproduced locally with:
```
./MP4Box -info 36_gf_filter_in_parent_chain_filter_core_filter_pid_c_2145
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. The local MITRE/BDU data also notes potential arbitrary code execution, although the available ASAN evidence shows a NULL pointer dereference crash.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
b8d80b44718de10b101e1d7fc17c84d69feb092e
```
Users should update to a GPAC build containing this commit or later. The affected filter graph code should validate parent filter pointers before dereferencing them during PID initialization.
References:
- Issue: https://github.com/gpac/gpac/issues/3285
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/36/36_gf_filter_in_parent_chain_filter_core_filter_pid_c_2145
- Fix: https://github.com/gpac/gpac/commit/b8d80b44718de10b101e1d7fc17c84d69feb092e
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60473
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60473 - NULL Pointer Dereference in GPAC MP4Box Filter Parent Chain
Processing a crafted media file with MP4Box `-info` can trigger a NULL pointer dereference in `gf_filter_in_parent_chain()`, causing a Denial of Service.
Summary:
The `gf_filter_in_parent_chain()` function in `filter_core/filter_pid.c` does not sufficiently validate a parent filter pointer before dereferencing it. When MP4Box processes a specially crafted media file with malformed MPEG-2 TS data and a corrupted PID/filter chain, the vulnerable path can attempt to read from address `0x000000000008`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
filter_core/filter_pid.c:2145
Function: gf_filter_in_parent_chain()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `b8d80b44718de10b101e1d7fc17c84d69feb092e` should be considered affected if they contain the vulnerable filter parent-chain validation path.
Attack Conditions:
An attacker supplies a crafted media file with malformed MPEG-2 TS packet data and a corrupted PID/filter chain. The issue can be reproduced locally with:
```
./MP4Box -info 36_gf_filter_in_parent_chain_filter_core_filter_pid_c_2145
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. The local MITRE/BDU data also notes potential arbitrary code execution, although the available ASAN evidence shows a NULL pointer dereference crash.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
b8d80b44718de10b101e1d7fc17c84d69feb092e
```
Users should update to a GPAC build containing this commit or later. The affected filter graph code should validate parent filter pointers before dereferencing them during PID initialization.
References:
- Issue: https://github.com/gpac/gpac/issues/3285
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/36/36_gf_filter_in_parent_chain_filter_core_filter_pid_c_2145
- Fix: https://github.com/gpac/gpac/commit/b8d80b44718de10b101e1d7fc17c84d69feb092e
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60473
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60466 - Expired Pointer Dereference in GPAC MP4Box Packet Retrieval
Processing a crafted media file with MP4Box `-info` can trigger an expired pointer dereference in `gf_filter_pid_get_packet()`, causing a heap use-after-free crash and potential code execution.
Summary:
The `gf_filter_pid_get_packet()` function in `filter_core/filter_pid.c` may operate on an invalidated Packet ID (PID) object after it has been freed by `gf_filter_pid_del()`. When MP4Box processes a specially crafted media file through the filter graph, the `inspect` filter can request packets from a stale PID object, leading to access to freed heap memory.
CWE:
CWE-825 - Expired Pointer Dereference
Affected Component:
```
filter_core/filter_pid.c:6827
Function: gf_filter_pid_get_packet()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `4a7ea06dd1b2cc65fe0dabc60189eb6bc814f7bb` should be considered affected if they contain the vulnerable PID packet retrieval path.
Attack Conditions:
An attacker supplies a crafted media file that is processed by MP4Box through the info/import path and drives the inspect/filter pipeline through PID deletion and packet retrieval paths. The issue can be reproduced locally with:
```
./MP4Box -info 35_gf_filter_pid_get_packet_filter_core_filter_pid_c_6827
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free / expired pointer dereference, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
4a7ea06dd1b2cc65fe0dabc60189eb6bc814f7bb
```
Users should update to a GPAC build containing this commit or later. The fix adds checks to ignore tasks when PID or filter objects have been removed or finalized, preventing stale object use.
References:
- Issue: https://github.com/gpac/gpac/issues/3284
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/35/35_gf_filter_pid_get_packet_filter_core_filter_pid_c_6827
- Fix: https://github.com/gpac/gpac/commit/4a7ea06dd1b2cc65fe0dabc60189eb6bc814f7bb
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60466
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60466 - Expired Pointer Dereference in GPAC MP4Box Packet Retrieval
Processing a crafted media file with MP4Box `-info` can trigger an expired pointer dereference in `gf_filter_pid_get_packet()`, causing a heap use-after-free crash and potential code execution.
Summary:
The `gf_filter_pid_get_packet()` function in `filter_core/filter_pid.c` may operate on an invalidated Packet ID (PID) object after it has been freed by `gf_filter_pid_del()`. When MP4Box processes a specially crafted media file through the filter graph, the `inspect` filter can request packets from a stale PID object, leading to access to freed heap memory.
CWE:
CWE-825 - Expired Pointer Dereference
Affected Component:
```
filter_core/filter_pid.c:6827
Function: gf_filter_pid_get_packet()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `4a7ea06dd1b2cc65fe0dabc60189eb6bc814f7bb` should be considered affected if they contain the vulnerable PID packet retrieval path.
Attack Conditions:
An attacker supplies a crafted media file that is processed by MP4Box through the info/import path and drives the inspect/filter pipeline through PID deletion and packet retrieval paths. The issue can be reproduced locally with:
```
./MP4Box -info 35_gf_filter_pid_get_packet_filter_core_filter_pid_c_6827
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free / expired pointer dereference, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
4a7ea06dd1b2cc65fe0dabc60189eb6bc814f7bb
```
Users should update to a GPAC build containing this commit or later. The fix adds checks to ignore tasks when PID or filter objects have been removed or finalized, preventing stale object use.
References:
- Issue: https://github.com/gpac/gpac/issues/3284
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/35/35_gf_filter_pid_get_packet_filter_core_filter_pid_c_6827
- Fix: https://github.com/gpac/gpac/commit/4a7ea06dd1b2cc65fe0dabc60189eb6bc814f7bb
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60466
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60465 - Use-After-Free in GPAC MP4Box PID Instance Swap
Processing a crafted media file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_inst_swap()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_inst_swap()` function in `filter_core/filter_pid.c` does not reset `ctx->pid_inst` to NULL after freeing the PID instance. Subsequent PID configuration and reconfiguration steps can reuse this dangling pointer, leading to access to freed heap memory.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:633
Function: gf_filter_pid_inst_swap()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `55b351bd078c950592544ab4c708a613c1725b9b` should be considered affected if they contain the vulnerable PID instance swap path.
Attack Conditions:
An attacker supplies a crafted media or MPEG-2 TS input that is processed by MP4Box through the info/import path and triggers filter PID reconfiguration. The issue can be reproduced locally with:
```
./MP4Box -info 34_gf_filter_pid_inst_swap_filter_core_filter_pid_c_633
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
55b351bd078c950592544ab4c708a613c1725b9b
```
Users should update to a GPAC build containing this commit or later. The affected PID instance swap path should clear `ctx->pid_inst` after freeing it and avoid later use of stale PID object pointers.
References:
- Issue: https://github.com/gpac/gpac/issues/3283
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/34/34_gf_filter_pid_inst_swap_filter_core_filter_pid_c_633
- Fix: https://github.com/gpac/gpac/commit/55b351bd078c950592544ab4c708a613c1725b9b
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60465
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60471 - Use-After-Free in GPAC MP4Box PID Reconfiguration
Processing a crafted media file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_reconfigure_task_discard()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_reconfigure_task_discard()` function in `filter_core/filter_pid.c` can access a freed Packet ID (PID) object during filter reconfiguration cleanup. When MP4Box processes a specially crafted file with malformed MPEG-2 TS packet data, broken PMT descriptors, unsupported stream types, and invalid packet structure, the vulnerable path may free a PID instance through `gf_filter_pid_inst_swap()` and later dereference it during reconfiguration task discard.
AddressSanitizer reports a `heap-use-after-free` at `filter_core/filter_pid.c:1346`, with a `READ of size 8` from a freed 336-byte heap region.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:1346
Function: gf_filter_pid_reconfigure_task_discard()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1570-g6208015df-master
Commit: 6208015dff3a6735a26e413c484c714666eb3ea2
```
Builds before the fix commit `48b0f505679ee41004cb521ac3b76b610650c0cb` should be considered affected if they contain the vulnerable PID reconfiguration cleanup path.
Attack Conditions:
An attacker supplies a crafted media file that is processed by MP4Box through the info/import path. The issue can be reproduced locally with:
```
./MP4Box -info 33_gf_filter_pid_reconfigure_task_discard_filter_core_filter_pid_c_1346
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
48b0f505679ee41004cb521ac3b76b610650c0cb
```
Users should update to a GPAC build containing this commit or later. The affected PID reconfiguration path should ensure that PID object lifetime remains valid before discard logic accesses the object.
References:
- Issue: https://github.com/gpac/gpac/issues/3282
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/33/33_gf_filter_pid_reconfigure_task_discard_filter_core_filter_pid_c_1346
- Fix: https://github.com/gpac/gpac/commit/48b0f505679ee41004cb521ac3b76b610650c0cb
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60471
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60471 - Use-After-Free in GPAC MP4Box PID Reconfiguration
Processing a crafted MPEG-2 TS file with MP4Box `-info` can trigger a heap use-after-free in `gf_filter_pid_reconfigure_task_discard()`, causing a crash and potential code execution.
Summary:
The `gf_filter_pid_reconfigure_task_discard()` function in `filter_core/filter_pid.c` can access a freed `pid_inst` structure during PID reconfiguration task disposal. When MP4Box processes a specially crafted MPEG-2 Transport Stream file containing broken PMT descriptors, missing packet sync markers, unsupported stream types, and invalid packet data, a PID instance can be freed by `gf_filter_pid_inst_swap_delete()` and later accessed in `gf_filter_pid_reconfigure_task_discard()`.
AddressSanitizer reports a `heap-use-after-free` at `filter_core/filter_pid.c:1341`, with a `READ of size 8` from a freed 336-byte heap region.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:1341
Function: gf_filter_pid_reconfigure_task_discard()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1557-g62714f27c-master
Commit: 62714f27c64a3d1eb7e880f9eed2d38673cb43ce
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Local MITRE data also describes affected GPAC MP4Box 2.4 and earlier, including development branches that contain the vulnerable PID reconfiguration lifecycle handling.
Builds before the fix commit `868c6801c226e9964cace54cfd5a759f152780b4` should be considered affected if they contain the vulnerable path.
Attack Conditions:
An attacker supplies a crafted MPEG-2 TS file with corrupted PMT descriptors and invalid packet data. The issue can be reproduced locally with:
```
./MP4Box -info 31_gf_filter_pid_reconfigure_task_discard_filter_core_filter_pid_c_1341
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
868c6801c226e9964cace54cfd5a759f152780b4
```
Users should update to a GPAC build containing this commit or later. The affected filter PID reconfiguration path should ensure that PID instance lifetime is valid before task discard logic accesses the object.
References:
- Issue: https://github.com/gpac/gpac/issues/3279
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/31/31_gf_filter_pid_reconfigure_task_discard_filter_core_filter_pid_c_1341
- Fix: https://github.com/gpac/gpac/commit/868c6801c226e9964cace54cfd5a759f152780b4
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60471
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-60464 - Use-After-Free in GPAC MP4Box SEI State Handling
Processing a crafted MPEG-2 TS file with MP4Box `-info` can trigger a heap use-after-free in `gf_sei_load_from_state_internal()`, causing a crash and potential code execution.
Summary:
The `gf_sei_load_from_state_internal()` function in `filters/sei_load.c` can access codec/SEI state after the related heap buffer has been freed by the NALU demuxer setup path. When MP4Box processes a specially crafted MPEG-2 Transport Stream file containing malformed AVC/HEVC/VVC NAL units and corrupted PMT descriptors, `naludmx_configure_pid()` can release a state buffer that is later read during SEI state loading.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filters/sei_load.c:225
Function: gf_sei_load_from_state_internal()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
The issue was reproduced on:
```
GPAC version: 2.5-DEV-rev1557-g62714f27c-master
Commit: 62714f27c64a3d1eb7e880f9eed2d38673cb43ce
```
The MITRE response states that GPAC Project/MP4Box before `26.02.0` is affected. Builds before the fix commit `8f404bd581e455267482f86272169a742f654b97` should be considered affected if they contain the vulnerable SEI state handling path.
Attack Conditions:
An attacker supplies a crafted MPEG-2 TS file containing malformed AVC/HEVC/VVC bitstream data, corrupted PMT descriptors, and invalid NAL/SEI state. The issue can be reproduced locally with:
```
./MP4Box -info 32_filters_sei_load_c_225_in_gf_sei_load_from_state_internal
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
The prepared CVSS vector in the local BDU data is:
```
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
```
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
8f404bd581e455267482f86272169a742f654b97
```
Users should update to a GPAC build containing this commit or later. The affected SEI/NALU handling path should ensure state buffers remain valid before SEI parsing reads from them.
References:
- Issue: https://github.com/gpac/gpac/issues/3278
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/32/32_filters_sei_load_c_225_in_gf_sei_load_from_state_internal
- Fix: https://github.com/gpac/gpac/commit/8f404bd581e455267482f86272169a742f654b97
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-60464
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##CVE-2026-48979 - HTTP/2 request smuggling in PHP standard library (PSL). Unvalidated DATA frame bytes allow content overflow. CVSS 7.5. No patch yet; disable PSL H2 servers or upgrade if fix released. #CVE #PHP #infosec
##deepstream.io <10.0.5 has a CRITICAL Prototype Pollution flaw (CVE-2026-49252, CVSS 9.9). Authenticated users with write access can escalate privileges. Patch to 10.0.5+ ASAP! https://radar.offseq.com/threat/cve-2026-49252-cwe-1321-improperly-controlled-modi-de9b0627d448856f #OffSeq #CVE202649252 #deepstreamio #infosec
##CVE-2026-49454: szTheory relyra (<1.2.0) has a CRITICAL SAML authentication flaw — improper signature verification lets attackers forge responses & impersonate users. Fixed in v1.2.0. Patch now! https://radar.offseq.com/threat/cve-2026-49454-cwe-287-improper-authentication-in--d880f0af884dcf13 #OffSeq #CVE202649454 #SAML #Elixir #InfoSec
##CVE-2026-49257: startreedata mcp-pinot <=3.0.1 has a CRITICAL auth bypass. MCP server exposes full read/write access to Pinot clusters on 0.0.0.0:8080. Upgrade to 3.1.0 ASAP. https://radar.offseq.com/threat/cve-2026-49257-cwe-306-missing-authentication-for--c0c28b77341e3a12 #OffSeq #Vulnerability #CVE202649257 #Infosec
##I'm more than 25 years into IT at this point, but this is a first for me. Not one I'm proud of, but one I take responsibility for:
My project ansible_jailexec (an Ansible connection plugin for FreeBSD Jails) had a bug that turned out to be a vulnerability. Improper Link Resolution Before File Access (CWE-59), a jail escape. It's been assigned CVE-2026-55074 so people can scan for it (I know it's bundled into Collections out there).
If you're running < 2.0.0: please upgrade. 2.0.0 fixes it.
Advisory: https://github.com/chofstede/ansible_jailexec/security/advisories/GHSA-cxgv-hp74-jj7r
Release: https://github.com/chofstede/ansible_jailexec/releases/tag/v2.0.0
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48615) lib,test:...
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48615) lib,test:...
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48615) lib,test:...
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48615) lib,test:...
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48937) deps: fix...
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48615) lib,test:...
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48615) lib,test:...
##This is a security release. Notable Changes (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High (CVE-2026-48937) deps: fix...
Security Advisory: CVE-2025-55640 - Heap Buffer Overflow in GPAC MP4Box Sample Size Handling
Processing a crafted MP4 file with MP4Box `-add` can trigger a heap buffer overflow in `stbl_AddSize()`, causing a crash and potential code execution.
Summary:
The `stbl_AddSize()` function in `isomedia/stbl_write.c` does not sufficiently validate sample count boundaries before writing to the sample size table. When MP4Box imports a specially crafted MP4 file containing manipulated sample metadata, corrupted sample counts, invalid aspect ratios, and oversized box declarations, the vulnerable path writes beyond the allocated heap buffer for `stbl->sampleSize->sizes`.
AddressSanitizer reports a `heap-buffer-overflow` at `isomedia/stbl_write.c:492`, with a `WRITE of size 4` immediately after a 64-byte heap allocation.
CWE:
CWE-122 - Heap-based Buffer Overflow
Affected Component:
```
isomedia/stbl_write.c:492
Function: stbl_AddSize()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
GPAC MP4Box version 2.4 is affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
027ce139dda498ee95df36db9f9f6f3cadce8ec9
```
Builds before the fix commit `321624f28d19a413449fd1718d1eb59037f8f7fc` should be considered affected if they contain the vulnerable sample size table update path.
Attack Conditions:
An attacker supplies a crafted MP4 file with manipulated sample metadata. The issue can be reproduced locally with:
```
./MP4Box -add 25_poc.mp4 -new /dev/null
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is an out-of-bounds heap write, memory corruption and potential arbitrary code execution are possible.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
321624f28d19a413449fd1718d1eb59037f8f7fc
```
Users should update to a GPAC build containing this commit or later. The affected sample size table path should validate `sampleCount` and ensure capacity before writing sample size entries.
References:
- Issue: https://github.com/gpac/gpac/issues/3261
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/25/25_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/321624f28d19a413449fd1718d1eb59037f8f7fc
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-55640
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-52291 - NULL Pointer Dereference in GPAC MP4Box Movie Info Dumping
Processing a crafted MP4 file with MP4Box `-info` can trigger a NULL pointer dereference in `DumpMovieInfo()`, causing a Denial of Service.
Summary:
The `DumpMovieInfo()` function in `applications/mp4box/filedump.c` does not sufficiently validate metadata tag values before printing them. When MP4Box processes a specially crafted MP4 file containing corrupted metadata tags, a NULL tag value can be passed to `fputs()`.
AddressSanitizer reports a segmentation fault caused by a read from address `0x0` in `strlen()` during `fputs()`, reached from `DumpMovieInfo()` at `applications/mp4box/filedump.c:4230`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
applications/mp4box/filedump.c:4230
Function: DumpMovieInfo()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
GPAC MP4Box version 2.4 is affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
6681656e841649ef91c2b76e561192fe9da791f8
```
Builds before the fix commit `4bbb6e5f7cb827e56f32b2f7a5918b0b8e395eb8` should be considered affected if they contain the vulnerable movie information dumping path.
Attack Conditions:
An attacker supplies a crafted MP4 file with corrupted metadata tags, such as a malformed or NULL `minor_version` tag value. The issue can be reproduced locally with:
```
./MP4Box -info 24_data
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. No evidence of arbitrary code execution was observed in the local crash data.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
4bbb6e5f7cb827e56f32b2f7a5918b0b8e395eb8
```
Users should update to a GPAC build containing this commit or later. The affected metadata dumping path should validate tag pointers and tag values before printing them.
References:
- Issue: https://github.com/gpac/gpac/issues/3255
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/24/24_data
- Fix: https://github.com/gpac/gpac/commit/4bbb6e5f7cb827e56f32b2f7a5918b0b8e395eb8
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-52291
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-55639 - NULL Pointer Dereference in GPAC MP4Box Track Kind Handling
Processing a crafted MP4 file with MP4Box `-add` can trigger a NULL pointer dereference in `gf_isom_add_track_kind()`, causing a Denial of Service.
Summary:
The `gf_isom_add_track_kind()` function in `isomedia/isom_write.c` does not sufficiently validate the `kind` string before passing it to `strdup()`. When MP4Box imports a specially crafted MP4 file containing corrupted MPEG-2 TS PMT descriptors and empty track metadata, a NULL `kind` pointer can reach `gf_isom_add_track_kind()`.
AddressSanitizer reports a segmentation fault caused by a read from address `0x0` in `strlen()` during `strdup()`, reached from `gf_isom_add_track_kind()` at `isomedia/isom_write.c:3153`.
CWE:
CWE-476 - NULL Pointer Dereference
Affected Component:
```
isomedia/isom_write.c:3153
Function: gf_isom_add_track_kind()
``
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box version 2.4 is affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
78c2c9be29a41b38eca2c53d280442088a71dab9
```
Builds before the fix commit `027ce139dda498ee95df36db9f9f6f3cadce8ec9` should be considered affected if they contain the vulnerable track kind handling path.
Attack Conditions:
An attacker supplies a crafted MP4 file with corrupted PMT descriptors in an MPEG-2 TS stream and malformed or empty track metadata. The issue can be reproduced locally with:
```
./MP4Box -add 23_poc.mp4 -new /dev/null
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. No evidence of arbitrary code execution was observed.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
027ce139dda498ee95df36db9f9f6f3cadce8ec9
```
Users should update to a GPAC build containing this commit or later. The affected track metadata path should validate `kind` before duplicating it and fail cleanly when malformed input omits the expected metadata.
References:
- Issue: https://github.com/gpac/gpac/issues/3260
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/23/23_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/027ce139dda498ee95df36db9f9f6f3cadce8ec9
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-55639
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-55654 - Use-After-Free in GPAC MP4Box Packet Filtering
Processing a crafted media file with MP4Box `-nhml` export can trigger a heap use-after-free in `gf_filter_pid_get_packet()`, causing a crash and potential memory corruption.
Summary:
The `gf_filter_pid_get_packet()` function in `filter_core/filter_pid.c` may be called on a `gf_pid_filter_t` object that has already been freed by `gf_filter_pid_del()`. When MP4Box exports a specially crafted file through the `-nhml` path, the file output filter can continue packet processing after the related PID filter object has been released.
AddressSanitizer reports a `heap-use-after-free` at `filter_core/filter_pid.c:6792`, with a `READ of size 8` from a freed 336-byte heap region.
CWE:
CWE-416 - Use After Free
Affected Component:
```
filter_core/filter_pid.c:6792
Function: gf_filter_pid_get_packet()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box versions 2.4 and earlier are affected according to the prepared CVE/MITRE data. The issue was reproduced on a GPAC build at commit:
```
63eccc33d4a2b731ebb31581ff5673a2c0b13ad4
```
Builds before the fix commit `0ccd2927c7145f5ab0352c5b15f787757b34eb18` should be considered affected if they contain the vulnerable packet filtering/export path.
Attack Conditions:
An attacker supplies a crafted media file that is processed by MP4Box through the NHML export path. The issue can be reproduced locally with:
```
./MP4Box -nhml trackID 22_data -out /dev/null
```
No elevated privileges are required. User interaction is required when the victim manually processes the malicious file, or an automated media workflow invokes MP4Box on attacker-controlled input.
Impact:
The immediate observed impact is Denial of Service due to process termination. Because the vulnerability is a heap use-after-free, memory corruption and potential arbitrary code execution cannot be ruled out.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
0ccd2927c7145f5ab0352c5b15f787757b34eb18
```
Users should update to a GPAC build containing this commit or later. The affected filtering path should ensure that a PID filter object remains valid before packet retrieval continues.
References:
- Issue: https://github.com/gpac/gpac/issues/3249
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/22/22_data
- Fix: https://github.com/gpac/gpac/commit/0ccd2927c7145f5ab0352c5b15f787757b34eb18
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-55654
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##Security Advisory: CVE-2025-55653 - Divide by Zero in GPAC MP4Box
Processing a crafted MP4 file containing a zero-denominator fraction string causes gf_parse_lfrac() to divide by zero in utils/error.c:2290, terminating the process with SIGFPE.
Summary:
The gf_parse_lfrac() function in utils/error.c parses fractional timestamp or rate values extracted from media file metadata during file list processing. When a crafted MP4 causes filelist_next_url() to supply a fraction string whose denominator is zero, gf_parse_lfrac() performs the division at line 2290 without first validating that the divisor is non-zero. The resulting SIGFPE (floating-point exception) immediately kills the process with no possibility of recovery.
CWE:
CWE-369 - Divide by Zero
Affected Component:
```
utils/error.c:2290
Function: gf_parse_lfrac()
```
Affected Product:
MP4Box (GPAC Multimedia Open Source Project)
Affected Version:
MP4Box 2.4 and earlier; tested at commit 63eccc33d4a2b731ebb31581ff5673a2c0b13ad4
Attack Conditions:
An attacker supplies a locally accessible crafted MP4 file containing an invalid fractional value with a zero denominator in its metadata. The victim runs MP4Box -add ./21_poc.mp4 -new /dev/null on the file. No elevated privileges are required.
Impact:
The division by zero causes an immediate fatal crash (Denial of Service). No evidence of arbitrary code execution was observed.
Fix / mitigation status:
The issue was fixed in GPAC commit:
```
4bbb6e5f7cb827e56f32b2f7a5918b0b8e395eb8
```
Users should update to a GPAC build containing this commit or later.
References:
- Issue: https://github.com/gpac/gpac/issues/3247
- PoC: https://github.com/sigdevel/pocs/blob/main/res/gpac/MP4Box/21/21_poc.mp4
- Fix: https://github.com/gpac/gpac/commit/4bbb6e5f7cb827e56f32b2f7a5918b0b8e395eb8
- CVE record: https://www.cve.org/CVERecord?id=CVE-2025-55653
Credit
Alexander A. Shvedov (@sigdevel)
#fuzzing #infosec #security #aflplusplus #revers #cybersecurity #bugbounty #vulnerability #opensource #linux #cve #advisory #media #gpac
##⚠️ CRITICAL: CVE-2026-48768 in typebot.io (≤3.16.1) allows unauthenticated path injection — attackers can upload HTML/JS to public paths, risking stored XSS. Upgrade to 3.17.0. https://radar.offseq.com/threat/cve-2026-48768-cwe-22-improper-limitation-of-a-pat-bab741214d20a19d #OffSeq #CVE202648768 #Infosec #PathTraversal
##New.
Tenable research advisories:
CRITICAL: CVE-2026-8024: iba ibaPDA / ibaDatCoordinator .NET Deserialization Remote Code Execution https://www.tenable.com/security/research/tra-2026-49 @tenable
Cisco:
CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities
Three others of medium-severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity
Broadcom:
Several critical and high-severity vulnerabilities. A login is needed for details https://support.broadcom.com/web/ecx/security-advisory
Dell:
Several advisories, one of them critical:
CRITICAL: Security Update for Dell Data Protection Central Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000478330/dsa-2026-284-security-update-for-dell-data-protection-central-multiple-third-party-component-vulnerabilities
More: https://www.dell.com/support/security/en-us
Google:
Chrome Beta for iOS Update https://chromereleases.googleblog.com/
Yesterday:
Microsoft:
CVE-2026-50656: Microsoft Defender Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
Nvidia:
Security Bulletin addressing CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228:
NVIDIA NeMo - June 2026 https://nvidia.custhelp.com/app/answers/detail/a_id/5839 #Nvidia #Dell #Cisco #infosec #vulnerability #threatresearch #Broadcom #Google #Chrome #Microsoft #Windows
##📢 CVE-2026-48558 : Contournement d'authentification critique dans SimpleHelp via OIDC
📝 ## 🔍 Contexte
Le 12 juin 2026, Horizon3.ai publie une divulgation technique concernant **CVE-2026-4855...
📖 cyberveille : https://cyberveille.ch/posts/2026-06-17-cve-2026-48558-contournement-d-authentification-critique-dans-simplehelp-via-oidc/
🌐 source : https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/
#CVE_2026_48558 #IOC #Cyberveille
Just two recent examples of vulnerablities from 7-Zip and RAR.
Also keep in mind that distros are not always great at updating and if you installed one of these yourself, it is also on you (plus neither autoupdate on Windows or macOS).
##All* CVE reference URLs are either http, https, or ftp. Y'all need to up your weird protocol games!
*: There is one CVE with a typo in the reference url, https:/ (CVE-2019-25293)
##🟠 CVE-2026-47749 - High (7.8)
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORT_BINUNICODE parsin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47749/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-48745 in traccar-client <=9.7.19 allows silent GPS data redirection via crafted deep links — no user prompt, persists after restart. Update to 9.7.20 now! https://radar.offseq.com/threat/cve-2026-48745-cwe-940-improper-verification-of-so-6b0c4b37 #OffSeq #Infosec #MobileSecurity #CVE202648745
##🚨 CRITICAL vuln in mcp-tool-shop-org backpropagate <1.2.0: Reflex UI lacks real auth, letting anyone trigger training, access datasets, & export models. Patch to 1.2.0 ASAP. CVE-2026-48797 https://radar.offseq.com/threat/cve-2026-48797-cwe-358-improperly-implemented-secu-63bfdfdd #OffSeq #Python #Infosec
##🟠 CVE-2026-47750 - High (7.8)
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap bu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47750/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##