| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-3016 | 8.8 | 0.00% | 2 | 0 | 2026-02-23T16:29:38.170000 | A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. The affecte | |
| CVE-2026-3015 | 8.8 | 0.00% | 4 | 0 | 2026-02-23T16:29:37.950000 | A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is | |
| CVE-2026-23552 | 9.1 | 0.01% | 2 | 1 | 2026-02-23T16:29:36.813000 | Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycl | |
| CVE-2026-2441 | 8.8 | 0.39% | 3 | 5 | 2026-02-23T13:24:55.920000 | Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote a | |
| CVE-2025-49113 | 9.9 | 89.96% | 4 | 22 | template | 2026-02-23T13:24:21.387000 | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execu |
| CVE-2025-68461 | 7.2 | 13.54% | 4 | 2 | 2026-02-23T13:24:12.310000 | Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-S | |
| CVE-2026-2980 | 7.2 | 0.04% | 2 | 0 | 2026-02-23T09:31:29 | A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Impacted is t | |
| CVE-2026-1367 | 8.3 | 0.18% | 2 | 0 | 2026-02-23T09:31:29 | Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable | |
| CVE-2026-2981 | 8.8 | 0.04% | 4 | 0 | 2026-02-23T09:17:01.877000 | A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected eleme | |
| CVE-2026-2998 | 7.8 | 0.01% | 4 | 0 | 2026-02-23T06:30:18 | ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing au | |
| CVE-2026-24494 | 9.8 | 0.05% | 4 | 0 | 2026-02-23T03:30:28 | SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of | |
| CVE-2026-2960 | 8.8 | 0.04% | 4 | 0 | 2026-02-23T03:30:27 | A flaw has been found in D-Link DWR-M960 1.01.07. Affected by this issue is the | |
| CVE-2026-2962 | 8.8 | 0.04% | 4 | 0 | 2026-02-23T03:30:27 | A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects | |
| CVE-2026-2961 | 8.8 | 0.04% | 5 | 0 | 2026-02-23T01:16:17.720000 | A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the func | |
| CVE-2026-2958 | 8.8 | 0.04% | 4 | 0 | 2026-02-23T00:30:32 | A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected | |
| CVE-2026-2959 | 8.8 | 0.04% | 6 | 0 | 2026-02-23T00:30:32 | A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulner | |
| CVE-2026-2447 | 8.8 | 0.04% | 2 | 0 | 2026-02-22T21:31:26 | Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Fi | |
| CVE-2026-2926 | 8.8 | 0.04% | 3 | 0 | 2026-02-22T06:30:24 | A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_ | |
| CVE-2026-2927 | 8.8 | 0.04% | 2 | 0 | 2026-02-22T06:30:24 | A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability af | |
| CVE-2026-2928 | 8.8 | 0.03% | 2 | 0 | 2026-02-22T06:30:24 | A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the fun | |
| CVE-2026-2929 | 8.8 | 0.04% | 2 | 0 | 2026-02-22T06:30:24 | A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the funct | |
| CVE-2026-2910 | 8.8 | 0.05% | 1 | 0 | 2026-02-22T06:30:24 | A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown | |
| CVE-2026-2911 | 8.8 | 0.05% | 1 | 0 | 2026-02-22T06:30:17 | A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects | |
| CVE-2026-2925 | 8.8 | 0.04% | 2 | 0 | 2026-02-22T04:16:00.047000 | A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue | |
| CVE-2026-2907 | 8.8 | 0.05% | 1 | 0 | 2026-02-22T03:30:34 | A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerab | |
| CVE-2026-2904 | 8.8 | 0.04% | 2 | 0 | 2026-02-22T03:30:34 | A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the | |
| CVE-2026-2905 | 8.8 | 0.05% | 1 | 0 | 2026-02-22T03:30:33 | A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown f | |
| CVE-2026-2908 | 8.8 | 0.05% | 1 | 0 | 2026-02-22T03:30:33 | A security vulnerability has been detected in Tenda HG9 300001138. Affected by t | |
| CVE-2026-2909 | 8.8 | 0.05% | 2 | 0 | 2026-02-22T02:16:58.100000 | A vulnerability was detected in Tenda HG9 300001138. This affects an unknown par | |
| CVE-2026-2906 | 8.8 | 0.05% | 1 | 0 | 2026-02-22T02:16:57.493000 | A security flaw has been discovered in Tenda HG9 300001138. Affected is an unkno | |
| CVE-2026-2884 | 8.8 | 0.04% | 1 | 0 | 2026-02-21T21:30:33 | A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element | |
| CVE-2026-2885 | 8.8 | 0.04% | 2 | 0 | 2026-02-21T21:30:32 | A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted ele | |
| CVE-2026-2881 | 8.8 | 0.04% | 1 | 0 | 2026-02-21T21:30:28 | A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability af | |
| CVE-2026-2883 | 8.8 | 0.02% | 1 | 0 | 2026-02-21T21:30:28 | A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the funct | |
| CVE-2026-2877 | 8.8 | 0.05% | 2 | 0 | 2026-02-21T21:30:27 | A vulnerability has been found in Tenda A18 15.13.07.13. This affects the functi | |
| CVE-2026-2886 | 8.8 | 0.05% | 2 | 0 | 2026-02-21T21:16:11.217000 | A weakness has been identified in Tenda A21 1.0.0.0. This affects the function s | |
| CVE-2026-2882 | 8.8 | 0.04% | 1 | 0 | 2026-02-21T20:16:40.103000 | A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the fun | |
| CVE-2026-2876 | 8.8 | 0.05% | 2 | 0 | 2026-02-21T18:31:23 | A vulnerability was determined in Tenda A18 15.13.07.13. This affects the functi | |
| CVE-2026-2874 | 8.8 | 0.05% | 1 | 0 | 2026-02-21T18:31:23 | A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function form_fast_s | |
| CVE-2026-2871 | 8.8 | 0.04% | 1 | 0 | 2026-02-21T18:31:23 | A weakness has been identified in Tenda A21 1.0.0.0. This affects the function f | |
| CVE-2026-2873 | 8.8 | 0.05% | 1 | 0 | 2026-02-21T18:31:22 | A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the functi | |
| CVE-2026-2872 | 8.8 | 0.05% | 1 | 0 | 2026-02-21T18:31:22 | A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerabil | |
| CVE-2026-2870 | 8.8 | 0.05% | 1 | 0 | 2026-02-21T15:15:59.643000 | A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue | |
| CVE-2026-27466 | 7.2 | 0.07% | 1 | 0 | 2026-02-21T08:16:11.647000 | BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, | |
| CVE-2026-27471 | 0 | 0.04% | 1 | 0 | 2026-02-21T07:16:13.580000 | ERP is a free and open source Enterprise Resource Planning tool. In versions up | |
| CVE-2026-27206 | 8.1 | 0.29% | 1 | 0 | 2026-02-21T07:16:11.753000 | Zumba Json Serializer is a library to serialize PHP variables in JSON format. In | |
| CVE-2026-24708 | 8.2 | 0.04% | 1 | 0 | 2026-02-21T06:30:15 | An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 3 | |
| CVE-2026-27197 | 9.1 | 0.04% | 3 | 0 | 2026-02-21T05:17:29.510000 | Sentry is a developer-first error tracking and performance monitoring tool. Vers | |
| CVE-2026-2635 | 9.8 | 1.17% | 3 | 0 | 2026-02-21T00:31:55 | MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnera | |
| CVE-2026-2041 | 7.2 | 1.25% | 2 | 0 | 2026-02-21T00:31:54 | Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Executio | |
| CVE-2026-2033 | 8.1 | 10.53% | 3 | 0 | 2026-02-21T00:31:54 | MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Executio | |
| CVE-2019-25441 | 9.8 | 2.65% | 2 | 0 | 2026-02-21T00:31:54 | thesystem 1.0 contains a command injection vulnerability that allows unauthentic | |
| CVE-2026-2037 | 8.8 | 0.79% | 1 | 0 | 2026-02-21T00:31:54 | GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution V | |
| CVE-2026-2036 | 8.8 | 0.79% | 1 | 0 | 2026-02-21T00:31:54 | GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution | |
| CVE-2026-2045 | 7.8 | 0.06% | 1 | 0 | 2026-02-21T00:31:54 | GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. T | |
| CVE-2026-2047 | 7.8 | 0.06% | 1 | 0 | 2026-02-21T00:31:54 | GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerab | |
| CVE-2026-0797 | 7.8 | 0.06% | 2 | 0 | 2026-02-21T00:31:49 | GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi | |
| CVE-2026-0777 | 7.8 | 0.06% | 2 | 0 | 2026-02-21T00:31:49 | Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. Th | |
| CVE-2026-2042 | 7.2 | 1.25% | 2 | 0 | 2026-02-21T00:31:43 | Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerabili | |
| CVE-2026-2044 | 7.8 | 0.06% | 1 | 0 | 2026-02-21T00:31:43 | GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. | |
| CVE-2026-27169 | 8.9 | 0.04% | 1 | 0 | 2026-02-21T00:16:16.810000 | OpenSift is an AI study tool that sifts through large datasets using semantic se | |
| CVE-2026-27168 | 8.8 | 0.02% | 3 | 0 | 2026-02-21T00:16:16.640000 | SAIL is a cross-platform library for loading and saving images with support for | |
| CVE-2026-2048 | 7.8 | 0.06% | 1 | 0 | 2026-02-20T23:16:05.167000 | GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. T | |
| CVE-2026-2034 | 7.8 | 0.04% | 1 | 0 | 2026-02-20T23:16:03.233000 | Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vu | |
| CVE-2026-22378 | 8.1 | 0.11% | 1 | 0 | 2026-02-20T21:32:27 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-24941 | 7.5 | 0.03% | 1 | 0 | 2026-02-20T21:32:27 | Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal a | |
| CVE-2026-24950 | 7.5 | 0.03% | 1 | 0 | 2026-02-20T21:32:27 | Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Aut | |
| CVE-2026-2857 | 8.8 | 0.04% | 1 | 0 | 2026-02-20T21:31:32 | A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issu | |
| CVE-2026-2856 | 8.8 | 0.04% | 1 | 0 | 2026-02-20T21:31:32 | A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerabi | |
| CVE-2026-2855 | 8.8 | 0.04% | 1 | 0 | 2026-02-20T21:31:32 | A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the funct | |
| CVE-2026-2854 | 8.8 | 0.04% | 1 | 0 | 2026-02-20T21:31:24 | A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub_ | |
| CVE-2026-22383 | 7.5 | 0.04% | 1 | 0 | 2026-02-20T21:31:23 | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes | |
| CVE-2026-22380 | 8.1 | 0.11% | 1 | 0 | 2026-02-20T21:31:23 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22368 | 8.1 | 0.11% | 1 | 0 | 2026-02-20T21:31:22 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22366 | 8.1 | 0.11% | 1 | 0 | 2026-02-20T21:31:22 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22362 | 8.1 | 0.11% | 1 | 0 | 2026-02-20T21:31:22 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22374 | 8.1 | 0.11% | 1 | 0 | 2026-02-20T21:31:22 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22372 | 8.1 | 0.11% | 1 | 0 | 2026-02-20T21:31:22 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-27190 | 8.1 | 0.16% | 1 | 0 | 2026-02-20T21:19:28.090000 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a com | |
| CVE-2026-25896 | 9.3 | 0.03% | 3 | 0 | 2026-02-20T21:19:27.470000 | fast-xml-parser allows users to validate XML, parse XML to JS object, or build X | |
| CVE-2026-24892 | 7.5 | 0.31% | 1 | 0 | 2026-02-20T21:19:27.310000 | openITCOCKPIT is an open source monitoring tool built for different monitoring e | |
| CVE-2026-2329 | 9.8 | 0.14% | 4 | 0 | 2026-02-20T20:57:50.360000 | An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP | |
| CVE-2026-2853 | 8.8 | 0.04% | 1 | 0 | 2026-02-20T20:25:25.270000 | A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the functi | |
| CVE-2026-22376 | 8.1 | 0.11% | 1 | 0 | 2026-02-20T20:25:20.380000 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22370 | 8.1 | 0.11% | 1 | 0 | 2026-02-20T20:25:19.853000 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-22364 | 8.1 | 0.11% | 1 | 0 | 2026-02-20T20:25:19.337000 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-26200 | 7.8 | 0.03% | 1 | 0 | 2026-02-20T20:14:37.683000 | HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who c | |
| CVE-2026-26318 | 8.8 | 0.04% | 1 | 0 | 2026-02-20T19:51:20.580000 | systeminformation is a System and OS information library for node.js. Versions p | |
| CVE-2026-27487 | 7.6 | 0.05% | 1 | 0 | 2026-02-20T19:26:57 | ## Summary On macOS, the Claude CLI keychain credential refresh path constructed | |
| CVE-2026-24959 | 8.5 | 0.03% | 1 | 0 | 2026-02-20T19:23:15.067000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-26996 | 7.5 | 0.04% | 2 | 0 | 2026-02-20T19:12:33.527000 | minimatch is a minimal matching utility for converting glob expressions into Jav | |
| CVE-2026-26322 | 7.6 | 0.01% | 1 | 0 | 2026-02-20T19:12:17.440000 | OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Ga | |
| CVE-2026-24790 | 8.2 | 0.06% | 1 | 0 | 2026-02-20T18:57:15.973000 | The underlying PLC of the device can be remotely influenced, without proper safe | |
| CVE-2026-2818 | 8.2 | 0.07% | 1 | 0 | 2026-02-20T18:57:15.973000 | A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot f | |
| CVE-2026-27343 | 7.5 | 0.11% | 1 | 0 | 2026-02-20T18:32:34 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-26048 | 7.5 | 0.03% | 1 | 0 | 2026-02-20T18:31:49 | The Wi-Fi router is vulnerable to de-authentication attacks due to the absence | |
| CVE-2026-25715 | 9.8 | 0.06% | 1 | 0 | 2026-02-20T18:31:49 | The web management interface of the device allows the administrator username an | |
| CVE-2026-24455 | 7.5 | 0.03% | 1 | 0 | 2026-02-20T18:31:48 | The embedded web interface of the device does not support HTTPS/TLS for authent | |
| CVE-2026-20761 | 8.1 | 0.25% | 2 | 0 | 2026-02-20T18:31:47 | A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, w | |
| CVE-2026-27002 | 9.8 | 0.04% | 1 | 0 | 2026-02-20T18:11:24.263000 | OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration | |
| CVE-2026-26064 | 8.8 | 0.05% | 2 | 0 | 2026-02-20T16:53:32.203000 | calibre is a cross-platform e-book manager for viewing, converting, editing, and | |
| CVE-2026-26980 | 9.4 | 0.07% | 2 | 0 | 2026-02-20T16:48:10 | ### Impact A SQL injection vulnerability existed in Ghost's Content API that al | |
| CVE-2026-27001 | None | 0.02% | 1 | 0 | 2026-02-20T16:47:00 | ## Overview OpenClaw embedded the current working directory (workspace path) int | |
| CVE-2026-26323 | None | 0.18% | 1 | 0 | 2026-02-20T16:45:55 | ### Summary Command injection in the maintainer/dev script `scripts/update-clawt | |
| CVE-2026-26321 | 7.5 | 0.06% | 1 | 0 | 2026-02-20T16:44:34 | ### Summary The Feishu extension previously allowed `sendMediaFeishu` to treat a | |
| CVE-2026-26319 | 7.5 | 0.03% | 1 | 0 | 2026-02-20T16:44:20 | ## Summary In affected versions, OpenClaw's optional `@openclaw/voice-call` plu | |
| CVE-2026-26316 | 7.5 | 0.06% | 1 | 0 | 2026-02-20T16:44:14 | ### Summary In affected versions, the optional BlueBubbles iMessage channel plu | |
| CVE-2026-26275 | 7.5 | 0.02% | 1 | 0 | 2026-02-20T16:44:05 | ### Impact An issue was discovered in `httpsig-hyper` where Digest header verif | |
| CVE-2025-10970 | 9.8 | 0.03% | 1 | 0 | 2026-02-20T13:49:47.623000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-26050 | 7.8 | 0.01% | 2 | 0 | 2026-02-20T13:49:47.623000 | The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 c | |
| CVE-2026-26030 | 9.9 | 0.08% | 2 | 0 | 2026-02-20T13:49:47.623000 | Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execu | |
| CVE-2026-26959 | 7.8 | 0.01% | 2 | 0 | 2026-02-20T13:49:47.623000 | ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fai | |
| CVE-2026-26324 | 7.5 | 0.01% | 1 | 0 | 2026-02-20T13:49:47.623000 | OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF | |
| CVE-2025-30411 | 10.0 | 0.01% | 2 | 0 | 2026-02-20T03:31:45 | Sensitive data disclosure and manipulation due to improper authentication. The f | |
| CVE-2025-30416 | 10.0 | 0.01% | 1 | 0 | 2026-02-20T03:31:45 | Sensitive data disclosure and manipulation due to missing authorization. The fol | |
| CVE-2025-30412 | 10.0 | 0.02% | 1 | 0 | 2026-02-20T03:31:45 | Sensitive data disclosure and manipulation due to improper authentication. The f | |
| CVE-2025-30410 | 9.8 | 0.02% | 1 | 0 | 2026-02-20T03:31:45 | Sensitive data disclosure and manipulation due to missing authentication. The fo | |
| CVE-2026-23544 | 8.8 | 0.05% | 1 | 0 | 2026-02-20T00:32:59 | Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allo | |
| CVE-2026-21535 | 8.2 | 0.10% | 2 | 0 | 2026-02-20T00:31:59 | Improper access control in Microsoft Teams allows an unauthorized attacker to di | |
| CVE-2026-0573 | 9.0 | 0.07% | 1 | 0 | 2026-02-19T22:49:21.843000 | An URL redirection vulnerability was identified in GitHub Enterprise Server that | |
| CVE-2026-23549 | 9.8 | 0.04% | 1 | 0 | 2026-02-19T22:16:41.930000 | Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage | |
| CVE-2026-23542 | 9.8 | 0.04% | 1 | 0 | 2026-02-19T22:16:41.127000 | Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant g | |
| CVE-2026-27013 | 7.6 | 0.04% | 1 | 0 | 2026-02-19T21:57:27 | fabric.js applies `escapeXml()` to text content during SVG export (`src/shapes/T | |
| CVE-2026-26280 | 8.4 | 0.06% | 1 | 0 | 2026-02-19T21:57:03 | ### Summary A command injection vulnerability in the `wifiNetworks()` function a | |
| CVE-2026-26278 | 7.5 | 0.05% | 1 | 0 | 2026-02-19T21:56:58 | ### Summary The XML parser can be forced to do an unlimited amount of entity exp | |
| CVE-2026-26267 | 7.5 | 0.03% | 1 | 0 | 2026-02-19T21:56:47 | ### Impact The `#[contractimpl]` macro contains a bug in how it wires up functi | |
| CVE-2026-27476 | 9.8 | 0.27% | 2 | 0 | 2026-02-19T21:30:57 | RustFly 2.0.0 contains a command injection vulnerability in its remote UI contro | |
| CVE-2026-25378 | 7.6 | 0.03% | 1 | 0 | 2026-02-19T21:30:45 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-26016 | None | 0.04% | 2 | 0 | 2026-02-19T21:30:31 | ### Summary A missing authorization check in multiple controllers allows any us | |
| CVE-2026-25232 | None | 0.03% | 1 | 0 | 2026-02-19T21:14:58 | ## Summary An access control bypass vulnerability in Gogs web interface allows | |
| CVE-2026-27192 | None | 0.02% | 1 | 0 | 2026-02-19T20:32:29 | The origin validation uses `startsWith()` for comparison, allowing attackers to | |
| CVE-2026-27198 | 8.8 | 0.04% | 1 | 0 | 2026-02-19T20:31:12 | ### Summary The application fails to properly enforce role-based authorization | |
| CVE-2026-27196 | 8.1 | 0.02% | 1 | 0 | 2026-02-19T20:30:39 | ## Impact Stored XSS vulnerability in `html` fieldtypes allow authenticated use | |
| CVE-2026-27212 | None | 0.03% | 1 | 0 | 2026-02-19T20:28:39 | ### Summary A prototype pollution vulnerability exists in the the npm package sw | |
| CVE-2026-27203 | 8.3 | 0.04% | 1 | 0 | 2026-02-19T20:27:13 | The `ebay_set_user_tokens` tool allows updating the `.env` file with new tokens. | |
| CVE-2026-25242 | 9.8 | 0.05% | 1 | 1 | 2026-02-19T19:46:19.810000 | Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose | |
| CVE-2026-2648 | 8.8 | 0.07% | 1 | 0 | 2026-02-19T18:32:57 | Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed | |
| CVE-2025-11754 | 7.5 | 0.04% | 1 | 0 | 2026-02-19T18:31:52 | The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized acces | |
| CVE-2025-12845 | 8.8 | 0.05% | 1 | 0 | 2026-02-19T18:31:52 | The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluen | |
| CVE-2026-27112 | None | 0.24% | 1 | 0 | 2026-02-19T15:16:47 | ## Summary The batch resource creation endpoints of both Kargo's legacy gRPC AP | |
| CVE-2026-26990 | 8.8 | 0.01% | 1 | 0 | 2026-02-18T22:31:38 | ### Summary A time-based blind SQL injection vulnerability exists in `address-se | |
| CVE-2026-26988 | None | 0.00% | 1 | 1 | 2026-02-18T22:30:20 | ### Summary *SQL Injection in IPv6 Address Search functionality via `address` pa | |
| CVE-2026-0714 | 6.8 | 0.01% | 2 | 0 | 2026-02-18T18:31:27 | A physical attack vulnerability exists in certain Moxa industrial computers usin | |
| CVE-2021-22175 | 9.8 | 75.69% | 1 | 0 | template | 2026-02-18T18:31:26 | When requests to the internal network for webhooks are enabled, a server-side re |
| CVE-2026-22769 | 10.0 | 34.16% | 3 | 0 | 2026-02-18T18:30:35 | Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a | |
| CVE-2026-2548 | 6.3 | 1.41% | 2 | 0 | 2026-02-18T17:52:22.253000 | A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_ | |
| CVE-2025-65716 | 8.8 | 0.06% | 1 | 0 | 2026-02-18T17:52:22.253000 | An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allo | |
| CVE-2026-2426 | 6.5 | 1.97% | 2 | 0 | 2026-02-18T12:31:15 | The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in a | |
| CVE-2026-1670 | 9.8 | 0.05% | 2 | 0 | 2026-02-18T00:30:22 | The affected products are vulnerable to an unauthenticated API endpoint exposure | |
| CVE-2026-26119 | 8.8 | 0.07% | 1 | 0 | 2026-02-18T00:30:22 | Improper authentication in Windows Admin Center allows an authorized attacker to | |
| CVE-2026-1731 | 9.8 | 49.74% | 10 | 5 | template | 2026-02-17T13:40:10.320000 | BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote |
| CVE-2026-2544 | 7.3 | 2.14% | 2 | 0 | 2026-02-16T09:30:36 | A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue a | |
| CVE-2026-2533 | 7.3 | 2.14% | 2 | 0 | 2026-02-16T06:31:32 | A flaw has been found in Tosei Self-service Washing Machine 4.02. Impacted is an | |
| CVE-2026-20841 | 8.8 | 0.10% | 1 | 10 | 2026-02-11T15:31:25 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-24423 | 9.8 | 24.64% | 1 | 1 | 2026-02-06T16:45:15.323000 | SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated | |
| CVE-2026-23760 | 9.8 | 57.48% | 1 | 2 | template | 2026-01-27T18:33:14 | SmarterTools SmarterMail versions prior to build 9511 contain an authentication |
| CVE-2025-6571 | 6.0 | 0.02% | 1 | 0 | 2025-11-11T09:30:36 | A 3rd-party component exposed its password in process arguments, allowing for lo | |
| CVE-2022-22265 | 7.8 | 0.18% | 1 | 0 | 2025-10-22T00:32:28 | An improper check or handling of exceptional conditions in NPU driver prior to S | |
| CVE-2025-47809 | 8.3 | 0.02% | 2 | 0 | 2025-05-16T03:30:44 | Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately af | |
| CVE-2025-29969 | 7.5 | 0.33% | 1 | 1 | 2025-05-13T18:31:00 | Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows | |
| CVE-2023-51781 | 7.0 | 0.02% | 1 | 0 | 2024-01-27T05:05:43 | An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/app | |
| CVE-2026-27574 | 0 | 0.05% | 1 | 1 | N/A | ||
| CVE-2026-27467 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-27479 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-27464 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-27470 | 0 | 0.03% | 1 | 1 | N/A | ||
| CVE-2026-27452 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-27134 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-26286 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-27114 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-24891 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2026-26065 | 0 | 0.03% | 3 | 0 | N/A | ||
| CVE-2025-61675 | 0 | 16.95% | 1 | 3 | N/A | ||
| CVE-2025-66039 | 0 | 32.61% | 1 | 3 | N/A | ||
| CVE-2026-26975 | 0 | 0.02% | 2 | 0 | N/A | ||
| CVE-2026-26202 | 0 | 0.05% | 1 | 0 | N/A |
updated 2026-02-23T16:29:38.170000
2 posts
🟠 CVE-2026-3016 - High (8.8)
A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. The affected element is the function strcpy of the file /goform/formP2PLimitConfig. The manipulation of the argument except leads to buffer overflow. Remote exploitation of the a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3016/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3016 - High (8.8)
A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. The affected element is the function strcpy of the file /goform/formP2PLimitConfig. The manipulation of the argument except leads to buffer overflow. Remote exploitation of the a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3016/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-23T16:29:37.950000
4 posts
🟠 CVE-2026-3015 - High (8.8)
A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/formPolicyRouteConf. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack may be launche...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3015/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3015 - High (8.8)
A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/formPolicyRouteConf. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack may be launche...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3015/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3015 - High (8.8)
A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/formPolicyRouteConf. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack may be launche...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3015/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3015 - High (8.8)
A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/formPolicyRouteConf. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack may be launche...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3015/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-23T16:29:36.813000
2 posts
1 repos
🔴 CVE-2026-23552 - Critical (9.1)
Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component.
The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss (issuer) claim of JWT tokens against the configured realm. A token issued by one ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23552/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-23552 - Critical (9.1)
Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component.
The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss (issuer) claim of JWT tokens against the configured realm. A token issued by one ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23552/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-23T13:24:55.920000
3 posts
5 repos
https://github.com/b1gchoi/CVE-2026-2441_POC
https://github.com/atiilla/CVE-2026-2441_PoC
https://github.com/huseyinstif/CVE-2026-2441-PoC
Chrome CSS Zero-Day (CVE-2026-2441)
Google has patched a CVSS 8.8 high-severity use-after-free bug in Chrome’s CSS engine that is being exploited in the wild. This also affects all Chrome-based browsers such as Brave, Edge and Opera.
https://forum.hashpwn.net/post/10273
#google #chrome #brave #edge #opera #browser #cybersecurity #css #zeroday #cve20262441 #news #hashpwn
##updated 2026-02-23T13:24:21.387000
4 posts
22 repos
https://github.com/Ademking/CVE-2025-49113-nuclei-template
https://github.com/Yuri08loveElaina/CVE-2025-49113
https://github.com/00xCanelo/CVE-2025-49113
https://github.com/BiiTts/Roundcube-CVE-2025-49113
https://github.com/hakaioffsec/CVE-2025-49113-exploit
https://github.com/l4f2s4/CVE-2025-49113_exploit_cookies
https://github.com/Zuack55/Roundcube-1.6.10-Post-Auth-RCE-CVE-2025-49113-
https://github.com/hackmelocal/CVE-2025-49113-Simulation
https://github.com/rxerium/CVE-2025-49113
https://github.com/CyberQuestor-infosec/CVE-2025-49113-Roundcube_1.6.10
https://github.com/Zwique/CVE-2025-49113
https://github.com/ankitpandey383/roundcube-cve-2025-49113-lab
https://github.com/5kr1pt/Roundcube_CVE-2025-49113
https://github.com/punitdarji/roundcube-cve-2025-49113
https://github.com/fearsoff-org/CVE-2025-49113
https://github.com/rasool13x/exploit-CVE-2025-49113
https://github.com/SteamPunk424/CVE-2025-49113-Roundcube-RCE-PHP
https://github.com/LeakForge/CVE-2025-49113
https://github.com/AC8999/CVE-2025-49113
https://github.com/Joelp03/CVE-2025-49113
CISA Warns of Active Exploitation Targeting Roundcube Webmail Vulnerabilities
CISA has warned of active exploitation targeting two Roundcube Webmail vulnerabilities, including a critical remote code execution flaw (CVE-2025-49113) and a high-severity XSS bug (CVE-2025-68461).
**If you are using Roundcube Webmail, this is important. Upddate to version 1.5.12 or 1.6.12 ASAP. Your webmail interface is under attack.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-warns-of-active-exploitation-targeting-roundcube-webmail-vulnerabilities-d-0-m-k-8/gD2P6Ple2L
CISA Warns of Active Exploitation Targeting Roundcube Webmail Vulnerabilities
CISA has warned of active exploitation targeting two Roundcube Webmail vulnerabilities, including a critical remote code execution flaw (CVE-2025-49113) and a high-severity XSS bug (CVE-2025-68461).
**If you are using Roundcube Webmail, this is important. Upddate to version 1.5.12 or 1.6.12 ASAP. Your webmail interface is under attack.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-warns-of-active-exploitation-targeting-roundcube-webmail-vulnerabilities-d-0-m-k-8/gD2P6Ple2L
🚨 [CISA-2026:0220] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0220)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-49113 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-49113)
- Name: RoundCube Webmail Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Roundcube
- Product: Webmail
- Notes: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.6.11 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49113
⚠️ CVE-2025-68461 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-68461)
- Name: RoundCube Webmail Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Roundcube
- Product: Webmail
- Notes: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12 ; https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb ; https://nvd.nist.gov/vuln/detail/CVE-2025-68461
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260220 #cisa20260220 #cve_2025_49113 #cve_2025_68461 #cve202549113 #cve202568461
##CVE ID: CVE-2025-49113
Vendor: Roundcube
Product: Webmail
Date Added: 2026-02-20
Notes: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.6.11 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49113
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-49113
updated 2026-02-23T13:24:12.310000
4 posts
2 repos
CISA Warns of Active Exploitation Targeting Roundcube Webmail Vulnerabilities
CISA has warned of active exploitation targeting two Roundcube Webmail vulnerabilities, including a critical remote code execution flaw (CVE-2025-49113) and a high-severity XSS bug (CVE-2025-68461).
**If you are using Roundcube Webmail, this is important. Upddate to version 1.5.12 or 1.6.12 ASAP. Your webmail interface is under attack.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-warns-of-active-exploitation-targeting-roundcube-webmail-vulnerabilities-d-0-m-k-8/gD2P6Ple2L
CISA Warns of Active Exploitation Targeting Roundcube Webmail Vulnerabilities
CISA has warned of active exploitation targeting two Roundcube Webmail vulnerabilities, including a critical remote code execution flaw (CVE-2025-49113) and a high-severity XSS bug (CVE-2025-68461).
**If you are using Roundcube Webmail, this is important. Upddate to version 1.5.12 or 1.6.12 ASAP. Your webmail interface is under attack.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-warns-of-active-exploitation-targeting-roundcube-webmail-vulnerabilities-d-0-m-k-8/gD2P6Ple2L
🚨 [CISA-2026:0220] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0220)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-49113 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-49113)
- Name: RoundCube Webmail Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Roundcube
- Product: Webmail
- Notes: https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.6.11 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49113
⚠️ CVE-2025-68461 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-68461)
- Name: RoundCube Webmail Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Roundcube
- Product: Webmail
- Notes: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12 ; https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb ; https://nvd.nist.gov/vuln/detail/CVE-2025-68461
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260220 #cisa20260220 #cve_2025_49113 #cve_2025_68461 #cve202549113 #cve202568461
##CVE ID: CVE-2025-68461
Vendor: Roundcube
Product: Webmail
Date Added: 2026-02-20
Notes: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12 ; https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb ; https://nvd.nist.gov/vuln/detail/CVE-2025-68461
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-68461
updated 2026-02-23T09:31:29
2 posts
⚠️ HIGH severity buffer overflow in UTT HiPER 810G (≤1.7.7-1711) — remote exploitation possible via passwd1 in /goform/setSysAdm. Exploit is public. Monitor devices & restrict access until patch available. CVE-2026-2980 https://radar.offseq.com/threat/cve-2026-2980-buffer-overflow-in-utt-hiper-810g-30621ae4 #OffSeq #Vuln #Infosec
##⚠️ HIGH severity buffer overflow in UTT HiPER 810G (≤1.7.7-1711) — remote exploitation possible via passwd1 in /goform/setSysAdm. Exploit is public. Monitor devices & restrict access until patch available. CVE-2026-2980 https://radar.offseq.com/threat/cve-2026-2980-buffer-overflow-in-utt-hiper-810g-30621ae4 #OffSeq #Vuln #Infosec
##updated 2026-02-23T09:31:29
2 posts
🟠 CVE-2026-1367 - High (8.3)
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1367/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1367 - High (8.3)
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1367/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-23T09:17:01.877000
4 posts
🚨 HIGH severity: CVE-2026-2981 affects UTT HiPER 810G ≤1.7.7-1711. Remote, unauthenticated buffer overflow in /goform/formTaskEdit_ap. Exploit code is public — patch unavailable. Restrict access & monitor endpoints! https://radar.offseq.com/threat/cve-2026-2981-buffer-overflow-in-utt-hiper-810g-ebbad869 #OffSeq #Vulnerability #Cybersecurity
##🟠 CVE-2026-2981 - High (8.8)
A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be launched remotely...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2981/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 HIGH severity: CVE-2026-2981 affects UTT HiPER 810G ≤1.7.7-1711. Remote, unauthenticated buffer overflow in /goform/formTaskEdit_ap. Exploit code is public — patch unavailable. Restrict access & monitor endpoints! https://radar.offseq.com/threat/cve-2026-2981-buffer-overflow-in-utt-hiper-810g-ebbad869 #OffSeq #Vulnerability #Cybersecurity
##🟠 CVE-2026-2981 - High (8.8)
A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be launched remotely...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2981/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-23T06:30:18
4 posts
⚠️ CVE-2026-2998 (HIGH): eAI Technologies ERP F2 hit by DLL hijacking (CWE-426), allowing local code execution. No patch yet. Restrict local access, monitor DLLs, and implement whitelisting. Details: https://radar.offseq.com/threat/cve-2026-2998-cwe-426-untrusted-search-path-in-eai-2fea061f #OffSeq #Cybersecurity #Vuln #ERP
##🟠 CVE-2026-2998 - High (7.8)
ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrary code.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2998/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-2998 (HIGH): eAI Technologies ERP F2 hit by DLL hijacking (CWE-426), allowing local code execution. No patch yet. Restrict local access, monitor DLLs, and implement whitelisting. Details: https://radar.offseq.com/threat/cve-2026-2998-cwe-426-untrusted-search-path-in-eai-2fea061f #OffSeq #Cybersecurity #Vuln #ERP
##🟠 CVE-2026-2998 - High (7.8)
ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrary code.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2998/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-23T03:30:28
4 posts
⚠️ CVE-2026-24494 (CRITICAL, CVSS 9.8): SQL Injection in Order Up Online Ordering System v1.0 lets unauthenticated attackers run arbitrary SQL via /api/integrations/getintegrations. Patch or mitigate now! https://radar.offseq.com/threat/cve-2026-24494-cwe-89-improper-neutralization-of-s-fae4075c #OffSeq #SQLInjection #Vulnerability #Infosec
##🔴 CVE-2026-24494 - Critical (9.8)
SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a crafted store_id parameter in a POST request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24494/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-24494 (CRITICAL, CVSS 9.8): SQL Injection in Order Up Online Ordering System v1.0 lets unauthenticated attackers run arbitrary SQL via /api/integrations/getintegrations. Patch or mitigate now! https://radar.offseq.com/threat/cve-2026-24494-cwe-89-improper-neutralization-of-s-fae4075c #OffSeq #SQLInjection #Vulnerability #Infosec
##🔴 CVE-2026-24494 - Critical (9.8)
SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a crafted store_id parameter in a POST request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24494/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-23T03:30:27
4 posts
🛡️ CVE-2026-2960: HIGH severity stack-based buffer overflow in D-Link DWR-M960 (fw 1.01.07). Remote, unauthenticated RCE possible; PoC exploit published. Patch or restrict access now! https://radar.offseq.com/threat/cve-2026-2960-stack-based-buffer-overflow-in-d-lin-29b3b35d #OffSeq #DLink #Infosec #Vulnerability
##🟠 CVE-2026-2960 - High (8.8)
A flaw has been found in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_468D64 of the file /boafrm/formDhcpv6s. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be exe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2960/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛡️ CVE-2026-2960: HIGH severity stack-based buffer overflow in D-Link DWR-M960 (fw 1.01.07). Remote, unauthenticated RCE possible; PoC exploit published. Patch or restrict access now! https://radar.offseq.com/threat/cve-2026-2960-stack-based-buffer-overflow-in-d-lin-29b3b35d #OffSeq #DLink #Infosec #Vulnerability
##🟠 CVE-2026-2960 - High (8.8)
A flaw has been found in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_468D64 of the file /boafrm/formDhcpv6s. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be exe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2960/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-23T03:30:27
4 posts
🛡️ HIGH severity: CVE-2026-2962 impacts D-Link DWR-M960 (1.01.07). Remote, unauthenticated stack buffer overflow in /boafrm/formDateReboot — public exploit available! Patch or restrict access immediately. https://radar.offseq.com/threat/cve-2026-2962-stack-based-buffer-overflow-in-d-lin-37c3a76b #OffSeq #CVE20262962 #DLink #Infosec
##🟠 CVE-2026-2962 - High (8.8)
A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_460F30 of the file /boafrm/formDateReboot of the component Scheduled Reboot Configuration Endpoint. The manipulation of the argument submit-url resul...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2962/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛡️ HIGH severity: CVE-2026-2962 impacts D-Link DWR-M960 (1.01.07). Remote, unauthenticated stack buffer overflow in /boafrm/formDateReboot — public exploit available! Patch or restrict access immediately. https://radar.offseq.com/threat/cve-2026-2962-stack-based-buffer-overflow-in-d-lin-37c3a76b #OffSeq #CVE20262962 #DLink #Infosec
##🟠 CVE-2026-2962 - High (8.8)
A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_460F30 of the file /boafrm/formDateReboot of the component Scheduled Reboot Configuration Endpoint. The manipulation of the argument submit-url resul...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2962/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-23T01:16:17.720000
5 posts
⚠️ New security advisory:
CVE-2026-2961 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://yazoul.net/advisory/cve/cve-2026-2961
🔒 CVE-2026-2961: HIGH-severity stack buffer overflow in D-Link DWR-M960 (fw 1.01.07). Remote, unauthenticated exploit possible — public PoC released. Restrict config access & monitor for abuse! https://radar.offseq.com/threat/cve-2026-2961-stack-based-buffer-overflow-in-d-lin-722e4783 #OffSeq #DLink #Vuln #InfoSec
##🟠 CVE-2026-2961 - High (8.8)
A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based bu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2961/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔒 CVE-2026-2961: HIGH-severity stack buffer overflow in D-Link DWR-M960 (fw 1.01.07). Remote, unauthenticated exploit possible — public PoC released. Restrict config access & monitor for abuse! https://radar.offseq.com/threat/cve-2026-2961-stack-based-buffer-overflow-in-d-lin-722e4783 #OffSeq #DLink #Vuln #InfoSec
##🟠 CVE-2026-2961 - High (8.8)
A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based bu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2961/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-23T00:30:32
4 posts
🟠 CVE-2026-2958 - High (8.8)
A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulation of the argument save_apply leads to stack-based buffer overflow. The attack may be launched r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2958/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2958 - High (8.8)
A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulation of the argument save_apply leads to stack-based buffer overflow. The attack may be launched r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2958/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2958 - High (8.8)
A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulation of the argument save_apply leads to stack-based buffer overflow. The attack may be launched r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2958/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2958 - High (8.8)
A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulation of the argument save_apply leads to stack-based buffer overflow. The attack may be launched r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2958/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-23T00:30:32
6 posts
🟠 CVE-2026-2959 - High (8.8)
A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url results in stack-based buffer overflow. Remote ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2959/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2959 - High (8.8)
A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url results in stack-based buffer overflow. Remote ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2959/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH severity: D-Link DWR-M960 v1.01.07 hit by stack-based buffer overflow (CVE-2026-2959) via /boafrm/formNewSchedule. Remote exploitation possible — public exploit available! Assess & monitor. https://radar.offseq.com/threat/cve-2026-2959-stack-based-buffer-overflow-in-d-lin-54cc012d #OffSeq #DLink #CVE20262959 #Security
##🟠 CVE-2026-2959 - High (8.8)
A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url results in stack-based buffer overflow. Remote ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2959/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2959 - High (8.8)
A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url results in stack-based buffer overflow. Remote ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2959/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH severity: D-Link DWR-M960 v1.01.07 hit by stack-based buffer overflow (CVE-2026-2959) via /boafrm/formNewSchedule. Remote exploitation possible — public exploit available! Assess & monitor. https://radar.offseq.com/threat/cve-2026-2959-stack-based-buffer-overflow-in-d-lin-54cc012d #OffSeq #DLink #CVE20262959 #Security
##updated 2026-02-22T21:31:26
2 posts
updated 2026-02-22T06:30:24
3 posts
CVE-2026-2926: HIGH-severity stack buffer overflow in D-Link DWR-M960 v1.01.07. Remote, unauthenticated code execution possible. Public PoC released — no vendor patch yet. Isolate devices, monitor endpoints, restrict access. Details: https://radar.offseq.com/threat/cve-2026-2926-stack-based-buffer-overflow-in-d-lin-b63cbef8 #OffSeq #DLink #Infosec
##CVE-2026-2926: HIGH-severity stack buffer overflow in D-Link DWR-M960 v1.01.07. Remote, unauthenticated code execution possible. Public PoC released — no vendor patch yet. Isolate devices, monitor endpoints, restrict access. Details: https://radar.offseq.com/threat/cve-2026-2926-stack-based-buffer-overflow-in-d-lin-b63cbef8 #OffSeq #DLink #Infosec
##🟠 CVE-2026-2926 - High (8.8)
A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-22T06:30:24
2 posts
🚨 CVE-2026-2927: HIGH-severity stack buffer overflow in D-Link DWR-M960 (v1.01.07). Remote, unauthenticated RCE risk — exploit details public. Patch or restrict access! More: https://radar.offseq.com/threat/cve-2026-2927-stack-based-buffer-overflow-in-d-lin-aa7f83a9 #OffSeq #DLink #Vuln #BlueTeam
##🟠 CVE-2026-2927 - High (8.8)
A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_462590 of the file /boafrm/formOpMode of the component Operation Mode Configuration Endpoint. The manipulation of the argument submit-url leads ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2927/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-22T06:30:24
2 posts
CVE-2026-2928: HIGH-severity stack buffer overflow in D-Link DWR-M960 (v1.01.07) enables remote code execution — no auth needed. Public exploit code is out. Isolate & restrict access, monitor for attacks, patch ASAP. https://radar.offseq.com/threat/cve-2026-2928-stack-based-buffer-overflow-in-d-lin-ba314a06 #OffSeq #DLink #Vuln #BlueTeam
##🟠 CVE-2026-2928 - High (8.8)
A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_452CCC of the file /boafrm/formWlEncrypt of the component WLAN Encryption Configuration Endpoint. The manipulation of the argument submit-url results in stac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2928/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-22T06:30:24
2 posts
🟠 CVE-2026-2929 - High (8.8)
A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_453140 of the file /boafrm/formWlAc of the component Wireless Access Control Endpoint. This manipulation of the argument submit-url causes stack-based buffer o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2929/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH severity: Stack-based buffer overflow in D-Link DWR-M960 (v1.01.07) via /boafrm/formWlAc (CVE-2026-2929) enables remote code execution. Public exploit is out — review defenses now! https://radar.offseq.com/threat/cve-2026-2929-stack-based-buffer-overflow-in-d-lin-63e7a69b #OffSeq #CVE20262929 #DLink #Vuln
##updated 2026-02-22T06:30:24
1 posts
🟠 CVE-2026-2910 - High (8.8)
A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer overflow. The attack may be performed from remot...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-22T06:30:17
1 posts
🟠 CVE-2026-2911 - High (8.8)
A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2911/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-22T04:16:00.047000
2 posts
🔎 HIGH severity: D-Link DWR-M960 v1.01.07 vulnerable to stack-based buffer overflow (CVE-2026-2925) via Bridge VLAN config. Remote exploit now public — monitor exposure & await patches. https://radar.offseq.com/threat/cve-2026-2925-stack-based-buffer-overflow-in-d-lin-790f34e9 #OffSeq #DLink #Vuln
##🟠 CVE-2026-2925 - High (8.8)
A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2925/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-22T03:30:34
1 posts
🟠 CVE-2026-2907 - High (8.8)
A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgpon_loid/fmgpon_...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2907/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-22T03:30:34
2 posts
⚠️ CVE-2026-2904 (HIGH): Buffer overflow in UTT HiPER 810G v1.7.7-171114 via /goform/ConfigExceptAli. Remote, unauthenticated RCE/DoS risk. Public exploit code available — restrict access & monitor. https://radar.offseq.com/threat/cve-2026-2904-buffer-overflow-in-utt-hiper-810g-b0bb6f4a #OffSeq #Vulnerability #NetworkSecurity
##🟠 CVE-2026-2904 - High (8.8)
A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been pu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2904/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-22T03:30:33
1 posts
🟠 CVE-2026-2905 - High (8.8)
A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2905/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-22T03:30:33
1 posts
🟠 CVE-2026-2908 - High (8.8)
A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configuration Endpoint. Such manipulation of the argument...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2908/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-22T02:16:58.100000
2 posts
🚨 HIGH-severity (CVSS 8.7): Stack buffer overflow in Tenda HG9 (v300001138) via /boaform/formPing. Remote code execution possible with public exploit available. Restrict access, monitor, and patch ASAP! Details: https://radar.offseq.com/threat/cve-2026-2909-stack-based-buffer-overflow-in-tenda-c1902d12 #OffSeq #Infosec #Vuln #IoT
##🟠 CVE-2026-2909 - High (8.8)
A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2909/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-22T02:16:57.493000
1 posts
🟠 CVE-2026-2906 - High (8.8)
A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argument sambaCap results in stack-based buffer overf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2906/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T21:30:33
1 posts
🟠 CVE-2026-2884 - High (8.8)
A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element is the function sub_41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The manipulation of the argument submit-url leads to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2884/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T21:30:32
2 posts
🟠 CVE-2026-2885 - High (8.8)
A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2885/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2885 - High (8.8)
A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2885/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T21:30:28
1 posts
🟠 CVE-2026-2881 - High (8.8)
A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_425FF8 of the file /boafrm/formFirewallAdv of the component Advanced Firewall Configuration Endpoint. Such manipulation of the argument submit-u...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2881/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T21:30:28
1 posts
🟠 CVE-2026-2883 - High (8.8)
A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_427D74 of the file /boafrm/formIpQoS. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2883/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T21:30:27
2 posts
🔶 New security advisory:
CVE-2026-2877 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://yazoul.net/advisory/cve/cve-2026-2877
🟠 CVE-2026-2877 - High (8.8)
A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. It is...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2877/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T21:16:11.217000
2 posts
🟠 CVE-2026-2886 - High (8.8)
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2886 - High (8.8)
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attac...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T20:16:40.103000
1 posts
🟠 CVE-2026-2882 - High (8.8)
A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. Remote exploitation of th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2882/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T18:31:23
2 posts
🔶 New security advisory:
CVE-2026-2876 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://yazoul.net/advisory/cve/cve-2026-2876
🟠 CVE-2026-2876 - High (8.8)
A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2876/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T18:31:23
1 posts
🟠 CVE-2026-2874 - High (8.8)
A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. Executing a manipulation of the argument ssid can lead to stack-based buffer overflow. It is possible to lau...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2874/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T18:31:23
1 posts
🟠 CVE-2026-2871 - High (8.8)
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of the argument list causes stack-based buffer overflow. The attack is possible to be carried out r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2871/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T18:31:22
1 posts
🟠 CVE-2026-2873 - High (8.8)
A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. It is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2873/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T18:31:22
1 posts
🟠 CVE-2026-2872 - High (8.8)
A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devN...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2872/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T15:15:59.643000
1 posts
🟠 CVE-2026-2870 - High (8.8)
A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2870/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T08:16:11.647000
1 posts
BigBlueButton on < 3.0.22 with two new CVEs today: CVE-2026-27466 & CVE-2026-27467
Feel free to use the AI slop analyses (Gemini for student with free API configured).. Hecate is a prototype app for my master thesis
##updated 2026-02-21T07:16:13.580000
1 posts
🚨 CRITICAL: CVE-2026-27471 in ERPNext (≤15.98.0, 16.0.0-rc.1 – 16.6.0) lets unauth attackers access sensitive docs via missing API auth. Upgrade to 15.98.1/16.6.1+ & restrict access now. https://radar.offseq.com/threat/cve-2026-27471-cwe-862-missing-authorization-in-fr-0d95cb60 #OffSeq #ERPNext #CVE202627471 #Infosec
##updated 2026-02-21T07:16:11.753000
1 posts
🟠 CVE-2026-27206 - High (8.1)
Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27206/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T06:30:15
1 posts
updated 2026-02-21T05:17:29.510000
3 posts
⛔ New security advisory:
CVE-2026-27197 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://yazoul.net/advisory/cve/cve-2026-27197
🚨 Critical SAML SSO vuln (CVE-2026-27197, CVSS 9.1) in Sentry 21.12.0 – 26.1.0 allows remote account takeover in multi-org instances. Upgrade to 26.2.0+, enable user 2FA, audit SSO settings! Full details: https://radar.offseq.com/threat/cve-2026-27197-cwe-287-improper-authentication-in--f7f67e7c #OffSeq #Sentry #CVE202627197 #infosec
##🔴 CVE-2026-27197 - Critical (9.1)
Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious S...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27197/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:31:55
3 posts
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
🔴 CVE-2026-2635 - Critical (9.8)
MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability.
The specifi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2635/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:31:54
2 posts
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
updated 2026-02-21T00:31:54
3 posts
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
🟠 CVE-2026-2033 - High (8.1)
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not requir...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2033/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:31:54
2 posts
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
updated 2026-02-21T00:31:54
1 posts
🟠 CVE-2026-2037 - High (8.8)
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2037/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:31:54
1 posts
🟠 CVE-2026-2036 - High (8.8)
GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2036/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:31:54
1 posts
🟠 CVE-2026-2045 - High (7.8)
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2045/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:31:54
1 posts
🟠 CVE-2026-2047 - High (7.8)
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabili...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2047/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:31:49
2 posts
🟠 CVE-2026-0797 - High (7.8)
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0797/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0797 - High (7.8)
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0797/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:31:49
2 posts
🟠 CVE-2026-0777 - High (7.8)
Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0777/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0777 - High (7.8)
Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0777/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:31:43
2 posts
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
updated 2026-02-21T00:31:43
1 posts
🟠 CVE-2026-2044 - High (7.8)
GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2044/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:16:16.810000
1 posts
🟠 CVE-2026-27169 - High (8.9)
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27169/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-21T00:16:16.640000
3 posts
⚠️ CVE-2026-27168: HIGH severity heap overflow in HappySeaFox sail (≤0.9.10). Remote code execution possible via crafted XWD files — no patch yet. Audit, block untrusted XWDs, and monitor! https://radar.offseq.com/threat/cve-2026-27168-cwe-122-heap-based-buffer-overflow--338e400d #OffSeq #Vulnerability #HappySeaFox #CyberAlert
##🟠 CVE-2026-27168 - High (8.8)
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27168/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27168 - High (8.8)
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27168/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T23:16:05.167000
1 posts
🟠 CVE-2026-2048 - High (7.8)
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T23:16:03.233000
1 posts
🟠 CVE-2026-2034 - High (7.8)
Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2034/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:32:27
1 posts
🟠 CVE-2026-22378 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Blabber blabber allows PHP Local File Inclusion.This issue affects Blabber: from n/a through <= 1.7.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22378/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:32:27
1 posts
🟠 CVE-2026-24941 - High (7.5)
Missing Authorization vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24941/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:32:27
1 posts
🟠 CVE-2026-24950 - High (7.5)
Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Authorsy: from n/a through <= 1.0.6.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24950/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:32
1 posts
🟠 CVE-2026-2857 - High (8.8)
A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url cause...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2857/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:32
1 posts
🟠 CVE-2026-2856 - High (8.8)
A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_424AFC of the file /boafrm/formFilter of the component Filter Configuration Endpoint. The manipulation of the argument submit-url results in s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2856/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:32
1 posts
🟠 CVE-2026-2855 - High (8.8)
A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the function sub_4648F0 of the file /boafrm/formDdns of the component DDNS Settings Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. T...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2855/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:24
1 posts
🟠 CVE-2026-2854 - High (8.8)
A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub_4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer over...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2854/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:23
1 posts
🟠 CVE-2026-22383 - High (7.5)
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends -...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22383/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:23
1 posts
🟠 CVE-2026-22380 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes UnlimHost unlimhost allows PHP Local File Inclusion.This issue affects UnlimHost: from n/a through <= 1.2.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22380/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:22
1 posts
🟠 CVE-2026-22368 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Redy redy allows PHP Local File Inclusion.This issue affects Redy: from n/a through <= 1.0.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22368/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:22
1 posts
🟠 CVE-2026-22366 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Jude jude allows PHP Local File Inclusion.This issue affects Jude: from n/a through <= 1.3.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22366/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:22
1 posts
🟠 CVE-2026-22362 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Photolia photolia allows PHP Local File Inclusion.This issue affects Photolia: from n/a through <= 1.0.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22362/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:22
1 posts
🟠 CVE-2026-22374 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Zio Alberto zioalberto allows PHP Local File Inclusion.This issue affects Zio Alberto: from n/a through <= 1.2.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22374/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:31:22
1 posts
🟠 CVE-2026-22372 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Isida isida allows PHP Local File Inclusion.This issue affects Isida: from n/a through <= 1.4.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22372/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:19:28.090000
1 posts
🟠 CVE-2026-27190 - High (8.1)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:child_process implementation. This vulnerability is fixed in 2.6.8.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27190/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:19:27.470000
3 posts
CVE-2026-25896 (CVSS 9.3) disclosed in fast-xml-parser
A critical entity encoding bypass affects fast-xml-parser (40M+ weekly npm downloads).
-Allows attackers to shadow built-in XML entities (<, >, &, ", ')
-Can lead to XSS or injection when parsing untrusted XML and rendering the output
-Exploitable with default settings (processEntities: true)
-Impacts >= 4.1.3 and < 5.3.5, including transitive dependencies
Fix: upgrade to v5.3.5+
Advisory: GHSA-m7jm-9gc2-mpf2
https://www.endorlabs.com/learn/cve-2026-25896-fast-xml-parser
##🚨 CRITICAL: CVE-2026-25896 in fast-xml-parser (<5.3.5) lets attackers override built-in XML entities, enabling XSS via crafted XML. Affects web apps using vulnerable versions. Patch to 5.3.5+ ASAP! https://radar.offseq.com/threat/cve-2026-25896-cwe-185-incorrect-regular-expressio-a786da3a #OffSeq #Infosec #XSS #NodeJS
##🔴 CVE-2026-25896 - Critical (9.3)
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during en...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25896/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T21:19:27.310000
1 posts
🟠 CVE-2026-24892 - High (7.5)
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. openITCOCKPIT Community Edition 5.3.1 and earlier contains an unsafe PHP deserialization pattern in the processing of change...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24892/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T20:57:50.360000
4 posts
CVE-2026-2329 — Critical VoIP RCE
Affects: Grandstream GXP1600
Type: Stack-based buffer overflow
Impact: Unauthenticated RCE (root)
Attack Path:
• Extract SIP credentials
• Modify SIP proxy settings
• Transparent call interception
Operational risk:
• SMB exposure
• Flat networks
• Insufficient VoIP monitoring
Patch available: Firmware 1.0.7.81.
Community question:
Are you incorporating VoIP firmware into vulnerability scanning pipelines?
Do you log and monitor SIP configuration changes?
Source: https://www.securityweek.com/critical-grandstream-phone-vulnerability-exposes-calls-to-interception/
Engage below and follow TechNadu for detailed CVE intelligence and technical breakdowns.
#ThreatIntel #VoIPSecurity #CVE20262329 #RCE #VulnerabilityManagement #NetworkDefense #Infosec #CyberRisk
##CVE-2026-2329 — Critical VoIP RCE
Affects: Grandstream GXP1600
Type: Stack-based buffer overflow
Impact: Unauthenticated RCE (root)
Attack Path:
• Extract SIP credentials
• Modify SIP proxy settings
• Transparent call interception
Operational risk:
• SMB exposure
• Flat networks
• Insufficient VoIP monitoring
Patch available: Firmware 1.0.7.81.
Community question:
Are you incorporating VoIP firmware into vulnerability scanning pipelines?
Do you log and monitor SIP configuration changes?
Source: https://www.securityweek.com/critical-grandstream-phone-vulnerability-exposes-calls-to-interception/
Engage below and follow TechNadu for detailed CVE intelligence and technical breakdowns.
#ThreatIntel #VoIPSecurity #CVE20262329 #RCE #VulnerabilityManagement #NetworkDefense #Infosec #CyberRisk
##CRITICAL: Grandstream VoIP phones hit by unauthenticated RCE (CVE-2026-2329) — allows call interception & device compromise. No patch yet. Restrict access, disable remote mgmt, and monitor for threats. https://radar.offseq.com/threat/critical-grandstream-phone-vulnerability-exposes-c-7d749d0a #OffSeq #VoIP #Security #RCE
##Critical Unauthenticated Root Vulnerability in Grandstream GXP1600 VoIP Phones
Grandstream GXP1600 series VoIP phones contain a critical unauthenticated buffer overflow vulnerability (CVE-2026-2329) that allows attackers to gain root access and intercept calls.
**If you are using Grandstream GXP1600 phones, plan a quick update to firmware 1.0.7.81. As a first step, make sure to isolate VoIP hardware on a dedicated, firewalled VLAN and confirm that management interfaces are not reachable from untrusted networks.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unauthenticated-root-vulnerability-in-grandstream-gxp1600-voip-phones-t-4-w-t-w/gD2P6Ple2L
updated 2026-02-20T20:25:25.270000
1 posts
🟠 CVE-2026-2853 - High (8.8)
A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub_462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2853/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T20:25:20.380000
1 posts
🟠 CVE-2026-22376 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Parkivia parkivia allows PHP Local File Inclusion.This issue affects Parkivia: from n/a through <= 1.1.9.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22376/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T20:25:19.853000
1 posts
🟠 CVE-2026-22370 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Marveland marveland allows PHP Local File Inclusion.This issue affects Marveland: from n/a through <= 1.3.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22370/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T20:25:19.337000
1 posts
🟠 CVE-2026-22364 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue affects SevenTrees: from n/a through <=1.0.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22364/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T20:14:37.683000
1 posts
🟠 CVE-2026-26200 - High (7.8)
HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially furthe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26200/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T19:51:20.580000
1 posts
🟠 CVE-2026-26318 - High (8.8)
systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized `locate` output in `versions()`. Version 5.31.0 fixes the issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T19:26:57
1 posts
🟠 CVE-2026-27487 - High (7.6)
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w ....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27487/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T19:23:15.067000
1 posts
🟠 CVE-2026-24959 - High (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24959/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T19:12:33.527000
2 posts
🟠 CVE-2026-26996 - High (7.5)
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildca...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26996/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-26996: HIGH severity ReDoS in isaacs minimatch (<10.2.1). User-controlled glob patterns can cause exponential backtracking & DoS. Upgrade to 10.2.1+ & validate input! Info: https://radar.offseq.com/threat/cve-2026-26996-cwe-1333-inefficient-regular-expres-e16ebdd4 #OffSeq #ReDoS #NodeSecurity
##updated 2026-02-20T19:12:17.440000
1 posts
🟠 CVE-2026-26322 - High (7.6)
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied `gatewayUrl` without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26322/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T18:57:15.973000
1 posts
🟠 CVE-2026-24790 - High (8.2)
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24790/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T18:57:15.973000
1 posts
🟠 CVE-2026-2818 - High (8.2)
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2818/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T18:32:34
1 posts
🟠 CVE-2026-27343 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through <= 1.2.91.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27343/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T18:31:49
1 posts
🟠 CVE-2026-26048 - High (7.5)
The Wi-Fi router is vulnerable to de-authentication attacks due to the
absence of management frame protection, allowing forged deauthentication
and disassociation frames to be broadcast without authentication or
encryption. An attacker can use ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T18:31:49
1 posts
🔴 CVE-2026-25715 - Critical (9.8)
The web management interface of the device allows the administrator
username and password to be set to blank values. Once applied, the
device permits authentication with empty credentials over the web
management interface and Telnet service. Th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25715/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T18:31:48
1 posts
🟠 CVE-2026-24455 - High (7.5)
The embedded web interface of the device does not support HTTPS/TLS for
authentication and uses HTTP Basic Authentication. Traffic is encoded
but not encrypted, exposing user credentials to passive interception by
attackers on the same network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24455/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T18:31:47
2 posts
🟠 CVE-2026-20761 - High (8.1)
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and
prior, which would allow remote attackers, in the LON IP-852 management
messages, to send specially crafted IP-852 messages resulting in
arbitrary OS command execution on th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20761/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20761 - High (8.1)
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and
prior, which would allow remote attackers, in the LON IP-852 management
messages, to send specially crafted IP-852 messages resulting in
arbitrary OS command execution on th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20761/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T18:11:24.263000
1 posts
🔴 CVE-2026-27002 - Critical (9.8)
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options (bind mounts, host networking, unconfined profiles) to be applied, enabling container ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27002/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:53:32.203000
2 posts
🟠 CVE-2026-26064 - High (8.8)
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Wind...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26064/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛑 CRITICAL CVE-2026-26064 in calibre <9.3.0: Path traversal in extract_pictures enables arbitrary file writes & remote code execution on Windows. Patch to 9.3.0+ ASAP. User interaction required. Details: https://radar.offseq.com/threat/cve-2026-26064-cwe-22-improper-limitation-of-a-pat-71d04e0e #OffSeq #Calibre #Vuln #InfoSec
##updated 2026-02-20T16:48:10
2 posts
⚠️ CVE-2026-26980: CRITICAL SQL Injection in TryGhost Ghost CMS (3.24.0 – 6.19.0). Unauth attackers can read DB data remotely. Patch to 6.19.1 now! https://radar.offseq.com/threat/cve-2026-26980-cwe-89-improper-neutralization-of-s-8eb7ae8a #OffSeq #SQLInjection #GhostCMS #Vuln
##🔴 CVE-2026-26980 - Critical (9.4)
Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26980/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:47:00
1 posts
🟠 CVE-2026-27001 - High (7.8)
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory (workspace path) into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27001/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:45:55
1 posts
🟠 CVE-2026-26323 - High (8.8)
OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in the maintainer/dev script `scripts/update-clawtributors.ts`. The issue affects contributors/maintainers (or CI) who run `bun scripts/update-clawtr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26323/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:44:34
1 posts
🟠 CVE-2026-26321 - High (7.5)
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed `sendMediaFeishu` to treat attacker-controlled `mediaUrl` values as local filesystem paths and read them directly. If an attacker can...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:44:20
1 posts
🟠 CVE-2026-26319 - High (7.5)
OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:44:14
1 posts
🟠 CVE-2026-26316 - High (7.5)
OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) eve...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26316/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T16:44:05
1 posts
🟠 CVE-2026-26275 - High (7.5)
httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in `httpsig-hyper` prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's `matches!` macro. Specifically, t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26275/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T13:49:47.623000
1 posts
🔴 CVE-2025-10970 - Critical (9.8)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 20022026.
NOTE: The vendor was contacted early ab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10970/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T13:49:47.623000
2 posts
🚨 Ricoh ジョブログ集計ツール (<1.3.7) has a HIGH severity DLL search path issue (CVE-2026-26050). Exploiting this enables admin-level code execution during install. Update to v1.3.7+ and restrict local access. https://radar.offseq.com/threat/cve-2026-26050-uncontrolled-search-path-element-in-8a10be9e #OffSeq #Vuln #Ricoh
##🟠 CVE-2026-26050 - High (7.8)
The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26050/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T13:49:47.623000
2 posts
Unbelievable.... https://digg.com/cybersecurity/yCL5Ang/critical-alert-cve-2026-26030-microsoft
##⚠️ CRITICAL RCE: CVE-2026-26030 in Microsoft Semantic Kernel (<1.39.4) lets remote attackers execute code via InMemoryVectorStore filter. Upgrade to 1.39.4+ ASAP or avoid this component in prod. Details: https://radar.offseq.com/threat/cve-2026-26030-cwe-94-improper-control-of-generati-8c490551
#OffSeq #CVE #infosec #Python #AIsecurity
updated 2026-02-20T13:49:47.623000
2 posts
🟠 CVE-2026-26959 - High (7.8)
ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fail to validate the integrity or authenticity of the ADB binary path specified in the ManualAdbPath setting before executing it, allowing arbitrary code execution with t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26959/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-26959: HIGH severity vuln in Alex4SSB ADB-Explorer (<0.9.26021). Malicious config (App.txt) can trigger code execution if users launch app with a crafted argument. Upgrade ASAP! https://radar.offseq.com/threat/cve-2026-26959-cwe-829-inclusion-of-functionality--f5a9dc71 #OffSeq #Vulnerability #Security #CVE202626959
##updated 2026-02-20T13:49:47.623000
1 posts
🟠 CVE-2026-26324 - High (7.5)
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as `0:0:0:0:0:ffff:7f00:1` (which is `127.0.0.1`). This could allow requests that should b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T03:31:45
2 posts
🔴 CVE-2025-30411 - Critical (10)
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30411/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-30411 - Critical (10)
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30411/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T03:31:45
1 posts
🔴 CVE-2025-30416 - Critical (10)
Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30416/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T03:31:45
1 posts
🔴 CVE-2025-30412 - Critical (10)
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30412/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T03:31:45
1 posts
🔴 CVE-2025-30410 - Critical (9.8)
Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before bu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30410/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T00:32:59
1 posts
🟠 CVE-2026-23544 - High (8.8)
Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23544/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-20T00:31:59
2 posts
If you missed this, Microsoft posted this advisory yesterday:
Critical: CVE-2026-21535: Microsoft Teams Information Disclosure Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21535 #infosec #Microsoft #Teams
##🟠 CVE-2026-21535 - High (8.2)
Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21535/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T22:49:21.843000
1 posts
🔴 CVE-2026-0573 - Critical (9)
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely followed HTTP redirects when fetching artifact URLs,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0573/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T22:16:41.930000
1 posts
🔴 CVE-2026-23549 - Critical (9.8)
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23549/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T22:16:41.127000
1 posts
🔴 CVE-2026-23542 - Critical (9.8)
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through <= 7.0.10.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23542/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:57:27
1 posts
🟠 CVE-2026-27013 - High (7.6)
Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies `escapeXml()` to text content during SVG export (`src/shapes/Text/TextSVGExportMixin.ts:186`) but fails to apply it to other user-controlled string values th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27013/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:57:03
1 posts
🟠 CVE-2026-26280 - High (8.4)
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the `wifiNetworks()` function allows an attacker to execute arbitrary OS commands via an unsanitized network in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26280/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:56:58
1 posts
🟠 CVE-2026-26278 - High (7.5)
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26278/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:56:47
1 posts
🟠 CVE-2026-26267 - High (7.5)
soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22.0.10, 23.5.2, and 25.1.1, the `#[contractimpl]` macro contains a bug in how it wires up function calls. `#[contractimpl]` generates code that uses `MyContract::value()` style ca...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26267/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:30:57
2 posts
⚠️ CRITICAL: CVE-2026-27476 in Bixat RustFly 2.0.0 lets remote attackers run arbitrary system commands over UDP port 5005 — no auth needed. Block 5005, monitor for hex payloads, & audit systems now. Patch ASAP! https://radar.offseq.com/threat/cve-2026-27476-improper-neutralization-of-special--c7ddf948 #OffSeq #Vulnerability #Infosec
##🔴 CVE-2026-27476 - Critical (9.8)
RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system com...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27476/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:30:45
1 posts
🟠 CVE-2026-25378 - High (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through <= 8.2.4.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25378/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T21:30:31
2 posts
🟠 CVE-2026-26016 - High (8.1)
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user with access to a node secret token to fetch informa...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26016/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: Pterodactyl Panel <1.12.1 has an auth bypass (CVE-2026-26016). Wings node token = full access to all servers, data loss risk. Upgrade to 1.12.1 ASAP & secure tokens! https://radar.offseq.com/threat/cve-2026-26016-cwe-639-authorization-bypass-throug-e8901bb1 #OffSeq #Pterodactyl #CVE202626016 #Vulnerability
##updated 2026-02-19T21:14:58
1 posts
🟠 CVE-2026-25232 - High (8.8)
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches (including the default branch) by se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25232/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T20:32:29
1 posts
⚠️ CVE-2026-27192: Feathersjs (<5.0.40) suffers a HIGH-severity origin validation error (CWE-346). Prefix-based checks let attackers steal OAuth tokens, risking account takeover. Upgrade to 5.0.40+! https://radar.offseq.com/threat/cve-2026-27192-cwe-346-origin-validation-error-in--17700ad4 #OffSeq #Feathersjs #OAuth #CVE202627192
##updated 2026-02-19T20:31:12
1 posts
🟠 CVE-2026-27198 - High (8.8)
Formwork is a flat file-based Content Management System (CMS). In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exist...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27198/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T20:30:39
1 posts
🟠 CVE-2026-27196 - High (8.1)
Statmatic is a Laravel and Git powered content management system (CMS). Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27196/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T20:28:39
1 posts
🚨 CRITICAL: CVE-2026-27212 in nolimits4web swiper (6.5.1 – 12.1.1) enables prototype pollution, risking auth bypass, DoS, & RCE. Affects Node & Bun, Windows & Linux. Upgrade to 12.1.2 now! https://radar.offseq.com/threat/cve-2026-27212-cwe-1321-improperly-controlled-modi-35374c82 #OffSeq #CVE202627212 #AppSec #JavaScript
##updated 2026-02-19T20:27:13
1 posts
🟠 CVE-2026-27203 - High (8.3)
eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebay_set_user_token...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27203/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T19:46:19.810000
1 posts
1 repos
🔴 CVE-2026-25242 - Critical (9.8)
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled (default), any remote user can upload arbitrary files to the s...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25242/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:32:57
1 posts
🟠 CVE-2026-2648 - High (8.8)
Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2648/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:31:52
1 posts
🟠 CVE-2025-11754 - High (7.5)
The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-11754/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T18:31:52
1 posts
🟠 CVE-2025-12845 - High (8.8)
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the get_table_data() fu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12845/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-19T15:16:47
1 posts
🚨 CRITICAL vuln: CVE-2026-27112 in akuity kargo (v1.7.0 – 1.9.2) enables resource injection & privilege escalation via batch API endpoints. Patch to 1.7.8/1.8.11/1.9.3+ ASAP. Monitor logs & restrict API access. https://radar.offseq.com/threat/cve-2026-27112-cwe-863-incorrect-authorization-in--0476694e #OffSeq #Kubernetes #InfoSec
##updated 2026-02-18T22:31:38
1 posts
🟠 CVE-2026-26990 - High (8.8)
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is suppl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26990/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T22:30:20
1 posts
1 repos
🔴 CVE-2026-26988 - Critical (9.1)
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user input w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26988/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-18T18:31:27
2 posts
[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device
https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device
[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device
#CVE_2026_0714
https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device
updated 2026-02-18T18:31:26
1 posts
🚨 [CISA-2026:0218] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0218)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-22175 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22175)
- Name: GitLab Server-Side Request Forgery (SSRF) Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: GitLab
- Product: GitLab
- Notes: https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json ; https://nvd.nist.gov/vuln/detail/CVE-2021-22175
⚠️ CVE-2026-22769 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- Name: Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Dell
- Product: RecoverPoint for Virtual Machines (RP4VMs)
- Notes: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day ; https://nvd.nist.gov/vuln/detail/CVE-2026-22769
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260218 #cisa20260218 #cve_2021_22175 #cve_2026_22769 #cve202122175 #cve202622769
##updated 2026-02-18T18:30:35
3 posts
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
🚨 [CISA-2026:0218] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0218)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-22175 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22175)
- Name: GitLab Server-Side Request Forgery (SSRF) Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: GitLab
- Product: GitLab
- Notes: https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json ; https://nvd.nist.gov/vuln/detail/CVE-2021-22175
⚠️ CVE-2026-22769 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- Name: Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Dell
- Product: RecoverPoint for Virtual Machines (RP4VMs)
- Notes: https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day ; https://nvd.nist.gov/vuln/detail/CVE-2026-22769
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260218 #cisa20260218 #cve_2021_22175 #cve_2026_22769 #cve202122175 #cve202622769
##updated 2026-02-18T17:52:22.253000
2 posts
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
updated 2026-02-18T17:52:22.253000
1 posts
"OX Security discovered a vulnerability (CVE-2025-65716) in Markdown Preview Enhanced that enables a crafted Markdown file to execute JavaScript in the Markdown preview, allowing local port enumeration and exfiltration to an attacker-controlled server."
https://www.ox.security/blog/cve-2025-65716-markdown-preview-enhanced-vscode-vulnerability/
##updated 2026-02-18T12:31:15
2 posts
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
updated 2026-02-18T00:30:22
2 posts
Why TF does the NVD not include the CVE title, vendor, or other useful information. If you look at the following you have no what's impacted and have to hunt details in the links.
https://nvd.nist.gov/vuln/detail/CVE-2026-1670
The backing CVE data contains all of this:
##CRITICAL INTEL: Honeywell CVSS 9.8 (CVE-2026-1670) is here. 🚨 Unauthenticated API exploitation means total compromise. I’m breaking down the Sovereign Sentry strategy using Raspberry Pi & Suricata to harden your network. https://thecybermind.co/2026/02/20/cve-2026-1670-honeywell-exploit/
#exploit
updated 2026-02-18T00:30:22
1 posts
CVE-2026-26119 : cette faille dans Windows Admin Center peut mener à la compromission du domaine https://www.it-connect.fr/cve-2026-26119-cette-faille-dans-windows-admin-center-peut-mener-a-la-compromission-du-domaine/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft
##updated 2026-02-17T13:40:10.320000
10 posts
5 repos
https://github.com/cybrdude/cve-2026-1731-scanner
https://github.com/win3zz/CVE-2026-1731
https://github.com/richardpaimu34/CVE-2026-1731
Geopolitical tensions heighten as US-Iran nuclear talks near. Technology advances with Tesla's Cybercab launch and Uber's significant investment in autonomous EV charging. Cybersecurity faces active exploitation of CVE-2026-1731 in BeyondTrust products, AI-powered FortiGate breaches, and AI-assisted malware from MuddyWater.
##Critical RCE in BeyondTrust Remote Support and Privileged Remote Access Under Active Exploitation Worldwide
Introduction: A Silent Door Left Open in Enterprise Remote Access A critical vulnerability inside one of the most widely deployed remote access platforms has rapidly evolved from a technical advisory into a global security emergency. Tracked as CVE-2026-1731 and assigned a near-maximum CVSS score of 9.9, the flaw affects BeyondTrust Remote Support and older…
##Geopolitical tensions heighten as US-Iran nuclear talks near. Technology advances with Tesla's Cybercab launch and Uber's significant investment in autonomous EV charging. Cybersecurity faces active exploitation of CVE-2026-1731 in BeyondTrust products, AI-powered FortiGate breaches, and AI-assisted malware from MuddyWater.
##Critical CVE-2026-1731 in BeyondTrust RS/PRA is under active exploitation.
Web shells. RATs. PostgreSQL dumps.
Now listed in CISA KEV & tied to ransomware.
Remote support appliances are high-value targets.
Are we giving PAM systems enough monitoring visibility?
Source: https://thehackernews.com/2026/02/beyondtrust-flaw-used-for-web-shells.html
Follow @technadu for independent cybersecurity reporting.
Like and join the discussion below.
#CyberSecurity #Infosec #ZeroDay #Ransomware #PAM #ThreatIntel #SecurityCommunity #CVE20261731
##"CISA: BeyondTrust RCE flaw now exploited in ransomware attacks"
"[...] Cybersecurity and Infrastructure Security Agency (CISA) warns. Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S."
##CISA: BeyondTrust RCE flaw now exploited in ransomware attacks
Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and...
🔗️ [Bleepingcomputer] https://link.is.it/nNcFd0
##Ransomware gangs found a new shortcut into company networks with CVE-2026-1731—no passwords needed, attacks automated, and defenders caught off guard. How did this flaw become their go-to weapon almost overnight?
https://thedefendopsdiaries.com/how-cve-2026-1731-became-ransomwares-new-favorite-toy/
##VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
https://unit42.paloaltonetworks.com/beyondtrust-cve-2026-1731/
##VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
#CVE_2026_1731 #Vshell #SparkRAT
https://unit42.paloaltonetworks.com/beyondtrust-cve-2026-1731/
CVE-2026-1731 - Changed to Known Ransomware Status
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection VulnerabilityVendor: BeyondTrustProduct: Remote Support (RS) and Privileged Remote Access (PRA)BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system https://nvd.nist.gov/vuln/detail/CVE-2026-1731
##updated 2026-02-16T09:30:36
2 posts
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
updated 2026-02-16T06:31:32
2 posts
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
📈 CVE Published in last 7 days (2026-02-16 - 2026-02-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1338
Severity:
- Critical: 74
- High: 301
- Medium: 602
- Low: 33
- None: 328
Status:
- : 9
- Analyzed: 277
- Awaiting Analysis: 747
- Modified: 3
- Received: 170
- Rejected: 40
- Undergoing Analysis: 92
Top CNAs:
- Patchstack: 334
- GitHub, Inc.: 170
- VulDB: 164
- Wordfence: 148
- VulnCheck: 145
- MITRE: 53
- kernel.org: 33
- IBM Corporation: 33
- Fortinet, Inc.: 25
- Zero Day Initiative: 20
Top Affected Products:
- UNKNOWN: 1037
- Comodo Dome Firewall: 29
- Gfi Mailessentials: 18
- Smoothwall Express: 17
- Openclaw: 16
- Invoiceplane: 11
- Spip: 10
- Nvidia Nemo: 10
- Mjdm Majordomo: 8
- Ibm Concert: 7
Top EPSS Score:
- CVE-2026-22769 - 28.78 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22769)
- CVE-2026-2033 - 10.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2033)
- CVE-2019-25441 - 2.65 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25441)
- CVE-2026-2426 - 1.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2426)
- CVE-2026-2533 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2533)
- CVE-2026-2544 - 1.28 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2544)
- CVE-2026-2041 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2041)
- CVE-2026-2042 - 1.25 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2042)
- CVE-2026-2635 - 1.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2635)
- CVE-2026-2548 - 1.06 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2548)
updated 2026-02-11T15:31:25
1 posts
10 repos
https://github.com/hackfaiz/CVE-2026-20841-PoC
https://github.com/RajaUzairAbdullah/CVE-2026-20841
https://github.com/uky007/CVE-2026-20841_notepad_analysis
https://github.com/EleniChristopoulou/PoC-CVE-2026-20841
https://github.com/atiilla/CVE-2026-20841
https://github.com/tangent65536/CVE-2026-20841
https://github.com/BTtea/CVE-2026-20841-PoC
https://github.com/dogukankurnaz/CVE-2026-20841-PoC
CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad - The TrendAI Research team takes a deep dive into this recently patched file parsing bug to show you root cause, source code walk through, and provide detection guidance. Read the details at https://www.zerodayinitiative.com/blog/2026/2/19/cve-2026-20841-arbitrary-code-execution-in-the-windows-notepad
##updated 2026-02-06T16:45:15.323000
1 posts
1 repos
Rapid weaponization of SmarterMail flaws exposed through underground Telegram channels. Just days after CVE-2026-24423 and CVE-2026-23760 were disclosed, exploit PoCs and stolen admin credentials were shared among these communities, highlighting the urgent need for...
Read more: https://steelefortress.com/dlk923
##updated 2026-01-27T18:33:14
1 posts
2 repos
https://github.com/MaxMnMl/smartermail-CVE-2026-23760-poc
https://github.com/hilwa24/CVE-2026-23760_SmarterMail-Auth-Bypass-and-RCE
Rapid weaponization of SmarterMail flaws exposed through underground Telegram channels. Just days after CVE-2026-24423 and CVE-2026-23760 were disclosed, exploit PoCs and stolen admin credentials were shared among these communities, highlighting the urgent need for...
Read more: https://steelefortress.com/dlk923
##updated 2025-11-11T09:30:36
1 posts
"OX Security discovered a vulnerability (CVE-2025-65716) in Markdown Preview Enhanced that enables a crafted Markdown file to execute JavaScript in the Markdown preview, allowing local port enumeration and exfiltration to an attacker-controlled server."
https://www.ox.security/blog/cve-2025-65716-markdown-preview-enhanced-vscode-vulnerability/
##updated 2025-10-22T00:32:28
1 posts
Here's the good read of the day, more interesting part is the exploitation tricks at the end of the post https://soez.github.io/posts/CVE-2022-22265-Samsung-npu-driver/ by @javierprtd
##updated 2025-05-16T03:30:44
2 posts
#OT #Advisory VDE-2026-007
TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability
The TRUMPF product versions listed below include a Wibu CodeMeter component that is vulnerable to a privilege escalation vulnerability through the CodeMeter installer on Windows.
#CVE CVE-2025-47809
https://certvde.com/en/advisories/vde-2026-007/
#CSAF https://trumpf.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-007.json
###OT #Advisory VDE-2026-007
TRUMPF: Multiple products affected by Wibu CodeMeter vulnerability
The TRUMPF product versions listed below include a Wibu CodeMeter component that is vulnerable to a privilege escalation vulnerability through the CodeMeter installer on Windows.
#CVE CVE-2025-47809
https://certvde.com/en/advisories/vde-2026-007/
#CSAF https://trumpf.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-007.json
##updated 2025-05-13T18:31:00
1 posts
1 repos
https://github.com/SafeBreach-Labs/EventLogin-CVE-2025-29969
Discovery & Analysis of CVE-2025-29969 https://www.safebreach.com/blog/safebreach_labs_discovers_cve-2025-29969/
##updated 2024-01-27T05:05:43
1 posts
🔴 CVE-2026-27574 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm module (explicitly documented as not a security mechanism) to execute user-supplied code, a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27574/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##BigBlueButton on < 3.0.22 with two new CVEs today: CVE-2026-27466 & CVE-2026-27467
Feel free to use the AI slop analyses (Gemini for student with free API configured).. Hecate is a prototype app for my master thesis
##🟠 CVE-2026-27479 - High (7.7)
Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery (SSRF) vulnerability in the subscription and payment logo/icon upload functionality. The application validates th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27479/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27464 - High (7.7)
Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase instance, including database access credentials. Du...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27464/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27470 - High (8.8)
ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvent...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27470/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🛡️ CRITICAL: CVE-2026-27452 in JonathanWilbur asn1-ts (<=11.0.5) — Decoding INTEGERs may leak ArrayBuffer, exposing sensitive data. Upgrade to 11.0.6 urgently. Details: https://radar.offseq.com/threat/cve-2026-27452-cwe-200-exposure-of-sensitive-infor-d39700d7 #OffSeq #Vulnerability #Security #CVE202627452
##🟠 CVE-2026-27134 - High (8.1)
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27134/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27134 - High (8.1)
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27134/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26286 - High (8.5)
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.16.0, a Server-Side Request Forgery (SSRF...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26286/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27114 - High (7.5)
NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular `NextOffset` chains cause an infinite loop in the ROMFS archive parser. Version 6.0.1630.0 patches the issue.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27114/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24891 - High (7.5)
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26065 - High (8.8)
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26065/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26065 - High (8.8)
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26065/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL vuln: calibre <9.3.0 (CVE-2026-26065) allows arbitrary file writes via path traversal in PDB reader. Risks: code execution, DoS. Patch to 9.3.0+ ASAP! No known exploits yet. https://radar.offseq.com/threat/cve-2026-26065-cwe-22-improper-limitation-of-a-pat-53326093 #OffSeq #Vuln #Calibre #InfoSec
##1 posts
3 repos
https://github.com/BimBoxH4/CVE-2025-66039_CVE-2025-61675_CVE-2025-61678_reePBX
#FreePBX is a popular open-source IP PBX management tool. @FreePBX manages #VoIP communications & requires high availability & relatively open access, making it a very attractive target for threat actors. It now has serious CVE vulns. HT @PicusSecurity https://cybersec.picussecurity.com/s/critical-freepbx-vulnerabilities-cve-2025-66039-cve-2025-61675-cve-2025-61675-25485
##1 posts
3 repos
https://github.com/BimBoxH4/CVE-2025-66039_CVE-2025-61675_CVE-2025-61678_reePBX
#FreePBX is a popular open-source IP PBX management tool. @FreePBX manages #VoIP communications & requires high availability & relatively open access, making it a very attractive target for threat actors. It now has serious CVE vulns. HT @PicusSecurity https://cybersec.picussecurity.com/s/critical-freepbx-vulnerabilities-cve-2025-66039-cve-2025-61675-cve-2025-61675-25485
##🎵 CVE-2026-26975: HIGH severity RCE in Music Assistant server <2.7.0. Unauthenticated attackers can write arbitrary files via playlist update API — root compromise possible if running as root. Upgrade to 2.7.0+ now! https://radar.offseq.com/threat/cve-2026-26975-cwe-73-external-control-of-file-nam-f0001b29 #OffSeq #Vuln #RCE #MusicAssistant
##🟠 CVE-2026-26975 - High (8.8)
Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26975/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26202 - High (7.5)
Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path (e.g. `/etc/passwd`) as a font data chunk in the `create...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26202/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##