| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-8679 | 7.5 | 0.00% | 4 | 0 | 2026-05-22T09:16:32.887000 | The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Re | |
| CVE-2026-45250 | 7.8 | 0.02% | 4 | 1 | 2026-05-22T08:16:14.847000 | The setcred(2) system call is only available to privileged users. However, befo | |
| CVE-2026-9018 | 8.8 | 0.00% | 2 | 0 | 2026-05-22T06:31:44 | The Easy Elements for Elementor – Addons & Website Templates plugin for WordPres | |
| CVE-2026-4834 | 7.5 | 0.00% | 2 | 0 | 2026-05-22T06:31:44 | The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'sear | |
| CVE-2026-41054 | 7.8 | 0.01% | 1 | 0 | 2026-05-22T04:16:24.770000 | In `src/havegecmd.c`, the `socket_handler` function performs a credential check | |
| CVE-2026-34908 | 10.0 | 0.00% | 4 | 0 | 2026-05-22T03:30:33 | A malicious actor with access to the network could exploit an Improper Access Co | |
| CVE-2026-9264 | 0 | 0.00% | 2 | 0 | 2026-05-22T02:16:35.073000 | A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components | |
| CVE-2026-34911 | 7.7 | 0.00% | 2 | 0 | 2026-05-22T02:16:34.667000 | A malicious actor with access to the network and low privileges could exploit a | |
| CVE-2026-34910 | 10.0 | 0.00% | 4 | 0 | 2026-05-22T02:16:34.527000 | A malicious actor with access to the network could exploit an Improper Input Val | |
| CVE-2026-34909 | 10.0 | 0.00% | 4 | 0 | 2026-05-22T02:16:34.390000 | A malicious actor with access to the network could exploit a Path Traversal vuln | |
| CVE-2026-33000 | 9.1 | 0.00% | 4 | 0 | 2026-05-22T02:16:33.933000 | A malicious actor with access to the network and high privileges could exploit a | |
| CVE-2026-46473 | 7.5 | 0.00% | 4 | 0 | 2026-05-22T00:32:19 | Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secret | |
| CVE-2026-6960 | 9.8 | 0.00% | 4 | 0 | 2026-05-21T22:16:48.643000 | The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file upload | |
| CVE-2026-28764 | 7.8 | 0.01% | 1 | 0 | 2026-05-21T21:31:36 | MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerabil | |
| CVE-2026-47114 | 8.8 | 0.00% | 2 | 0 | 2026-05-21T21:30:35 | IINA before 1.4.3 contains a user-assisted command execution vulnerability that | |
| CVE-2026-47102 | 8.8 | 0.00% | 2 | 0 | 2026-05-21T21:16:32.557000 | LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /us | |
| CVE-2026-47101 | 8.8 | 0.00% | 2 | 0 | 2026-05-21T21:16:32.413000 | LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API key | |
| CVE-2026-34926 | 6.7 | 0.00% | 9 | 1 | 2026-05-21T20:16:14.027000 | A directory traversal vulnerability in the Apex One (on-premise) server could al | |
| CVE-2025-34291 | 8.8 | 9.49% | 5 | 1 | 2026-05-21T20:16:13.520000 | Langflow versions up to and including 1.6.9 contain a chained vulnerability that | |
| CVE-2026-24216 | 7.8 | 0.06% | 1 | 0 | 2026-05-21T20:08:32.900000 | NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a des | |
| CVE-2026-4858 | 8.0 | 0.03% | 1 | 0 | 2026-05-21T19:43:31.373000 | Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11. | |
| CVE-2026-20239 | 7.5 | 0.02% | 1 | 0 | 2026-05-21T19:42:21.353000 | In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform | |
| CVE-2026-48207 | 9.8 | 0.00% | 4 | 0 | 2026-05-21T19:16:53.700000 | Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializ | |
| CVE-2026-39531 | 9.3 | 0.00% | 1 | 0 | 2026-05-21T19:10:36.607000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-9089 | 8.8 | 0.00% | 1 | 0 | 2026-05-21T19:10:21.527000 | The ConnectWise Automate™ Agent does not fully verify the authenticity of compon | |
| CVE-2026-48235 | 8.2 | 0.00% | 1 | 0 | 2026-05-21T19:10:12.323000 | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/r | |
| CVE-2026-48242 | 8.1 | 0.00% | 1 | 0 | 2026-05-21T19:10:12.323000 | Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection cre | |
| CVE-2026-45251 | 7.8 | 0.02% | 2 | 0 | 2026-05-21T19:01:22.710000 | A file descriptor can be closed while a thread is blocked in a poll(2) or select | |
| CVE-2026-45253 | 8.4 | 0.02% | 2 | 0 | 2026-05-21T19:01:01.833000 | ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) a | |
| CVE-2026-8631 | 9.8 | 0.02% | 1 | 0 | 2026-05-21T18:58:41.297000 | A potential security vulnerability has been identified in the HP Linux Imaging a | |
| CVE-2026-48241 | 8.1 | 0.00% | 2 | 0 | 2026-05-21T18:33:15 | Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in | |
| CVE-2026-43494 | None | 0.02% | 2 | 0 | 2026-05-21T18:33:09 | In the Linux kernel, the following vulnerability has been resolved: net/rds: re | |
| CVE-2026-47783 | 8.1 | 0.05% | 1 | 0 | 2026-05-21T17:06:40.670000 | In memcached before 1.6.42, username data for SASL password database authenticat | |
| CVE-2026-47784 | 8.1 | 0.05% | 1 | 0 | 2026-05-21T17:06:33.240000 | In memcached before 1.6.42, password data for SASL password database authenticat | |
| CVE-2026-9111 | 8.8 | 0.02% | 1 | 0 | 2026-05-21T16:56:46.883000 | Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allow | |
| CVE-2026-9114 | 8.8 | 0.03% | 1 | 0 | 2026-05-21T16:56:26.853000 | Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a rem | |
| CVE-2026-9118 | 8.8 | 0.03% | 1 | 0 | 2026-05-21T16:45:19.020000 | Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed | |
| CVE-2026-9119 | 8.8 | 0.02% | 1 | 0 | 2026-05-21T16:44:34.153000 | Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allow | |
| CVE-2026-9123 | 7.5 | 0.00% | 1 | 0 | 2026-05-21T16:31:56.420000 | Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS | |
| CVE-2026-9126 | 8.8 | 0.03% | 1 | 0 | 2026-05-21T16:23:01.260000 | Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remo | |
| CVE-2026-47372 | 9.1 | 0.01% | 2 | 0 | 2026-05-21T16:04:53.813000 | Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values | |
| CVE-2026-23734 | 0 | 0.04% | 1 | 0 | 2026-05-21T16:04:53.813000 | XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10. | |
| CVE-2026-33137 | 0 | 0.04% | 1 | 0 | 2026-05-21T16:04:53.813000 | XWiki Platform is a generic wiki platform offering runtime services for applicat | |
| CVE-2026-40092 | 7.5 | 0.06% | 1 | 0 | 2026-05-21T16:04:53.813000 | nimiq-blockchain provides persistent block storage for Nimiq's Rust implementati | |
| CVE-2026-0393 | 0 | 0.05% | 1 | 0 | 2026-05-21T16:04:33.830000 | The affected product may expose credentials remotely between low privileged visu | |
| CVE-2026-45255 | 7.5 | 0.03% | 2 | 0 | 2026-05-21T15:35:16 | When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, the | |
| CVE-2025-71217 | 7.8 | 0.00% | 2 | 0 | 2026-05-21T15:34:18 | An origin validation error vulnerability in the Trend Micro Apex One (mac) agent | |
| CVE-2025-71214 | 7.8 | 0.00% | 2 | 0 | 2026-05-21T15:34:18 | An origin validation error vulnerability in the Trend Micro Apex One (mac) agent | |
| CVE-2026-34927 | 7.8 | 0.00% | 8 | 0 | 2026-05-21T15:34:18 | An origin validation vulnerability in the Apex One/SEP agent could allow a local | |
| CVE-2026-45207 | 7.8 | 0.00% | 3 | 0 | 2026-05-21T15:34:18 | An origin validation vulnerability in the Apex One/SEP agent could allow a local | |
| CVE-2026-45206 | 7.8 | 0.00% | 3 | 0 | 2026-05-21T15:34:18 | An origin validation vulnerability in the Apex One/SEP agent could allow a local | |
| CVE-2025-71211 | 9.8 | 0.00% | 2 | 0 | 2026-05-21T15:34:17 | A vulnerability in the Trend Micro Apex One management console could allow a rem | |
| CVE-2025-13479 | 7.5 | 0.00% | 2 | 0 | 2026-05-21T15:34:17 | Authorization bypass through User-Controlled key vulnerability in PosCube Hardwa | |
| CVE-2026-42001 | 7.5 | 0.02% | 1 | 0 | 2026-05-21T15:27:51.530000 | Insufficient Validation of Autoprimary SOA Queries | |
| CVE-2026-2740 | 8.4 | 0.00% | 2 | 0 | 2026-05-21T15:26:35.653000 | Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus | |
| CVE-2026-24188 | 8.2 | 0.04% | 1 | 0 | 2026-05-21T15:26:35.653000 | NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of | |
| CVE-2026-9157 | 8.4 | 0.02% | 2 | 0 | 2026-05-21T15:24:25.330000 | Improper input validation, Unrestricted upload of file with dangerous type vulne | |
| CVE-2026-9082 | 6.5 | 0.01% | 4 | 5 | 2026-05-21T15:24:25.330000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-39405 | 0 | 0.05% | 1 | 0 | 2026-05-21T15:24:25.330000 | Frappe Learning Management System (LMS) is a learning system that helps users st | |
| CVE-2026-39310 | 8.6 | 0.06% | 1 | 0 | 2026-05-21T15:24:25.330000 | Trilium Notes is a cross-platform, hierarchical note taking application focused | |
| CVE-2026-40165 | 8.7 | 0.02% | 1 | 0 | 2026-05-21T15:24:25.330000 | authentik is an open-source identity provider. Versions 2025.12.4 and prior, and | |
| CVE-2026-9133 | 7.7 | 0.02% | 1 | 0 | 2026-05-21T15:24:25.330000 | Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before ve | |
| CVE-2026-44052 | 7.5 | 0.03% | 2 | 0 | 2026-05-21T15:20:19.040000 | Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output | |
| CVE-2026-44051 | 8.1 | 0.04% | 2 | 0 | 2026-05-21T15:20:19.040000 | An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows | |
| CVE-2026-44050 | 9.9 | 0.14% | 2 | 0 | 2026-05-21T15:20:19.040000 | A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk | |
| CVE-2026-44049 | 7.5 | 0.19% | 2 | 0 | 2026-05-21T15:20:19.040000 | An out-of-bounds write due to improper null termination in convert_charset() in | |
| CVE-2026-44048 | 8.8 | 0.14% | 2 | 0 | 2026-05-21T15:20:19.040000 | A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in N | |
| CVE-2026-44055 | 7.5 | 0.23% | 2 | 0 | 2026-05-21T15:20:19.040000 | A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 al | |
| CVE-2026-5118 | 9.8 | 0.00% | 4 | 4 | 2026-05-21T15:19:30.540000 | The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation | |
| CVE-2026-6279 | 9.8 | 0.10% | 2 | 0 | 2026-05-21T15:19:30.540000 | The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthe | |
| CVE-2026-45444 | 10.0 | 0.04% | 1 | 0 | 2026-05-21T15:19:30.540000 | Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift | |
| CVE-2026-9139 | 9.8 | 0.13% | 2 | 0 | 2026-05-21T15:17:59.850000 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded crede | |
| CVE-2026-9141 | 9.8 | 0.22% | 2 | 0 | 2026-05-21T15:17:59.850000 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication | |
| CVE-2026-9144 | 7.6 | 0.04% | 1 | 0 | 2026-05-21T15:17:59.850000 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-sit | |
| CVE-2025-71216 | 7.8 | 0.00% | 2 | 0 | 2026-05-21T15:16:22.037000 | A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agen | |
| CVE-2025-71213 | 7.8 | 0.00% | 2 | 0 | 2026-05-21T15:05:28.023000 | An origin validation error vulnerability in Trend Micro Apex One could allow a l | |
| CVE-2025-71212 | 7.8 | 0.00% | 2 | 0 | 2026-05-21T15:05:28.023000 | A link following vulnerability in the Trend Micro Apex One scan engine could all | |
| CVE-2025-71210 | 9.8 | 0.00% | 4 | 0 | 2026-05-21T15:05:28.023000 | A vulnerability in the Trend Micro Apex One management console could allow a rem | |
| CVE-2026-34930 | 7.8 | 0.00% | 2 | 0 | 2026-05-21T15:05:28.023000 | An origin validation vulnerability in the Apex One/SEP agent could allow a local | |
| CVE-2026-34929 | 7.8 | 0.00% | 2 | 0 | 2026-05-21T15:05:28.023000 | An origin validation vulnerability in the Apex One/SEP agent could allow a local | |
| CVE-2026-34928 | 7.8 | 0.00% | 2 | 0 | 2026-05-21T15:05:28.023000 | An origin validation vulnerability in the Apex One/SEP agent could allow a local | |
| CVE-2026-45208 | 7.8 | 0.00% | 2 | 0 | 2026-05-21T15:05:28.023000 | A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow | |
| CVE-2026-46333 | 7.1 | 0.01% | 9 | 4 | 2026-05-21T14:16:48.910000 | In the Linux kernel, the following vulnerability has been resolved: ptrace: sli | |
| CVE-2008-4250 | 9.8 | 93.62% | 2 | 4 | 2026-05-21T12:57:17.353000 | The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP | |
| CVE-2009-1537 | 8.8 | 74.07% | 2 | 0 | 2026-05-21T12:57:12.850000 | Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in | |
| CVE-2010-0806 | 8.8 | 88.22% | 2 | 0 | 2026-05-21T12:57:10.303000 | Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in | |
| CVE-2010-0249 | 8.8 | 88.64% | 3 | 0 | 2026-05-21T12:57:01.463000 | Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 o | |
| CVE-2009-3459 | 8.8 | 90.52% | 2 | 0 | 2026-05-21T12:56:49.133000 | Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x bef | |
| CVE-2026-5433 | 9.1 | 0.26% | 2 | 0 | 2026-05-21T09:32:17 | Honeywell Control Network Module (CNM) contains command injection vulnerability | |
| CVE-2026-44062 | 7.5 | 0.19% | 2 | 0 | 2026-05-21T09:32:16 | A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 t | |
| CVE-2026-44068 | 7.6 | 0.11% | 2 | 0 | 2026-05-21T09:32:16 | Incomplete sanitization of extended attribute (EA) path components in Netatalk 2 | |
| CVE-2026-44060 | 7.5 | 0.08% | 2 | 0 | 2026-05-21T09:32:10 | An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a | |
| CVE-2026-44047 | 8.8 | 0.08% | 2 | 0 | 2026-05-21T09:32:09 | An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 throu | |
| CVE-2026-42959 | 7.5 | 0.04% | 1 | 0 | 2026-05-21T00:31:30 | NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vu | |
| CVE-2026-44390 | 5.3 | 0.04% | 1 | 0 | 2026-05-21T00:31:30 | NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when h | |
| CVE-2026-33278 | 9.8 | 0.24% | 2 | 0 | 2026-05-21T00:31:30 | NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability | |
| CVE-2026-41292 | 7.5 | 0.06% | 1 | 0 | 2026-05-21T00:30:27 | NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degrada | |
| CVE-2026-44608 | 5.9 | 0.04% | 1 | 0 | 2026-05-20T22:52:48.303000 | NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking incon | |
| CVE-2026-42960 | 10.0 | 0.02% | 1 | 0 | 2026-05-20T22:51:43.680000 | NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning | |
| CVE-2026-42944 | 7.5 | 0.04% | 1 | 0 | 2026-05-20T22:50:49.877000 | NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability | |
| CVE-2026-42923 | 5.3 | 0.04% | 1 | 0 | 2026-05-20T22:50:35.780000 | NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the | |
| CVE-2026-42534 | 5.3 | 0.03% | 1 | 0 | 2026-05-20T22:50:00.157000 | NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the | |
| CVE-2026-32792 | 5.3 | 0.04% | 1 | 0 | 2026-05-20T22:44:09.940000 | NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of serv | |
| CVE-2026-9120 | 8.8 | 0.03% | 1 | 0 | 2026-05-20T21:31:40 | Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remo | |
| CVE-2026-9117 | 7.5 | 0.02% | 1 | 0 | 2026-05-20T21:31:40 | Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.17 | |
| CVE-2026-9121 | 8.8 | 0.02% | 1 | 0 | 2026-05-20T21:31:40 | Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a | |
| CVE-2026-9112 | 8.8 | 0.03% | 1 | 0 | 2026-05-20T21:31:39 | Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowe | |
| CVE-2026-41091 | 7.8 | 12.10% | 6 | 1 | 2026-05-20T19:06:36.850000 | Improper link resolution before file access ('link following') in Microsoft Defe | |
| CVE-2026-45584 | 8.1 | 0.04% | 3 | 1 | 2026-05-20T18:56:32.350000 | Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker | |
| CVE-2026-45498 | 4.0 | 2.27% | 5 | 0 | 2026-05-20T18:31:35 | Microsoft Defender Denial of Service Vulnerability | |
| CVE-2026-24207 | 9.8 | 0.10% | 1 | 0 | 2026-05-20T17:30:43.320000 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could | |
| CVE-2026-20223 | 10.0 | 0.05% | 8 | 1 | 2026-05-20T17:30:40.450000 | A vulnerability in the access validation of internal REST APIs of Cisco Sec | |
| CVE-2026-8598 | 9.1 | 0.05% | 1 | 0 | 2026-05-20T17:30:40.450000 | An undocumented configuration export port is accessible on some models of ZKTec | |
| CVE-2026-40622 | None | 0.02% | 1 | 0 | 2026-05-20T15:35:29 | NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability | |
| CVE-2026-45585 | 6.8 | 0.09% | 5 | 2 | 2026-05-20T15:35:28 | Microsoft is aware of a security feature bypass vulnerability in Windows publicl | |
| CVE-2026-9064 | 7.5 | 0.08% | 1 | 0 | 2026-05-20T14:02:12.280000 | A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in | |
| CVE-2026-44933 | 7.8 | 0.01% | 1 | 0 | 2026-05-20T14:01:24.027000 | `PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this ro | |
| CVE-2026-9065 | 0 | 0.03% | 1 | 0 | 2026-05-20T14:01:24.027000 | SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection vi | |
| CVE-2026-9059 | 0 | 0.03% | 1 | 0 | 2026-05-20T14:01:24.027000 | NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injec | |
| CVE-2026-5200 | 8.8 | 0.04% | 1 | 0 | 2026-05-20T13:54:54.890000 | The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution | |
| CVE-2026-8953 | 9.6 | 0.04% | 1 | 0 | 2026-05-19T18:45:32.087000 | Sandbox escape due to use-after-free in the Disability Access APIs component. Th | |
| CVE-2026-6068 | 6.5 | 0.12% | 1 | 0 | 2026-05-19T15:31:21 | NASM contains a heap use after free vulnerability in response file (-@) processi | |
| CVE-2026-45829 | 0 | 0.14% | 1 | 2 | 2026-05-19T14:16:46.977000 | A pre-authentication, code injection vulnerability in version 1.0.0 or later of | |
| CVE-2020-17103 | 7.0 | 0.33% | 1 | 4 | 2026-05-18T13:16:28.530000 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |
| CVE-2026-42897 | 8.1 | 10.03% | 1 | 1 | 2026-05-15T19:35:52.963000 | Improper neutralization of input during web page generation ('cross-site scripti | |
| CVE-2026-42945 | 8.1 | 0.27% | 3 | 28 | 2026-05-14T21:30:40 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_mo | |
| CVE-2026-44578 | 8.6 | 4.48% | 1 | 7 | template | 2026-05-14T18:34:38.530000 | Next.js is a React framework for building full-stack web applications. From 13.4 |
| CVE-2026-40369 | 7.8 | 0.02% | 4 | 2 | 2026-05-14T17:52:50.143000 | Untrusted pointer dereference in Windows Kernel allows an authorized attacker to | |
| CVE-2026-0265 | 0 | 0.06% | 1 | 1 | 2026-05-13T18:17:47.830000 | An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software en | |
| CVE-2026-28910 | 3.3 | 0.01% | 1 | 0 | 2026-05-13T14:02:20.380000 | This issue was addressed with improved permissions checking. This issue is fixed | |
| CVE-2026-0300 | 9.8 | 14.43% | 1 | 9 | 2026-05-12T18:47:21.360000 | A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Capti | |
| CVE-2026-1502 | None | 0.07% | 4 | 0 | 2026-05-10T21:30:22 | CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host. | |
| CVE-2026-34474 | 7.5 | 0.05% | 1 | 1 | 2026-05-07T15:15:06.770000 | Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A | |
| CVE-2026-5140 | 8.8 | 0.06% | 3 | 0 | 2026-05-04T14:16:35.190000 | Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TU | |
| CVE-2013-0422 | 9.8 | 93.61% | 1 | 0 | 2026-04-21T19:02:35.430000 | Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attacker | |
| CVE-2024-12802 | 9.1 | 0.06% | 5 | 0 | 2026-04-15T00:35:42.020000 | SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the s | |
| CVE-2025-6919 | 9.8 | 0.04% | 1 | 1 | 2026-04-15T00:35:42.020000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-34472 | 7.1 | 0.15% | 1 | 1 | 2026-04-08T16:05:42.877000 | Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A | |
| CVE-2026-3102 | 6.3 | 0.26% | 6 | 2 | 2026-02-26T21:32:34 | A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affe | |
| CVE-2026-26980 | 9.4 | 54.31% | 4 | 3 | 2026-02-20T19:22:53.637000 | Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 all | |
| CVE-2024-9643 | 9.8 | 19.09% | 1 | 0 | 2025-09-19T19:33:43.980000 | The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authenticatio | |
| CVE-2024-45337 | 9.1 | 30.30% | 1 | 4 | 2025-01-31T15:30:44 | Applications and libraries which misuse the ServerConfig.PublicKeyCallback callb | |
| CVE-2010-5139 | None | 0.32% | 1 | 0 | 2023-02-01T05:07:57 | Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers | |
| CVE-2021-25740 | 3.1 | 0.51% | 1 | 0 | 2023-02-01T05:06:20 | A security issue was discovered with Kubernetes that could enable users to send | |
| CVE-2026-25606 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-9011 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-46300 | 0 | 0.00% | 2 | 8 | N/A | ||
| CVE-2026-47243 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-0001 | 0 | 0.00% | 1 | 2 | N/A | ||
| CVE-2026-47746 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-46712 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-46714 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-48115 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-46713 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-4294 | 0 | 0.00% | 1 | 25 | N/A |
updated 2026-05-22T09:16:32.887000
4 posts
🟠 CVE-2026-8679 - High (7.5)
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle_playlist_endpoint() function (hooked to template_redirect) accepting a user-controlled playl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8679/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔈 CVE-2026-8679 (HIGH): AudioIgniter Music Player plugin ≤2.0.2 lets unauthenticated attackers access any playlist's metadata — including private & draft tracks — via insecure playlist ID handling. Restrict access & monitor for patches. https://radar.offseq.com/threat/cve-2026-8679-cwe-639-authorization-bypass-through-07a73ddb #OffSeq #WordPress #Vuln
##🟠 CVE-2026-8679 - High (7.5)
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle_playlist_endpoint() function (hooked to template_redirect) accepting a user-controlled playl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8679/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔈 CVE-2026-8679 (HIGH): AudioIgniter Music Player plugin ≤2.0.2 lets unauthenticated attackers access any playlist's metadata — including private & draft tracks — via insecure playlist ID handling. Restrict access & monitor for patches. https://radar.offseq.com/threat/cve-2026-8679-cwe-639-authorization-bypass-through-07a73ddb #OffSeq #WordPress #Vuln
##updated 2026-05-22T08:16:14.847000
4 posts
1 repos
🟠 CVE-2026-45250 - High (7.8)
The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validatin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45250 - High (7.8)
The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validatin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##"No way to prevent this" say users of only language where this regularly happens
https://xeiaso.net/shitposts/no-way-to-prevent-this/CVE-2026-45250/
"No way to prevent this" say u...
"No way to prevent this" say users of only language where this regularly happens
##updated 2026-05-22T06:31:44
2 posts
🟠 CVE-2026-9018 - High (8.8)
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the `easyel_handle_register()` function. This is due to the `wp_ajax_nopriv_e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9018/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-9018 - High (8.8)
The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the `easyel_handle_register()` function. This is due to the `wp_ajax_nopriv_e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9018/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-22T06:31:44
2 posts
🟠 CVE-2026-4834 - High (7.5)
The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4834/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4834 - High (7.5)
The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in all versions up to, and including, 1.5.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4834/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-22T04:16:24.770000
1 posts
🟠 CVE-2026-41054 - High (7.8)
In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowle...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41054/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-22T03:30:33
4 posts
🚨 CVE-2026-34908 (CVSS 10.0): Ubiquiti UniFi OS Server has a critical improper access control flaw, allowing unauthenticated remote compromise. No patch yet — restrict network access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-34908-cwe-284-improper-access-control-gen-70db5de1 #OffSeq #UniFi #Vuln #BlueTeam
##🔴 CVE-2026-34908 - Critical (10)
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34908/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-34908 (CVSS 10.0): Ubiquiti UniFi OS Server has a critical improper access control flaw, allowing unauthenticated remote compromise. No patch yet — restrict network access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-34908-cwe-284-improper-access-control-gen-70db5de1 #OffSeq #UniFi #Vuln #BlueTeam
##🔴 CVE-2026-34908 - Critical (10)
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34908/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-22T02:16:35.073000
2 posts
⚠️ CRITICAL: CVE-2026-9264 in Trimble SketchUp 2026 allows RCE & file exfiltration via malicious SKP files (Dynamic Components, IE11 browser). No patch yet. Avoid untrusted SKP files. More: https://radar.offseq.com/threat/cve-2026-9264-cwe-94-improper-control-of-generatio-9d9e29a0 #OffSeq #SketchUp #Vuln #InfoSec
##⚠️ CRITICAL: CVE-2026-9264 in Trimble SketchUp 2026 allows RCE & file exfiltration via malicious SKP files (Dynamic Components, IE11 browser). No patch yet. Avoid untrusted SKP files. More: https://radar.offseq.com/threat/cve-2026-9264-cwe-94-improper-control-of-generatio-9d9e29a0 #OffSeq #SketchUp #Vuln #InfoSec
##updated 2026-05-22T02:16:34.667000
2 posts
🟠 CVE-2026-34911 - High (7.7)
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34911/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34911 - High (7.7)
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34911/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-22T02:16:34.527000
4 posts
🚨 CVE-2026-34910: CRITICAL improper input validation in Ubiquiti UniFi OS Server allows unauthenticated command injection (CVSS 10.0). No patch yet. Restrict network access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-34910-cwe-20-improper-input-validation-in-54cb0e00 #OffSeq #Vuln #Ubiquiti #Infosec
##🔴 CVE-2026-34910 - Critical (10)
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-34910: CRITICAL improper input validation in Ubiquiti UniFi OS Server allows unauthenticated command injection (CVSS 10.0). No patch yet. Restrict network access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-34910-cwe-20-improper-input-validation-in-54cb0e00 #OffSeq #Vuln #Ubiquiti #Infosec
##🔴 CVE-2026-34910 - Critical (10)
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-22T02:16:34.390000
4 posts
🔒 CRITICAL: CVE-2026-34909 - Path Traversal in Ubiquiti UniFi OS Server (CVSS 10). Allows arbitrary file access & manipulation. No patch yet — restrict access & monitor! Details: https://radar.offseq.com/threat/cve-2026-34909-cwe-22-path-traversal-in-ubiquiti-i-4d93b8c5 #OffSeq #UniFi #Vuln #BlueTeam
##🔴 CVE-2026-34909 - Critical (10)
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34909/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔒 CRITICAL: CVE-2026-34909 - Path Traversal in Ubiquiti UniFi OS Server (CVSS 10). Allows arbitrary file access & manipulation. No patch yet — restrict access & monitor! Details: https://radar.offseq.com/threat/cve-2026-34909-cwe-22-path-traversal-in-ubiquiti-i-4d93b8c5 #OffSeq #UniFi #Vuln #BlueTeam
##🔴 CVE-2026-34909 - Critical (10)
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34909/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-22T02:16:33.933000
4 posts
🔴 CVE-2026-33000 - Critical (9.1)
A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33000/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-33000 (CVSS 9.1): Ubiquiti UniFi OS Server has a critical improper input validation flaw. High-privileged attackers on the network can execute command injection. Mitigation steps not published yet. Stay tuned: https://radar.offseq.com/threat/cve-2026-33000-cwe-20-improper-input-validation-in-983d26ac #OffSeq #Infosec #UniFiOS
##🔴 CVE-2026-33000 - Critical (9.1)
A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33000/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-33000 (CVSS 9.1): Ubiquiti UniFi OS Server has a critical improper input validation flaw. High-privileged attackers on the network can execute command injection. Mitigation steps not published yet. Stay tuned: https://radar.offseq.com/threat/cve-2026-33000-cwe-20-improper-input-validation-in-983d26ac #OffSeq #Infosec #UniFiOS
##updated 2026-05-22T00:32:19
4 posts
🚩 HIGH severity: CVE-2026-46473 in Authen::TOTP (<0.1.1, Perl) — secrets generated with rand are predictable, weakening TOTP security. Upgrade to 0.1.1+ when possible. More: https://radar.offseq.com/threat/cve-2026-46473-cwe-331-insufficient-entropy-in-tch-3d3628d8 #OffSeq #Vulnerability #Perl #MFA #CVE202646473
##🟠 CVE-2026-46473 - High (7.5)
Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand.
Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-46473/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚩 HIGH severity: CVE-2026-46473 in Authen::TOTP (<0.1.1, Perl) — secrets generated with rand are predictable, weakening TOTP security. Upgrade to 0.1.1+ when possible. More: https://radar.offseq.com/threat/cve-2026-46473-cwe-331-insufficient-entropy-in-tch-3d3628d8 #OffSeq #Vulnerability #Perl #MFA #CVE202646473
##🟠 CVE-2026-46473 - High (7.5)
Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand.
Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-46473/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T22:16:48.643000
4 posts
🔴 CVE-2026-6960 - Critical (9.8)
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in all versions up to, and including, 5.6. This makes it poss...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6960/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CRITICAL: CVE-2026-6960 in BookingPress Appointment Booking Pro (≤5.6) allows unauthenticated file uploads — risk of RCE! Remove signature fields & monitor uploads. No patch yet — stay vigilant. https://radar.offseq.com/threat/cve-2026-6960-cwe-434-unrestricted-upload-of-file--eb314579 #OffSeq #WordPress #Vulnerability #CyberAlert
##🔴 CVE-2026-6960 - Critical (9.8)
The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in all versions up to, and including, 5.6. This makes it poss...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6960/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CRITICAL: CVE-2026-6960 in BookingPress Appointment Booking Pro (≤5.6) allows unauthenticated file uploads — risk of RCE! Remove signature fields & monitor uploads. No patch yet — stay vigilant. https://radar.offseq.com/threat/cve-2026-6960-cwe-434-unrestricted-upload-of-file--eb314579 #OffSeq #WordPress #Vulnerability #CyberAlert
##updated 2026-05-21T21:31:36
1 posts
🟠 CVE-2026-28764 - High (7.8)
MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28764/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T21:30:35
2 posts
🟠 CVE-2026-47114 - High (8.8)
IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the iina://open custom URL scheme handler. Attacker...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47114/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-47114 - High (8.8)
IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the iina://open custom URL scheme handler. Attacker...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47114/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T21:16:32.557000
2 posts
🟠 CVE-2026-47102 - High (8.8)
LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47102/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-47102 - High (8.8)
LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47102/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T21:16:32.413000
2 posts
🟠 CVE-2026-47101 - High (8.8)
LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall wit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-47101 - High (8.8)
LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall wit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47101/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T20:16:14.027000
9 posts
1 repos
Trend Micro Patches Actively Exploited Directory Traversal in Apex One
Trend Micro patched eight vulnerabilities in Apex One and Vision One, including a directory traversal flaw (CVE-2026-34926) that is exploited in the wild to inject malicious code into security agents.
**If you're using Trend Micro Apex One (on-premise) or Vision One, you are under attack. Immediately update to the patched versions (SP1 CP Build 18012 / SP1 Build 17079 for on-premise, or agent build 14.0.20731+ for cloud) since one of its flaws is actively exploited to push malware through your own security tools. Even if the exploited flaw requires authentication, obviously that is not difficult to obtain for hackers.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/trend-micro-patches-actively-exploited-directory-traversal-in-apex-one-r-u-9-l-z/gD2P6Ple2L
CISA Flags Actively Exploited Langflow, Trend Micro Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on two major vulnerabilities, CVE-2025-34291 and CVE-2026-34926, currently being exploited by hackers, and is requiring federal agencies to patch them by June 4, 2026. These weaknesses, found in Langflow and Trend Micro Apex One, could…
#KnownExploitedVulnerabilities #Cve202534291 #Cve202634926 #Langflow #TrendMicro
##🟡 New security advisory:
CVE-2026-34926 affects multiple systems.
• Impact: Security weakness that could be exploited
• Risk: Potential for targeted attacks
• Mitigation: Schedule patching in your next maintenance window
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-34926-apex-one-dir-traversal-exploited-in-wild
🚨 [CISA-2026:0521] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0521)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-34291 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-34291)
- Name: Langflow Origin Validation Error Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Langflow
- Product: Langflow
- Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/langflow-ai/langflow ; https://github.com/langflow-ai/langflow/releases/tag/v1.9.3; https://github.com/langflow-ai/langflow/issues/11465#event-25774545848 ; https://nvd.nist.gov/vuln/detail/CVE-2025-34291
⚠️ CVE-2026-34926 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34926)
- Name: Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Trend Micro
- Product: Apex One
- Notes: https://success.trendmicro.com/en-US/solution/KA-0023430 ; https://nvd.nist.gov/vuln/detail/CVE-2026-34926
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260521 #cisa20260521 #cve_2025_34291 #cve_2026_34926 #cve202534291 #cve202634926
##CVE ID: CVE-2026-34926
Vendor: Trend Micro
Product: Apex One
Date Added: 2026-05-21
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-34926
Trend Micro Patches Actively Exploited Directory Traversal in Apex One
Trend Micro patched eight vulnerabilities in Apex One and Vision One, including a directory traversal flaw (CVE-2026-34926) that is exploited in the wild to inject malicious code into security agents.
**If you're using Trend Micro Apex One (on-premise) or Vision One, you are under attack. Immediately update to the patched versions (SP1 CP Build 18012 / SP1 Build 17079 for on-premise, or agent build 14.0.20731+ for cloud) since one of its flaws is actively exploited to push malware through your own security tools. Even if the exploited flaw requires authentication, obviously that is not difficult to obtain for hackers.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/trend-micro-patches-actively-exploited-directory-traversal-in-apex-one-r-u-9-l-z/gD2P6Ple2L
🚨 [CISA-2026:0521] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0521)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-34291 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-34291)
- Name: Langflow Origin Validation Error Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Langflow
- Product: Langflow
- Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/langflow-ai/langflow ; https://github.com/langflow-ai/langflow/releases/tag/v1.9.3; https://github.com/langflow-ai/langflow/issues/11465#event-25774545848 ; https://nvd.nist.gov/vuln/detail/CVE-2025-34291
⚠️ CVE-2026-34926 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34926)
- Name: Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Trend Micro
- Product: Apex One
- Notes: https://success.trendmicro.com/en-US/solution/KA-0023430 ; https://nvd.nist.gov/vuln/detail/CVE-2026-34926
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260521 #cisa20260521 #cve_2025_34291 #cve_2026_34926 #cve202534291 #cve202634926
##CVE ID: CVE-2026-34926
Vendor: Trend Micro
Product: Apex One
Date Added: 2026-05-21
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-34926
EITW ../ in Trend Micro Apex One. :brdAlert:
https://success.trendmicro.com/en-US/solution/KA-0023430
CVE-2026-34926
##TrendAI has released updates to Apex One (on-premise), Apex One as a Service and Vision One - Standard Endpoint Protection (SEP) to resolve multiple vulnerabilities.
updated 2026-05-21T20:16:13.520000
5 posts
1 repos
https://github.com/amnnrth/CVE-2025-34291_cors_security_scanner
CISA Flags Actively Exploited Langflow, Trend Micro Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on two major vulnerabilities, CVE-2025-34291 and CVE-2026-34926, currently being exploited by hackers, and is requiring federal agencies to patch them by June 4, 2026. These weaknesses, found in Langflow and Trend Micro Apex One, could…
#KnownExploitedVulnerabilities #Cve202534291 #Cve202634926 #Langflow #TrendMicro
##🚨 [CISA-2026:0521] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0521)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-34291 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-34291)
- Name: Langflow Origin Validation Error Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Langflow
- Product: Langflow
- Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/langflow-ai/langflow ; https://github.com/langflow-ai/langflow/releases/tag/v1.9.3; https://github.com/langflow-ai/langflow/issues/11465#event-25774545848 ; https://nvd.nist.gov/vuln/detail/CVE-2025-34291
⚠️ CVE-2026-34926 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34926)
- Name: Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Trend Micro
- Product: Apex One
- Notes: https://success.trendmicro.com/en-US/solution/KA-0023430 ; https://nvd.nist.gov/vuln/detail/CVE-2026-34926
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260521 #cisa20260521 #cve_2025_34291 #cve_2026_34926 #cve202534291 #cve202634926
##CVE ID: CVE-2025-34291
Vendor: Langflow
Product: Langflow
Date Added: 2026-05-21
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-34291
🚨 [CISA-2026:0521] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0521)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-34291 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-34291)
- Name: Langflow Origin Validation Error Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Langflow
- Product: Langflow
- Notes: This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/langflow-ai/langflow ; https://github.com/langflow-ai/langflow/releases/tag/v1.9.3; https://github.com/langflow-ai/langflow/issues/11465#event-25774545848 ; https://nvd.nist.gov/vuln/detail/CVE-2025-34291
⚠️ CVE-2026-34926 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34926)
- Name: Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Trend Micro
- Product: Apex One
- Notes: https://success.trendmicro.com/en-US/solution/KA-0023430 ; https://nvd.nist.gov/vuln/detail/CVE-2026-34926
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260521 #cisa20260521 #cve_2025_34291 #cve_2026_34926 #cve202534291 #cve202634926
##CVE ID: CVE-2025-34291
Vendor: Langflow
Product: Langflow
Date Added: 2026-05-21
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-34291
updated 2026-05-21T20:08:32.900000
1 posts
🟠 CVE-2026-24216 - High (7.8)
NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24216/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T19:43:31.373000
1 posts
🟠 CVE-2026-4858 - High (8)
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path traversal which allows an malicious authenticated user to call an arbitrary API via system admin Matt...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4858/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T19:42:21.353000
1 posts
🟠 CVE-2026-20239 - High (7.5)
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and r...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20239/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T19:16:53.700000
4 posts
🚨 CRITICAL: CVE-2026-48207 in Apache Fory <1.0.0 — Deserialization flaw in PyFory ReduceSerializer bypasses DeserializationPolicy, risking RCE if strict mode is off. Upgrade to 1.0.0+ ASAP! https://radar.offseq.com/threat/cve-2026-48207-cwe-502-deserialization-of-untruste-97a80f2c #OffSeq #CVE202648207 #Vulnerability #ApacheFory
##🔴 CVE-2026-48207 - Critical (9.8)
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deseri...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48207/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-48207 in Apache Fory <1.0.0 — Deserialization flaw in PyFory ReduceSerializer bypasses DeserializationPolicy, risking RCE if strict mode is off. Upgrade to 1.0.0+ ASAP! https://radar.offseq.com/threat/cve-2026-48207-cwe-502-deserialization-of-untruste-97a80f2c #OffSeq #CVE202648207 #Vulnerability #ApacheFory
##🔴 CVE-2026-48207 - Critical (9.8)
Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deseri...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48207/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T19:10:36.607000
1 posts
🔴 CVE-2026-39531 - Critical (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection.
This issue affects WP Directory Kit: from n/a through 1.5.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39531/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T19:10:21.527000
1 posts
🟠 CVE-2026-9089 - High (8.8)
The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9089/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T19:10:12.323000
1 posts
🟠 CVE-2026-48235 - High (8.2)
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses (InstaMapper and G...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48235/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T19:10:12.323000
1 posts
🚨 CRITICAL: CVE-2026-48242 in Open ISES Tickets <3.44.2 — Hardcoded MySQL creds in public code could enable unauthorized DB access. No patch yet. Rotate creds & review deployments immediately. https://radar.offseq.com/threat/cve-2026-48242-use-of-hard-coded-credentials-in-op-348559d8 #OffSeq #Vulnerability #InfoSec #CVE202648242
##updated 2026-05-21T19:01:22.710000
2 posts
🟠 CVE-2026-45251 - High (7.8)
A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45251/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45251 - High (7.8)
A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45251/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T19:01:01.833000
2 posts
🟠 CVE-2026-45253 - High (8.4)
ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target proc...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45253/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45253 - High (8.4)
ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target proc...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45253/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T18:58:41.297000
1 posts
🚨 CVE-2026-8631: Critical heap buffer overflow in HP Linux Imaging & Printing Software (CVSS 9.3). Remote, unauthenticated code execution possible. No patch yet — restrict print service access & monitor jobs. Details: https://radar.offseq.com/threat/cve-2026-8631-cwe-122-heap-based-buffer-overflow-i-d4679b19 #OffSeq #Vulnerability #HP
##updated 2026-05-21T18:33:15
2 posts
🚨 CRITICAL: Open ISES Tickets <3.44.2 has hardcoded MySQL creds in loader.php (CVE-2026-48241), exposing DBs to attack if reachable. Restrict file & DB access, rotate creds now. No official fix yet. https://radar.offseq.com/threat/cve-2026-48241-use-of-hard-coded-credentials-in-op-e794805b #OffSeq #Vulnerability #MySQL #AppSec
##🟠 CVE-2026-48241 - High (8.1)
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to the public source tree (or an unauthenticated atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-48241/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T18:33:09
2 posts
updated 2026-05-21T17:06:40.670000
1 posts
🟠 CVE-2026-47783 - High (8.1)
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47783/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T17:06:33.240000
1 posts
🟠 CVE-2026-47784 - High (8.1)
In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47784/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T16:56:46.883000
1 posts
🟠 CVE-2026-9111 - High (8.8)
Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9111/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T16:56:26.853000
1 posts
🟠 CVE-2026-9114 - High (8.8)
Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9114/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T16:45:19.020000
1 posts
🟠 CVE-2026-9118 - High (8.8)
Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9118/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T16:44:34.153000
1 posts
🟠 CVE-2026-9119 - High (8.8)
Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9119/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T16:31:56.420000
1 posts
🟠 CVE-2026-9123 - High (7.5)
Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T16:23:01.260000
1 posts
🟠 CVE-2026-9126 - High (8.8)
Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9126/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T16:04:53.813000
2 posts
🔴 CVE-2026-47372 - Critical (9.1)
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.
These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47372/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-47372 - Critical (9.1)
Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.
These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-47372/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T16:04:53.813000
1 posts
⚠️ CRITICAL: CVE-2026-23734 in XWiki Platform (xwiki-commons) allows unauthenticated path traversal — attackers can read config files via crafted 'resource' parameters. Patch to 18.1.0-rc-1, 17.10.3, 17.4.9, or 16.10.17+ now! https://radar.offseq.com/threat/cve-2026-23734-cwe-23-relative-path-traversal-in-x-16518aab #OffSeq #xwiki #vuln
##updated 2026-05-21T16:04:53.813000
1 posts
🚨 CRITICAL: CVE-2026-33137 impacts XWiki Platform (<16.10.17, <17.4.9, <17.10.3, <18.1.0-rc-1). Unauthenticated users can create/modify documents via missing auth on POST /wikis/{wikiName}. Patch now! https://radar.offseq.com/threat/cve-2026-33137-cwe-862-missing-authorization-in-xw-b0399ab5 #OffSeq #XWiki #CVE #Infosec
##updated 2026-05-21T16:04:53.813000
1 posts
🟠 CVE-2026-40092 - High (7.5)
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record wou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40092/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T16:04:33.830000
1 posts
#OT #Advisory VDE-2026-052
CODESYS Visualization - Insufficiently Protected Credentials
A vulnerability in the CODESYS Visualization login dialog has been identified. During logins within the CODESYS Visualization, authentication data may not be sufficiently isolated when multiple users perform login operations concurrently.
#CVE CVE-2026-0393
https://certvde.com/en/advisories/vde-2026-052/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-07_vde-2026-052.json
##updated 2026-05-21T15:35:16
2 posts
🟠 CVE-2026-45255 - High (7.5)
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented using a shell script, and the code which handled n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45255/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45255 - High (7.5)
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented using a shell script, and the code which handled n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45255/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:34:18
2 posts
🟠 CVE-2025-71217 - High (7.8)
An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71217/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-71217 - High (7.8)
An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71217/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:34:18
2 posts
🟠 CVE-2025-71214 - High (7.8)
An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-71214 - High (7.8)
An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:34:18
8 posts
🟠 CVE-2026-34930 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism.
Please note: an ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34930/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34929 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism.
Please ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34929/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34928 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism.
Please not...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34928/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34927 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34927/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34930 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism.
Please note: an ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34930/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34929 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism.
Please ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34929/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34928 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism.
Please not...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34928/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34927 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34927/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:34:18
3 posts
🟠 CVE-2026-45206 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism.
Pl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45206/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45206 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism.
Pl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45206/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45207 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism.
Pl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45207/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:34:18
3 posts
🟠 CVE-2026-45206 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism.
Pl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45206/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45206 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism.
Pl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45206/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45207 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism.
Pl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45207/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:34:17
2 posts
🔴 CVE-2025-71211 - Critical (9.8)
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71211/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-71211 - Critical (9.8)
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71211/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:34:17
2 posts
🟠 CVE-2025-13479 - High (7.5)
Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers.
This issue affects QR Menu: through 21052026. NOTE: The vendor was contacted earl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13479/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-13479 - High (7.5)
Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers.
This issue affects QR Menu: through 21052026. NOTE: The vendor was contacted earl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13479/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:27:51.530000
1 posts
🟠 CVE-2026-42001 - High (7.5)
Insufficient Validation of Autoprimary SOA Queries
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-42001/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:26:35.653000
2 posts
🟠 CVE-2026-2740 - High (8.4)
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2740/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2740 - High (8.4)
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due to the bug in the 3rd party dependency.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2740/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:26:35.653000
1 posts
🟠 CVE-2026-24188 - High (8.2)
NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to data tampering.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24188/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:24:25.330000
2 posts
🟠 CVE-2026-9157 - High (8.4)
Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion.
This issue affects Web Fax: from 3.0 before 3.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9157/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-9157 - High (8.4)
Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion.
This issue affects Web Fax: from 3.0 before 3.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9157/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:24:25.330000
4 posts
5 repos
https://github.com/ywh-jfellus/CVE-2026-9082
https://github.com/7h30th3r0n3/CVE-2026-9082-Drupal-PoC
https://github.com/lysophavin18/cve-2026-9082
🛡️ Drupal corregge una falla SQL: aggiornare subito è la miglior difesa, perché gli exploit potrebbero arrivare a breve. #Drupal #CyberSecurity
🔗 https://www.tomshw.it/hardware/drupal-cve-2026-9082-sql-injection-postgresql
##🚨 Drupal sites using PostgreSQL face a highly critical SQL injection vuln (CVE-2026-9082), risking RCE & data exposure. Patch versions 11.3, 11.2, 10.6, 10.5.x ASAP. Update Symfony & Twig too. No active exploitation yet. https://radar.offseq.com/threat/drupal-patches-highly-critical-vulnerability-expos-a1486e66 #OffSeq #Drupal #SQLInjection #Infosec
##Drupal – CVE-2026-9082 : cette faille critique de type injection SQL menace les sites Web https://www.it-connect.fr/drupal-cve-2026-9082-cette-faille-critique-de-type-injection-sql-menace-les-sites-web/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Web
##Si votre CMS est un #Drupal, ou si vous connaissez quelqu’un qui administre un site Drupal : c’est le moment de vérifier la version.
La faille CVE-2026-9082 touche Drupal Core avec base PostgreSQL : injection SQL critique, exploitable sans compte, pouvant mener à fuite de données, élévation de privilèges voire RCE selon le contexte.
À corriger en priorité :
Drupal 10.5 → 10.5.10
Drupal 10.6 → 10.6.9
Drupal 11.2 → 11.2.12
Drupal 11.3 → 11.3.10
MySQL/MariaDB ne semblent pas concernés par cette SQLi, mais les mises à jour incluent aussi Symfony/Twig : patch recommandé pour tout le monde.
👇
https://www.drupal.org/sa-core-2026-004
"Drupal – CVE-2026-9082 : cette faille critique de type injection SQL menace les sites Web"
👇
https://www.it-connect.fr/drupal-cve-2026-9082-cette-faille-critique-de-type-injection-sql-menace-les-sites-web/
🔍 (à noter la diff entre estimation LLM VLAI et attribution CVSS officielle en Medium)
👇
https://vulnerability.circl.lu/vuln/CVE-2026-9082
💬
⬇️
https://infosec.pub/
updated 2026-05-21T15:24:25.330000
1 posts
⚠️ CRITICAL: Frappe LMS <2.50.1 is vulnerable (CVE-2026-39405, CVSS 9.4). Path traversal lets course editors write files outside restricted dirs via SCORM ZIP upload. Upgrade to 2.50.1 ASAP! https://radar.offseq.com/threat/cve-2026-39405-cwe-22-improper-limitation-of-a-pat-fc462187 #OffSeq #infosec #vuln #FrappeLMS
##updated 2026-05-21T15:24:25.330000
1 posts
🟠 CVE-2026-39310 - High (8.6)
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop (v0.101.3) allows full authentication bypass when running...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39310/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:24:25.330000
1 posts
🟠 CVE-2026-40165 - High (8.7)
authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypass through SAML NameID XML Comment Injection. Due to how authentik extracted the NameID v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40165/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:24:25.330000
1 posts
🟠 CVE-2026-9133 - High (7.7)
Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform ar...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9133/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:20:19.040000
2 posts
🟠 CVE-2026-44052 - High (7.5)
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44052/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-44052 - High (7.5)
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44052/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:20:19.040000
2 posts
🟠 CVE-2026-44051 - High (8.1)
An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44051/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-44051 - High (8.1)
An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite arbitrary files via attacker-controlled symlink creation.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44051/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:20:19.040000
2 posts
🔴 CVE-2026-44050 - Critical (9.9)
A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44050/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-44050 - Critical (9.9)
A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44050/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:20:19.040000
2 posts
🟠 CVE-2026-44049 - High (7.5)
An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44049/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-44049 - High (7.5)
An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character data.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44049/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:20:19.040000
2 posts
🟠 CVE-2026-44048 - High (8.8)
A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-44048 - High (8.8)
A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:20:19.040000
2 posts
🟠 CVE-2026-44055 - High (7.5)
A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44055/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-44055 - High (7.5)
A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execute arbitrary code.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44055/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:19:30.540000
4 posts
4 repos
https://github.com/Yucaerin/CVE-2026-5118
https://github.com/Jenderal92/CVE-2026-5118
🔴 CVE-2026-5118 - Critical (9.8)
The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without valida...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5118/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-5118 - Critical (9.8)
The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without valida...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5118/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔥 CRITICAL vuln in Divi Form Builder (≤5.1.2) — improper privilege management lets attackers create admin accounts via role parameter abuse. Restrict registration & watch for patches! CVE-2026-5118 https://radar.offseq.com/threat/cve-2026-5118-cwe-269-improper-privilege-managemen-c310b7ad #OffSeq #WordPress #CVE20265118 #Infosec
##🚨 CRITICAL: CVE-2026-5118 in Divi Form Builder (≤5.1.2) lets unauth'd users gain admin privileges via unvalidated 'role' parameter. Disable registration & monitor for patches! https://radar.offseq.com/threat/cve-2026-5118-cwe-269-improper-privilege-managemen-c310b7ad #OffSeq #WordPress #PrivilegeEscalation #Vuln
##updated 2026-05-21T15:19:30.540000
2 posts
🚨 CRITICAL: Avada (Fusion) Builder ≤3.15.2 has unauth RCE bug (CVE-2026-6279). Attackers can run PHP via exposed AJAX endpoint. Disable plugin or restrict access ASAP. Patch status: unconfirmed. https://radar.offseq.com/threat/cve-2026-6279-cwe-74-improper-neutralization-of-sp-f70da2f6 #OffSeq #WordPress #CVE20266279 #infosec
##🔴 CVE-2026-6279 - Critical (9.8)
The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function Injection in versions up to and including 3.15.2. This is due to the `wp_conditional_tags` case in `Fusion_Builder_Cond...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6279/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:19:30.540000
1 posts
🔴 CVE-2026-45444 - Critical (10)
Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious Files.
This issue affects Gift Cards For WooCommerce Pro: from n/a through 4.2.6.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45444/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:17:59.850000
2 posts
🔐 CVE-2026-9139: Taiko AG1000-01A SMS Alert Gateway (Revs 7.3, 8, UM-AG1000_R7.2) has a CRITICAL flaw (CVSS 9.8) — hard-coded admin creds in client JS. No patch yet. Restrict access, isolate device, monitor closely. https://radar.offseq.com/threat/cve-2026-9139-cwe-798-use-of-hard-coded-credential-8aa594cc #OffSeq #Vulnerability #CVE20269139
##🔴 CVE-2026-9139 - Critical (9.8)
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9139/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:17:59.850000
2 posts
🚨 CVE-2026-9141 (CRITICAL, CVSS 9.8): Taiko AG1000-01A SMS Alert Gateway web config lets unauthenticated attackers get full admin rights. No patch available — restrict access & monitor now. https://radar.offseq.com/threat/cve-2026-9141-cwe-306-missing-authentication-for-c-ffd85a83 #OffSeq #CVE #IoTSecurity #Vuln
##🔴 CVE-2026-9141 - Critical (9.8)
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated attackers to access internal application pages without any session managem...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9141/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:17:59.850000
1 posts
🟠 CVE-2026-9144 - High (7.6)
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious pay...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9144/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:16:22.037000
2 posts
🟠 CVE-2025-71216 - High (7.8)
A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71216/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-71216 - High (7.8)
A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute l...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71216/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:05:28.023000
2 posts
🟠 CVE-2025-71213 - High (7.8)
An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71213/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-71213 - High (7.8)
An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71213/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:05:28.023000
2 posts
🟠 CVE-2025-71212 - High (7.8)
A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71212/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-71212 - High (7.8)
A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71212/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:05:28.023000
4 posts
🔴 CVE-2025-71211 - Critical (9.8)
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71211/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-71210 - Critical (9.8)
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations.
Please note: although this vulnerability carries a technical critical CVSS rat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71210/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-71211 - Critical (9.8)
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71211/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-71210 - Critical (9.8)
A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations.
Please note: although this vulnerability carries a technical critical CVSS rat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71210/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:05:28.023000
2 posts
🟠 CVE-2026-34930 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism.
Please note: an ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34930/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34930 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism.
Please note: an ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34930/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:05:28.023000
2 posts
🟠 CVE-2026-34929 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism.
Please ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34929/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34929 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism.
Please ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34929/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:05:28.023000
2 posts
🟠 CVE-2026-34928 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism.
Please not...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34928/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-34928 - High (7.8)
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism.
Please not...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34928/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T15:05:28.023000
2 posts
🟠 CVE-2026-45208 - High (7.8)
A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45208/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-45208 - High (7.8)
A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-45208/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T14:16:48.910000
9 posts
4 repos
https://github.com/KaraZajac/CHARON
https://github.com/Aurillium/public-passwd
A newly disclosed Linux kernel vulnerability, tracked as CVE-2026-46333, went unnoticed for nearly nine years.
Researchers from Qualys Threat Research Unit say the vulnerability could allow attackers to steal sensitive information, including SSH private keys, and run arbitrary commands with root-level privileges on affected systems.
##Logic bug in the #Linux kernel's __ptrace_may_access() function
(CVE-2026-46333)
https://cdn2.qualys.com/advisory/2026/05/20/cve-2026-46333-ptrace.txt
##Logic bug in the Linux kernel's __ptrace_may_access() function (CVE-2026-46333) https://lobste.rs/s/nwdn3w #linux #security
https://cdn2.qualys.com/advisory/2026/05/20/cve-2026-46333-ptrace.txt
Qualys has published their full write-up of CVE-2026-46333: https://www.openwall.com/lists/oss-security/2026/05/20/15
This includes a PoC to full root via `accounts-daemon` demonstrated in Debian 13, Fedora Workstation 43/44, so goes well beyond the initial "you need a program that opens a given file and you get to read it" assumption.
##updated 2026-05-21T12:57:17.353000
2 posts
4 repos
https://github.com/thunderstrike9090/Conflicker_analysis_scripts
https://github.com/NoTrustedx/Exploit_MS08-067
🚨 [CISA-2026:0520] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0520)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2008-4250 (https://secdb.nttzen.cloud/cve/detail/CVE-2008-4250)
- Name: Microsoft Windows Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 ; https://nvd.nist.gov/vuln/detail/CVE-2008-4250
⚠️ CVE-2009-1537 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-1537)
- Name: Microsoft DirectX NULL Byte Overwrite Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: DirectX
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028 ; https://nvd.nist.gov/vuln/detail/CVE-2009-1537
⚠️ CVE-2009-3459 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-3459)
- Name: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://www.cisa.gov/news-events/alerts/2009/10/13/adobe-reader-and-acrobat-vulnerabilities ; https://web.archive.org/web/20120324170253/http://www.adobe.com/support/security/bulletins/apsb09-15.html#:~:text=CVE%2D2009%2D3459).-,NOTE%3A,-There%20are%20reports ; https://nvd.nist.gov/vuln/detail/CVE-2009-3459
⚠️ CVE-2010-0249 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0249)
- Name: Microsoft Internet Explorer Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Notes: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/979352 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0249
⚠️ CVE-2010-0806 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0806)
- Name: Microsoft Internet Explorer Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Notes: https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/981374 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0806
⚠️ CVE-2026-41091 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41091)
- Name: Microsoft Defender Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Defender
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41091
⚠️ CVE-2026-45498 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-45498)
- Name: Microsoft Defender Denial of Service Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Defender
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45498 ; https://nvd.nist.gov/vuln/detail/CVE-2026-45498
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260520 #cisa20260520 #cve_2008_4250 #cve_2009_1537 #cve_2009_3459 #cve_2010_0249 #cve_2010_0806 #cve_2026_41091 #cve_2026_45498 #cve20084250 #cve20091537 #cve20093459 #cve20100249 #cve20100806 #cve202641091 #cve202645498
##CVE ID: CVE-2008-4250
Vendor: Microsoft
Product: Windows
Date Added: 2026-05-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2008-4250
updated 2026-05-21T12:57:12.850000
2 posts
🚨 [CISA-2026:0520] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0520)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2008-4250 (https://secdb.nttzen.cloud/cve/detail/CVE-2008-4250)
- Name: Microsoft Windows Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 ; https://nvd.nist.gov/vuln/detail/CVE-2008-4250
⚠️ CVE-2009-1537 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-1537)
- Name: Microsoft DirectX NULL Byte Overwrite Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: DirectX
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028 ; https://nvd.nist.gov/vuln/detail/CVE-2009-1537
⚠️ CVE-2009-3459 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-3459)
- Name: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://www.cisa.gov/news-events/alerts/2009/10/13/adobe-reader-and-acrobat-vulnerabilities ; https://web.archive.org/web/20120324170253/http://www.adobe.com/support/security/bulletins/apsb09-15.html#:~:text=CVE%2D2009%2D3459).-,NOTE%3A,-There%20are%20reports ; https://nvd.nist.gov/vuln/detail/CVE-2009-3459
⚠️ CVE-2010-0249 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0249)
- Name: Microsoft Internet Explorer Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Notes: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/979352 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0249
⚠️ CVE-2010-0806 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0806)
- Name: Microsoft Internet Explorer Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Notes: https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/981374 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0806
⚠️ CVE-2026-41091 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41091)
- Name: Microsoft Defender Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Defender
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41091
⚠️ CVE-2026-45498 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-45498)
- Name: Microsoft Defender Denial of Service Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Defender
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45498 ; https://nvd.nist.gov/vuln/detail/CVE-2026-45498
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260520 #cisa20260520 #cve_2008_4250 #cve_2009_1537 #cve_2009_3459 #cve_2010_0249 #cve_2010_0806 #cve_2026_41091 #cve_2026_45498 #cve20084250 #cve20091537 #cve20093459 #cve20100249 #cve20100806 #cve202641091 #cve202645498
##CVE ID: CVE-2009-1537
Vendor: Microsoft
Product: DirectX
Date Added: 2026-05-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2009-1537
updated 2026-05-21T12:57:10.303000
2 posts
🚨 [CISA-2026:0520] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0520)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2008-4250 (https://secdb.nttzen.cloud/cve/detail/CVE-2008-4250)
- Name: Microsoft Windows Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 ; https://nvd.nist.gov/vuln/detail/CVE-2008-4250
⚠️ CVE-2009-1537 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-1537)
- Name: Microsoft DirectX NULL Byte Overwrite Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: DirectX
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028 ; https://nvd.nist.gov/vuln/detail/CVE-2009-1537
⚠️ CVE-2009-3459 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-3459)
- Name: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://www.cisa.gov/news-events/alerts/2009/10/13/adobe-reader-and-acrobat-vulnerabilities ; https://web.archive.org/web/20120324170253/http://www.adobe.com/support/security/bulletins/apsb09-15.html#:~:text=CVE%2D2009%2D3459).-,NOTE%3A,-There%20are%20reports ; https://nvd.nist.gov/vuln/detail/CVE-2009-3459
⚠️ CVE-2010-0249 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0249)
- Name: Microsoft Internet Explorer Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Notes: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/979352 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0249
⚠️ CVE-2010-0806 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0806)
- Name: Microsoft Internet Explorer Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Notes: https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/981374 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0806
⚠️ CVE-2026-41091 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41091)
- Name: Microsoft Defender Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Defender
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41091
⚠️ CVE-2026-45498 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-45498)
- Name: Microsoft Defender Denial of Service Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Defender
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45498 ; https://nvd.nist.gov/vuln/detail/CVE-2026-45498
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260520 #cisa20260520 #cve_2008_4250 #cve_2009_1537 #cve_2009_3459 #cve_2010_0249 #cve_2010_0806 #cve_2026_41091 #cve_2026_45498 #cve20084250 #cve20091537 #cve20093459 #cve20100249 #cve20100806 #cve202641091 #cve202645498
##CVE ID: CVE-2010-0806
Vendor: Microsoft
Product: Internet Explorer
Date Added: 2026-05-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2010-0806
updated 2026-05-21T12:57:01.463000
3 posts
🚨 [CISA-2026:0520] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0520)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2008-4250 (https://secdb.nttzen.cloud/cve/detail/CVE-2008-4250)
- Name: Microsoft Windows Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 ; https://nvd.nist.gov/vuln/detail/CVE-2008-4250
⚠️ CVE-2009-1537 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-1537)
- Name: Microsoft DirectX NULL Byte Overwrite Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: DirectX
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028 ; https://nvd.nist.gov/vuln/detail/CVE-2009-1537
⚠️ CVE-2009-3459 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-3459)
- Name: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://www.cisa.gov/news-events/alerts/2009/10/13/adobe-reader-and-acrobat-vulnerabilities ; https://web.archive.org/web/20120324170253/http://www.adobe.com/support/security/bulletins/apsb09-15.html#:~:text=CVE%2D2009%2D3459).-,NOTE%3A,-There%20are%20reports ; https://nvd.nist.gov/vuln/detail/CVE-2009-3459
⚠️ CVE-2010-0249 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0249)
- Name: Microsoft Internet Explorer Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Notes: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/979352 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0249
⚠️ CVE-2010-0806 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0806)
- Name: Microsoft Internet Explorer Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Notes: https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/981374 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0806
⚠️ CVE-2026-41091 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41091)
- Name: Microsoft Defender Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Defender
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41091
⚠️ CVE-2026-45498 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-45498)
- Name: Microsoft Defender Denial of Service Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Defender
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45498 ; https://nvd.nist.gov/vuln/detail/CVE-2026-45498
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260520 #cisa20260520 #cve_2008_4250 #cve_2009_1537 #cve_2009_3459 #cve_2010_0249 #cve_2010_0806 #cve_2026_41091 #cve_2026_45498 #cve20084250 #cve20091537 #cve20093459 #cve20100249 #cve20100806 #cve202641091 #cve202645498
##CVE ID: CVE-2010-0249
Vendor: Microsoft
Product: Internet Explorer
Date Added: 2026-05-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2010-0249
CVE ID: CVE-2010-0249
Vendor: Microsoft
Product: Internet Explorer
Date Added: 2026-06-03
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2010-0249
updated 2026-05-21T12:56:49.133000
2 posts
🚨 [CISA-2026:0520] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0520)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2008-4250 (https://secdb.nttzen.cloud/cve/detail/CVE-2008-4250)
- Name: Microsoft Windows Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 ; https://nvd.nist.gov/vuln/detail/CVE-2008-4250
⚠️ CVE-2009-1537 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-1537)
- Name: Microsoft DirectX NULL Byte Overwrite Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: DirectX
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028 ; https://nvd.nist.gov/vuln/detail/CVE-2009-1537
⚠️ CVE-2009-3459 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-3459)
- Name: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://www.cisa.gov/news-events/alerts/2009/10/13/adobe-reader-and-acrobat-vulnerabilities ; https://web.archive.org/web/20120324170253/http://www.adobe.com/support/security/bulletins/apsb09-15.html#:~:text=CVE%2D2009%2D3459).-,NOTE%3A,-There%20are%20reports ; https://nvd.nist.gov/vuln/detail/CVE-2009-3459
⚠️ CVE-2010-0249 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0249)
- Name: Microsoft Internet Explorer Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Notes: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/979352 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0249
⚠️ CVE-2010-0806 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0806)
- Name: Microsoft Internet Explorer Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Notes: https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/981374 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0806
⚠️ CVE-2026-41091 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41091)
- Name: Microsoft Defender Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Defender
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41091
⚠️ CVE-2026-45498 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-45498)
- Name: Microsoft Defender Denial of Service Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Defender
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45498 ; https://nvd.nist.gov/vuln/detail/CVE-2026-45498
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260520 #cisa20260520 #cve_2008_4250 #cve_2009_1537 #cve_2009_3459 #cve_2010_0249 #cve_2010_0806 #cve_2026_41091 #cve_2026_45498 #cve20084250 #cve20091537 #cve20093459 #cve20100249 #cve20100806 #cve202641091 #cve202645498
##CVE ID: CVE-2009-3459
Vendor: Adobe
Product: Acrobat and Reader
Date Added: 2026-05-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2009-3459
updated 2026-05-21T09:32:17
2 posts
🔴 CVE-2026-5433 - Critical (9.1)
Honeywell Control
Network Module (CNM) contains command injection vulnerability
in the web interface. An attacker could exploit this vulnerability via command
delimiters, potentially resulting in Remote Code Execution (RCE).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5433/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-5433 - Critical (9.1)
Honeywell Control
Network Module (CNM) contains command injection vulnerability
in the web interface. An attacker could exploit this vulnerability via command
delimiters, potentially resulting in Remote Code Execution (RCE).
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5433/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T09:32:16
2 posts
🟠 CVE-2026-44062 - High (7.5)
A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44062/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-44062 - High (7.5)
A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code or cause a denial of service via crafted character set data.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44062/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T09:32:16
2 posts
🟠 CVE-2026-44068 - High (7.6)
Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44068/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-44068 - High (7.6)
Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44068/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T09:32:10
2 posts
🟠 CVE-2026-44060 - High (7.5)
An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44060/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-44060 - High (7.5)
An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44060/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T09:32:09
2 posts
🟠 CVE-2026-44047 - High (8.8)
An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44047/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-44047 - High (8.8)
An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorized access to data, modify data, or cause a denial of service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44047/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-21T00:31:30
1 posts
🚨 SECURITY RELEASE 🚨
Today we released Unbound 1.25.1, which consolidates security fixes for issues reported over a period of time.
There are fixes for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390 and CVE-2026-44608.
Please read the release notes carefully and plan to upgrade.
#DNS #DNSSEC #Mythos #LLM #OpenSource
https://community.nlnetlabs.nl/t/unbound-1-25-1-released/3392
##updated 2026-05-21T00:31:30
1 posts
🚨 SECURITY RELEASE 🚨
Today we released Unbound 1.25.1, which consolidates security fixes for issues reported over a period of time.
There are fixes for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390 and CVE-2026-44608.
Please read the release notes carefully and plan to upgrade.
#DNS #DNSSEC #Mythos #LLM #OpenSource
https://community.nlnetlabs.nl/t/unbound-1-25-1-released/3392
##updated 2026-05-21T00:31:30
2 posts
🚨 SECURITY RELEASE 🚨
Today we released Unbound 1.25.1, which consolidates security fixes for issues reported over a period of time.
There are fixes for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390 and CVE-2026-44608.
Please read the release notes carefully and plan to upgrade.
#DNS #DNSSEC #Mythos #LLM #OpenSource
https://community.nlnetlabs.nl/t/unbound-1-25-1-released/3392
##🔥 CVE-2026-33278: Critical use-after-free in NLnet Labs Unbound (1.19.1 – 1.25.0). DNSSEC validator flaw can lead to DoS or RCE if attacker controls DNS zone. Patch: upgrade to 1.25.1. https://radar.offseq.com/threat/cve-2026-33278-cwe-416-use-after-free-in-nlnet-lab-c0de645d #OffSeq #DNSSEC #Vuln #Infosec
##updated 2026-05-21T00:30:27
1 posts
🚨 SECURITY RELEASE 🚨
Today we released Unbound 1.25.1, which consolidates security fixes for issues reported over a period of time.
There are fixes for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390 and CVE-2026-44608.
Please read the release notes carefully and plan to upgrade.
#DNS #DNSSEC #Mythos #LLM #OpenSource
https://community.nlnetlabs.nl/t/unbound-1-25-1-released/3392
##updated 2026-05-20T22:52:48.303000
1 posts
🚨 SECURITY RELEASE 🚨
Today we released Unbound 1.25.1, which consolidates security fixes for issues reported over a period of time.
There are fixes for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390 and CVE-2026-44608.
Please read the release notes carefully and plan to upgrade.
#DNS #DNSSEC #Mythos #LLM #OpenSource
https://community.nlnetlabs.nl/t/unbound-1-25-1-released/3392
##updated 2026-05-20T22:51:43.680000
1 posts
🚨 SECURITY RELEASE 🚨
Today we released Unbound 1.25.1, which consolidates security fixes for issues reported over a period of time.
There are fixes for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390 and CVE-2026-44608.
Please read the release notes carefully and plan to upgrade.
#DNS #DNSSEC #Mythos #LLM #OpenSource
https://community.nlnetlabs.nl/t/unbound-1-25-1-released/3392
##updated 2026-05-20T22:50:49.877000
1 posts
🚨 SECURITY RELEASE 🚨
Today we released Unbound 1.25.1, which consolidates security fixes for issues reported over a period of time.
There are fixes for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390 and CVE-2026-44608.
Please read the release notes carefully and plan to upgrade.
#DNS #DNSSEC #Mythos #LLM #OpenSource
https://community.nlnetlabs.nl/t/unbound-1-25-1-released/3392
##updated 2026-05-20T22:50:35.780000
1 posts
🚨 SECURITY RELEASE 🚨
Today we released Unbound 1.25.1, which consolidates security fixes for issues reported over a period of time.
There are fixes for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390 and CVE-2026-44608.
Please read the release notes carefully and plan to upgrade.
#DNS #DNSSEC #Mythos #LLM #OpenSource
https://community.nlnetlabs.nl/t/unbound-1-25-1-released/3392
##updated 2026-05-20T22:50:00.157000
1 posts
🚨 SECURITY RELEASE 🚨
Today we released Unbound 1.25.1, which consolidates security fixes for issues reported over a period of time.
There are fixes for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390 and CVE-2026-44608.
Please read the release notes carefully and plan to upgrade.
#DNS #DNSSEC #Mythos #LLM #OpenSource
https://community.nlnetlabs.nl/t/unbound-1-25-1-released/3392
##updated 2026-05-20T22:44:09.940000
1 posts
🚨 SECURITY RELEASE 🚨
Today we released Unbound 1.25.1, which consolidates security fixes for issues reported over a period of time.
There are fixes for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390 and CVE-2026-44608.
Please read the release notes carefully and plan to upgrade.
#DNS #DNSSEC #Mythos #LLM #OpenSource
https://community.nlnetlabs.nl/t/unbound-1-25-1-released/3392
##updated 2026-05-20T21:31:40
1 posts
🟠 CVE-2026-9120 - High (8.8)
Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9120/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-20T21:31:40
1 posts
🟠 CVE-2026-9117 - High (7.5)
Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9117/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-20T21:31:40
1 posts
🟠 CVE-2026-9121 - High (8.8)
Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-20T21:31:39
1 posts
🟠 CVE-2026-9112 - High (8.8)
Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-20T19:06:36.850000
6 posts
1 repos
Microsoft Patches Actively Exploited Defender Vulnerabilities Affecting Enterprise Systems
Microsoft has confirmed active exploitation of two security vulnerabilities in its security ecosystem, identified as CVE-2026-41091 and...
🔗️ [Thecyberexpress] https://link.is.it/oRM68F
##Microsoft warns of new Defender zero-days exploited in attacks
마이크로소프트가 Microsoft Defender의 두 가지 제로데이 취약점(CVE-2026-41091, CVE-2026-45498)에 대해 보안 패치를 배포했다. 첫 번째는 권한 상승 취약점이며, 두 번째는 서비스 거부(DoS) 공격을 유발할 수 있다. 미국 CISA는 이 취약점들이 실제 공격에 악용되고 있다며 연방 정부 기관에 6월 3일까지 긴급 패치를 적용할 것을 명령했다. 사용자는 자동 업데이트 설정을 확인해 최신 보안 패치가 적용되었는지 점검해야 한다.
##Microsoft Patches Actively Exploited Defender Vulnerabilities Affecting Enterprise Systems
Microsoft has confirmed active exploitation of two security vulnerabilities in its security ecosystem, identified as CVE-2026-41091 and...
🔗️ [Thecyberexpress] https://link.is.it/oRM68F
##Microsoft Patches Actively Exploited Defender Vulnerabilities
Microsoft and CISA confirmed active exploitation of vulnerabilities in Microsoft Defender, including a privilege escalation flaw (CVE-2026-41091) and a denial-of-service bug (CVE-2026-45498).
**Check that your Microsoft Defender engine version is 1.1.26040.8 or higher to ensure you are protected against these active exploits. While updates are usually automatic, manual verification is necessary for critical systems to confirm the patches were applied.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/microsoft-patches-actively-exploited-defender-vulnerabilities-0-b-g-y-f/gD2P6Ple2L
🚨 [CISA-2026:0520] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0520)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2008-4250 (https://secdb.nttzen.cloud/cve/detail/CVE-2008-4250)
- Name: Microsoft Windows Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 ; https://nvd.nist.gov/vuln/detail/CVE-2008-4250
⚠️ CVE-2009-1537 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-1537)
- Name: Microsoft DirectX NULL Byte Overwrite Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: DirectX
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028 ; https://nvd.nist.gov/vuln/detail/CVE-2009-1537
⚠️ CVE-2009-3459 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-3459)
- Name: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://www.cisa.gov/news-events/alerts/2009/10/13/adobe-reader-and-acrobat-vulnerabilities ; https://web.archive.org/web/20120324170253/http://www.adobe.com/support/security/bulletins/apsb09-15.html#:~:text=CVE%2D2009%2D3459).-,NOTE%3A,-There%20are%20reports ; https://nvd.nist.gov/vuln/detail/CVE-2009-3459
⚠️ CVE-2010-0249 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0249)
- Name: Microsoft Internet Explorer Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Notes: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/979352 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0249
⚠️ CVE-2010-0806 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0806)
- Name: Microsoft Internet Explorer Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Notes: https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/981374 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0806
⚠️ CVE-2026-41091 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41091)
- Name: Microsoft Defender Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Defender
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41091
⚠️ CVE-2026-45498 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-45498)
- Name: Microsoft Defender Denial of Service Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Defender
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45498 ; https://nvd.nist.gov/vuln/detail/CVE-2026-45498
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260520 #cisa20260520 #cve_2008_4250 #cve_2009_1537 #cve_2009_3459 #cve_2010_0249 #cve_2010_0806 #cve_2026_41091 #cve_2026_45498 #cve20084250 #cve20091537 #cve20093459 #cve20100249 #cve20100806 #cve202641091 #cve202645498
##CVE ID: CVE-2026-41091
Vendor: Microsoft
Product: Defender
Date Added: 2026-05-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-41091
updated 2026-05-20T18:56:32.350000
3 posts
1 repos
"No way to prevent this" say users of only language where this regularly happens
https://xeiaso.net/shitposts/no-way-to-prevent-this/CVE-2026-45584/
"No way to prevent this" say u...
"No way to prevent this" say users of only language where this regularly happens
##https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584
One job. You had one job.
##Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
updated 2026-05-20T18:31:35
5 posts
Microsoft warns of new Defender zero-days exploited in attacks
마이크로소프트가 Microsoft Defender의 두 가지 제로데이 취약점(CVE-2026-41091, CVE-2026-45498)에 대해 보안 패치를 배포했다. 첫 번째는 권한 상승 취약점이며, 두 번째는 서비스 거부(DoS) 공격을 유발할 수 있다. 미국 CISA는 이 취약점들이 실제 공격에 악용되고 있다며 연방 정부 기관에 6월 3일까지 긴급 패치를 적용할 것을 명령했다. 사용자는 자동 업데이트 설정을 확인해 최신 보안 패치가 적용되었는지 점검해야 한다.
##Microsoft Patches Actively Exploited Defender Vulnerabilities
Microsoft and CISA confirmed active exploitation of vulnerabilities in Microsoft Defender, including a privilege escalation flaw (CVE-2026-41091) and a denial-of-service bug (CVE-2026-45498).
**Check that your Microsoft Defender engine version is 1.1.26040.8 or higher to ensure you are protected against these active exploits. While updates are usually automatic, manual verification is necessary for critical systems to confirm the patches were applied.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/microsoft-patches-actively-exploited-defender-vulnerabilities-0-b-g-y-f/gD2P6Ple2L
🚨 [CISA-2026:0520] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0520)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2008-4250 (https://secdb.nttzen.cloud/cve/detail/CVE-2008-4250)
- Name: Microsoft Windows Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 ; https://nvd.nist.gov/vuln/detail/CVE-2008-4250
⚠️ CVE-2009-1537 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-1537)
- Name: Microsoft DirectX NULL Byte Overwrite Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: DirectX
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028 ; https://nvd.nist.gov/vuln/detail/CVE-2009-1537
⚠️ CVE-2009-3459 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-3459)
- Name: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://www.cisa.gov/news-events/alerts/2009/10/13/adobe-reader-and-acrobat-vulnerabilities ; https://web.archive.org/web/20120324170253/http://www.adobe.com/support/security/bulletins/apsb09-15.html#:~:text=CVE%2D2009%2D3459).-,NOTE%3A,-There%20are%20reports ; https://nvd.nist.gov/vuln/detail/CVE-2009-3459
⚠️ CVE-2010-0249 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0249)
- Name: Microsoft Internet Explorer Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Notes: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/979352 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0249
⚠️ CVE-2010-0806 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0806)
- Name: Microsoft Internet Explorer Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Internet Explorer
- Notes: https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/981374 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0806
⚠️ CVE-2026-41091 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41091)
- Name: Microsoft Defender Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Defender
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41091
⚠️ CVE-2026-45498 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-45498)
- Name: Microsoft Defender Denial of Service Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Defender
- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45498 ; https://nvd.nist.gov/vuln/detail/CVE-2026-45498
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260520 #cisa20260520 #cve_2008_4250 #cve_2009_1537 #cve_2009_3459 #cve_2010_0249 #cve_2010_0806 #cve_2026_41091 #cve_2026_45498 #cve20084250 #cve20091537 #cve20093459 #cve20100249 #cve20100806 #cve202641091 #cve202645498
##I thought there was a bug in EPSS since I couldn't see the score for CVE-2026-45498, but... it's just too new. Released today. Rare not-Patch-Tuesday CVE release for Microsoft. Wonder what's up.
(It's a Microsoft Defender DoS, which, sure, seems bad for an A/V thing, but... it's just DoS according to the CVE and KB.)
(Also the KB says there's no exploitation, but CISA KEV says otherwise... curiouser and curiouser.)
##CVE ID: CVE-2026-45498
Vendor: Microsoft
Product: Defender
Date Added: 2026-05-20
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-45498
updated 2026-05-20T17:30:43.320000
1 posts
NVIDIA Patches Critical Authentication Bypass in Triton Inference Server
NVIDIA patched eight vulnerabilities in its Triton Inference Server, including a critical authentication bypass (CVE-2026-24207) that allow unauthenticated remote attackers to execute code, steal data, or disrupt AI model serving operations.
**Make sure your NVIDIA Triton Inference Servers are isolated from the internet and accessible only from trusted networks. Then update all Triton Inference Servers to release r26.03 or later ASAP, especially if they are exposed on the internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/nvidia-patches-critical-authentication-bypass-in-triton-inference-server-p-g-a-8-j/gD2P6Ple2L
updated 2026-05-20T17:30:40.450000
8 posts
1 repos
Cisco Secure Workload Flaw CVE-2026-20223 Gets Maximum CVSS 10 Rating
Cisco has released security updates to fix a critical vulnerability, tracked as CVE-2026-20223, affecting its Cisco Secure Workload platform. The
🔗️ [Thecyberexpress] https://link.is.it/oVchv5
##Cisco Fixes API Flaw Enabling Unauth Data Access
Cisco has patched a critical API flaw that allowed hackers to access sensitive data without authentication, potentially leading to configuration changes with admin-level privileges. This vulnerability, tracked as CVE-2026-20223, highlights the importance of robust API security measures to prevent devastating breaches.
##Cisco Secure Workload Flaw CVE-2026-20223 Gets Maximum CVSS 10 Rating
Cisco has released security updates to fix a critical vulnerability, tracked as CVE-2026-20223, affecting its Cisco Secure Workload platform. The
🔗️ [Thecyberexpress] https://link.is.it/oVchv5
##Max severity #Cisco Secure Workload flaw gives Site #Admin privileges..Cisco has released security updates to address a maximum-severity Secure Workload #vulnerability that allows attackers to gain Site Admin privileges.Tracked as CVE-2026-20223, the security flaw was found in Secure Workload's internal REST APIs, and it enables unauthenticated attackers to access resources with the privileges of the Site Admin role.#cybersec #security #security #cyber #sec
##Cisco Patches Critical CVSS 10.0 Authentication Bypass in Secure Workload
Cisco patched a critical CVSS 10.0 vulnerability in Secure Workload that allows unauthenticated attackers to gain Site Admin privileges via crafted API calls. The flaw enables unauthorized data access and configuration changes across tenant boundaries in both SaaS and on-premises environments.
**Make sure your Cisco Secure Workload clusters are isolated from the internet and accessible only from trusted networks. If you run on-premises Cisco Secure Workload, immediately update to version 3.10.8.3 or 4.0.3.17 to patch CVE-2026-20223; if you're on versions 3.9 or older, plan a migration to a supported patched release since no direct updates are available.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisco-patches-critical-cvss-10-0-authentication-bypass-in-secure-workload-e-r-6-z-j/gD2P6Ple2L
deep narrator voice "it was a segmentation product that cannot segment"
##🔴 CVE-2026-20223 - Critical (10)
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role.
This vulnerability is due to ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20223/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##New Cisco advisories.
- CRITICAL: CVE-2026-20223: Cisco Secure Workload Unauthorized API Access Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy
- There are three more of medium severity: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #vulnerability #Cisco
##updated 2026-05-20T17:30:40.450000
1 posts
🔴 CVE-2026-8598 - Critical (9.1)
An undocumented configuration export port is accessible on some models
of ZKTeco CCTV cameras. This port does not require authentication and
exposes critical information about the camera such as open services and
camera account credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-8598/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-20T15:35:29
1 posts
🚨 SECURITY RELEASE 🚨
Today we released Unbound 1.25.1, which consolidates security fixes for issues reported over a period of time.
There are fixes for CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390 and CVE-2026-44608.
Please read the release notes carefully and plan to upgrade.
#DNS #DNSSEC #Mythos #LLM #OpenSource
https://community.nlnetlabs.nl/t/unbound-1-25-1-released/3392
##updated 2026-05-20T15:35:28
5 posts
2 repos
Microsoft Issues Emergency Mitigation for YellowKey BitLocker Bypass
Microsoft released emergency mitigations for a BitLocker bypass vulnerability (CVE-2026-45585) that allows attackers with physical access to access encrypted data via the Windows Recovery Environment.
**To protect against the YellowKey physical bypass attack switch your BitLocker configuration from TPM-only to TPM+PIN configuration. Relying on hardware-only secrets is no longer sufficient when the boot process itself can be manipulated. IT teams should also manually modify their WinRE images to remove the autofstx.exe entry from the registry until Microsoft releases an official, permanent patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-issues-emergency-mitigation-for-yellowkey-bitlocker-bypass-8-8-6-n-a/gD2P6Ple2L
🚨 CVE-2026-45585 (YellowKey)
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.
We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.
ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-45585
#nttdata #zen #secdb #infosec
#yellowkey #microsoft #bitlocker #cve202645585
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
#CVE_2026_45585
https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html
CVE-2026-45585: Windows BitLocker — YellowKey Recovery Bypass Analysis https://www.zerodaybrief.blog/episodes/ep07-yellowkey/
##Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.
I know people here probably don't want to rehash the disclosure discussion for the 683,547,329th time, but fuck Microsoft and this passive aggressive bullshit trying to frame their own interests as "best practices" in a vuln mitigation publication. Your shit is getting torn apart. Act like you've been there before because we all know you have.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585
##updated 2026-05-20T14:02:12.280000
1 posts
🟠 CVE-2026-9064 - High (7.5)
A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP reques...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9064/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-20T14:01:24.027000
1 posts
🟠 CVE-2026-44933 - High (7.8)
`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-44933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-20T14:01:24.027000
1 posts
Tenable Research Advisories have added two items:
- CVE-2026-9065: Surecart - SQL Injection https://www.tenable.com/security/research/tra-2026-43
- CVE-2026-9059: NextGEN Gallery - SQL Injection https://www.tenable.com/security/research/tra-2026-42 @tenable #infosec #vulnerability #SQL
##updated 2026-05-20T14:01:24.027000
1 posts
Tenable Research Advisories have added two items:
- CVE-2026-9065: Surecart - SQL Injection https://www.tenable.com/security/research/tra-2026-43
- CVE-2026-9059: NextGEN Gallery - SQL Injection https://www.tenable.com/security/research/tra-2026-42 @tenable #infosec #vulnerability #SQL
##updated 2026-05-20T13:54:54.890000
1 posts
🟠 CVE-2026-5200 - High (8.8)
The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5200/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-05-19T18:45:32.087000
1 posts
updated 2026-05-19T15:31:21
1 posts
Another one from the Lulz Department: how about an RCE in your assembler?
"CVE-2026-6068 – From Heap UAF to Persistent RCE in NASM":
##updated 2026-05-19T14:16:46.977000
1 posts
2 repos
https://github.com/0xBlackash/CVE-2026-45829
https://github.com/fevar54/FULL-ANALYSIS---CVE-2026-45829-ChromaDB-
updated 2026-05-18T13:16:28.530000
1 posts
4 repos
https://github.com/0xDimas/MiniPlasma
https://github.com/Nightmare-Eclipse/MiniPlasma
Even better, they posted this last week:
After re-investigating the technique used in GreenPlasma (specifically SetPolicyVal), it turns out cldflt!HsmOsBlockPlaceholderAccess is still vulnerable to the exact same issue that was reported to Microsoft 6 years ago. I’m not taking full credit for this, James Forshaw from google project zero found the vulnerability and reported it to Microsoft and was supposedly fixed as CVE-2020-17103.
However, a research who’s a friend of mine pointed out that the routine might still have a vulnerability, which is something I considered but brushed off because I thought it was impossible for Microsoft to just not patch this or rollback the patch.
After investigating, it turns out the exact same issue that was reported to Microsoft by Google project zero is actually still present, unpatched. I’m unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes.
https://github.com/Nightmare-Eclipse/MiniPlasma https://deadeclipse666.blogspot.com/
##updated 2026-05-15T19:35:52.963000
1 posts
1 repos
⚪️ Microsoft warns of attacks exploiting zero‑day vulnerability in Exchange Server
🗨️ Microsoft specialists have warned about attacks targeting a new zero-day vulnerability in Exchange Server, identified as CVE-2026-42897. The issue affects Exchange Server 2016, 2019, and Subscription Edition (SE). Since a full patch is not yet available, the company suggests using…
##updated 2026-05-14T21:30:40
3 posts
28 repos
https://github.com/DepthFirstDisclosures/Nginx-Rift
https://github.com/fkj-src/fix_nginx_cve_2026_42945
https://github.com/RedCrazyGhost/CVE-2026-42945
https://github.com/MateusVerass/nGixshell
https://github.com/yusufdalbudak/CVE-2026-42945
https://github.com/Renison-Gohel/CVE-2026-42945-NGINX-Rift
https://github.com/iammerrida-source/nginx-rift-detect
https://github.com/gagaltotal/CVE-2026-42945-NGINX-Rift-Toolkit
https://github.com/byezero/nginx-cve-2026-42945-check
https://github.com/nanwinata/nginxrift-CVE-2026-42945
https://github.com/BarAppTeam/nginx-cve-fix
https://github.com/0xBlackash/CVE-2026-42945
https://github.com/realityone/cve-2026-42945-scan
https://github.com/chenqin231/CVE-2026-42945
https://github.com/oseasfr/Scanner_CVE_2026-42945
https://github.com/soksofos/wazuh-nginx-cve-2026-42945-sca-lab
https://github.com/forxiucn/nginx-cve-2026-42945-poc
https://github.com/imSre9/CVE-2026-42945
https://github.com/jelasin/CVE-2026-42945
https://github.com/rheodev/CVE-2026-42945
https://github.com/tal7aouy/nginx-cve-2026-42945
https://github.com/cipherspy/CVE-2026-42945-POC
https://github.com/hnytgl/cve-2026-42945
https://github.com/friparia/NGINX_RIFT_SCAN_CVE_2026_42945
https://github.com/sibersan/web-server-audit_CVE-2026-42945
https://github.com/ChamsBouzaiene/ai-vuln-rediscovery-nginx-cve-2026-42945
Thank you for these kind words!
If you are interested we started to deploy in production the algorithms presented during FIRST CTI in Munich. An example here:
https://vulnerability.circl.lu/vuln/cve-2026-42945#sightings
Click on the "Forecast" tab.
Have a nice day!
##🚨 Worried about your #NGINX web servers? 👉 We built a *free* scanner for CVE-2026-42945 (NGINX Rift). 👇
Check your targets now (no account required): https://pentest-tools.com/network-vulnerability-scanning/cve-2026-42945-scanner-nginx-rift
Once the scan completes (and if your target is vulnerable), you'll get a finding that includes:
✅ the detected NGINX version
✅the vulnerable range it falls into
✅the CVSS score & severity rating
✅remediation guidance
Download it as a PDF and share it with whoever handles remediation.
Oh, and one thing to check before you call it patched: upgrading your primary NGINX install *doesn’t* cover copies embedded in container images or Kubernetes ingress controllers.
Those need separate inventory and patching.
PS: We also have a dedicated Kubernetes vulnerability scanner. You can find it on our website.
##⚪️ 18-year-old vulnerability in NGINX leads to remote code execution
🗨️ Researchers from DepthFirst AI have discovered a critical vulnerability in NGINX, CVE-2026-42945, which scored 9.2 on the CVSS scale. The issue affects all NGINX versions from 0.6.27 to 1.30.0 and has been present in the code for about 18 years.…
##updated 2026-05-14T18:34:38.530000
1 posts
7 repos
https://github.com/love07oj/nextjs-cve-2026-44578
https://github.com/0xBlackash/CVE-2026-44578
https://github.com/ynsmroztas/nextssrf
https://github.com/panchocosil/verify-ghsa-c4j6-fc7j-m34r
https://github.com/dwisiswant0/next-16.2.4-pocs
https://horizon3.ai/attack-research/vulnerabilities/cve-2026-44578/
##CVE-2026-44578 is a High-severity server-side request forgery vulnerability affecting self-hosted Next.js applications that use the built-in Node.js server. The vulnerability exists in WebSocket upgrade request handling, where crafted requests can cause the server to proxy connections to arbitrary internal or external destinations. Vercel-hosted deployments are not affected.
updated 2026-05-14T17:52:50.143000
4 posts
2 repos
CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox
CVE-2026-40369은 Windows 커널의 nt!ExpGetProcessInformation 함수 내에서 발생하는 12바이트 임의 쓰기 취약점으로, NtQuerySystemInformation 호출 시 검증 없이 커널 메모리에 쓰기가 가능하다. 이 취약점은 크롬, 엣지, 파이어폭스 렌더러 샌드박스 등 비권한 프로세스에서도 접근 가능하며, 이를 이용해 권한 상승(LPE)이 가능하다. 연구자는 기존 토큰 탈취 방식 대신 NtCreateToken을 활용해 SYSTEM 권한 토큰을 직접 생성하는 새로운 공격 체인을 제시했다. 이 취약점은 Windows 11 25H2 빌드...
##CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox - VoidSec
https://voidsec.com/cve-2026-40369-browser-sandbox-escape/
Read on HackerWorkspace: https://hackerworkspace.com/article/cve-2026-40369-twelve-bytes-to-escape-the-browser-sandbox-voidsec
##CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox https://voidsec.com/cve-2026-40369-browser-sandbox-escape/
##CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox
Technical analysis of CVE-2026-40369, a 12-byte Windows kernel write reachable from browser sandboxes via NtQuerySystemInformation, leading to SYSTEM.
🔗️ [Voidsec] https://link.is.it/5Fe1gf
##updated 2026-05-13T18:17:47.830000
1 posts
1 repos
https://github.com/tstephens1080/palo-alto-cve-2026-0265-checker
When Your VPN Opens Your Private Network to the Public https://www.hacktron.ai/blog/cve-2026-0265-panos-globalprotect-cas-auth-bypass
##updated 2026-05-13T14:02:20.380000
1 posts
CVE-2026-28910: Breaking macOS App Sandbox Data Containers and Hijacking Apps
macOS의 기본 압축 도구인 Archive Utility가 macOS 26.4 이전 버전에서 거의 무제한 파일 시스템 접근 권한을 가지고 있어, 드래그 앤 드롭 샌드박스 취약점과 결합해 앱 샌드박스 데이터 컨테이너, TCC(투명성·동의·제어) 보호를 우회하고 타사 앱을 하이재킹할 수 있는 심각한 보안 취약점(CVE-2026-28910)이 발견되었다. 공격자는 단 두 가지 사용자 행동(악성 코드 실행 및 특정 파일 드래그 앤 드롭)만으로 권한 상승 없이 민감한 앱 데이터에 접근하고, 신뢰된 앱을 악성 버전으로 교체할 수 있다. 이 문제는 2025년 10월 보고되...
##updated 2026-05-12T18:47:21.360000
1 posts
9 repos
https://github.com/TailwindRG/cve-2026-0300-audit
https://github.com/0xBlackash/CVE-2026-0300
https://github.com/qassam-315/PAN-OS-User-ID-Buffer-Overflow-PoC
https://github.com/bannned-bit/CVE-2026-0300-PANOS
https://github.com/ByteWraith1/CVE-2026-0300
https://github.com/shizuku198411/CVE-2026-0300
https://github.com/lu4m575/CVE-2026-0300
Siemens RUGGEDCOM APE1808 Critical RCE Vulnerability
Siemens reported a critical vulnerability (CVE-2026-0300) in RUGGEDCOM APE1808 devices that allows unauthenticated attackers to execute arbitrary code with root privileges by exploiting a buffer overflow in the integrated Palo Alto Networks PAN-OS software.
**If you use RUGGEDCOM APE1808 devices, disable the Captive Portal or restrict it to trusted internal networks. Do not wait for a firmware patch, it may be too late. When the patch is published, update immediately**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/siemens-ruggedcom-ape1808-critical-rce-vulnerability-4-u-1-o-y/gD2P6Ple2L
updated 2026-05-10T21:30:22
4 posts
RE: https://mastodon.social/@wollman/116615093350624840
@distrowatch @kaidenshi @brnrd
<https://vuxml.freebsd.org/freebsd/30bda1c3-369b-11f1-b51c-6dd25bec137b.html> for CVE-2026-1502, one of the five vulnerable ports is deprecated but not yet expired.
295200 – lang/python314: Update to 3.14.5 — <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295200>
285957 – lang/python312 as default python — <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285957>
Cc @dvl
##Really feels like @dvl and I are the only people who actually read our #FreeBSD package security alerts, given the apparent complete lack of urgency on the part of anyone else to fix the two-months-outstanding lang/python* CVEs like CVE-2026-1502.
##RE: https://mastodon.social/@wollman/116615093350624840
@distrowatch @kaidenshi @brnrd
<https://vuxml.freebsd.org/freebsd/30bda1c3-369b-11f1-b51c-6dd25bec137b.html> for CVE-2026-1502, one of the five vulnerable ports is deprecated but not yet expired.
295200 – lang/python314: Update to 3.14.5 — <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295200>
285957 – lang/python312 as default python — <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285957>
Cc @dvl
##Really feels like @dvl and I are the only people who actually read our #FreeBSD package security alerts, given the apparent complete lack of urgency on the part of anyone else to fix the two-months-outstanding lang/python* CVEs like CVE-2026-1502.
##updated 2026-05-07T15:15:06.770000
1 posts
1 repos
https://github.com/minanagehsalalma/cve-2026-34474-zte-h298a-h108n-sensitive-data-exposure
CVE-2026-34474: Pre-auth credential disclosure in ZTE H298A / H108N via ETHCheat https://minanagehsalalma.github.io/cve-2026-34474-zte-h298a-h108n-sensitive-data-exposure/
##updated 2026-05-04T14:16:35.190000
3 posts
📢 CVE-2026-5140 : Chaîne d'escalade de privilèges critique dans Pardus Linux permettant un accès root
📝 ## 🔍 Contexte
Publié le 21 mai 2026 par The Cyber Express, cet article documente une chaî...
📖 cyberveille : https://cyberveille.ch/posts/2026-05-21-cve-2026-5140-chaine-d-escalade-de-privileges-critique-dans-pardus-linux-permettant-un-acces-root/
🌐 source : https://thecyberexpress.com/cve-2026-5140-pardus-linux-root-access-flaw/
#APT_hijacking #CRLF_injection #Cyberveille
updated 2026-04-21T19:02:35.430000
1 posts
CVE-2013-0422 - Changed to Known Ransomware Status
Oracle JRE Remote Code Execution VulnerabilityVendor: OracleProduct: Java Runtime Environment (JRE)A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.Status changed from Unknown to Known for ransomware campaign usage.Flip detected on: May 21, 2026 at 18:00:35 UTCDate Added to KEV: 2022-05-25View CVE https://nvd.nist.gov/vuln/detail/CVE-2013-0422
##updated 2026-04-15T00:35:42.020000
5 posts
SonicWall warned in a security advisory for CVE-2024-12802 that installing the firmware update alone on Gen6 devices does not fully mitigate the vulnerability, and a manual reconfiguration of the LDAP server is required. https://www.bleepingcomputer.com/news/security/hackers-bypass-sonicwall-vpn-mfa-due-to-incomplete-patching/
##📢 CVE-2024-12802 : exploitation active de SonicWall SSL VPN malgré le patch firmware
📝 ## 🔍 Contexte
Publié le 19 mai 2026 par ReliaQuest Threat Research (auteurs : Alexander Capraro et Tristan Luikey),...
📖 cyberveille : https://cyberveille.ch/posts/2026-05-21-cve-2024-12802-exploitation-active-de-sonicwall-ssl-vpn-malgre-le-patch-firmware/
🌐 source : https://reliaquest.com/blog/threat-spotlight-vpn-exploitation-when-patched-doesnt-mean-protected/
#Akira #BYOVD #Cyberveille
SonicWall warned in a security advisory for CVE-2024-12802 that installing the firmware update alone on Gen6 devices does not fully mitigate the vulnerability, and a manual reconfiguration of the LDAP server is required. https://www.bleepingcomputer.com/news/security/hackers-bypass-sonicwall-vpn-mfa-due-to-incomplete-patching/
##updated 2026-04-15T00:35:42.020000
1 posts
1 repos
CVE-2025-6919 - Critical SQLi in Cats Information Technology Aykome License Tracking System. CVSS 9.8. Unpatched. Update immediately to version dated 06.10.2025. #CVE #infosec #cybersecurity
##updated 2026-04-08T16:05:42.877000
1 posts
1 repos
https://github.com/minanagehsalalma/cve-2026-34472-auth-bypass-zte-h188a-router
CVE-2026-34472: Pre-auth credential exposure and auth bypass in ZTE H188A V6 routers https://minanagehsalalma.github.io/cve-2026-34472-auth-bypass-zte-h188a-router/
##updated 2026-02-26T21:32:34
6 posts
2 repos
How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102) https://securelist.com/exiftool-compromise-mac/119866/
##How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102) https://securelist.com/exiftool-compromise-mac/119866/
##How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
#CVE_2026_3102
https://securelist.com/exiftool-compromise-mac/119866/
New.
Kaspersky: How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102) https://securelist.com/exiftool-compromise-mac/119866/ @Kaspersky #infosec #Mac #threatresearch
##Lulz. An RCE from an image? Image metadata, to be precise? In ExifTool, which is supposed to display the image metadata. Only on Macs, though.
"How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)":
##How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102).
🔗️ [Securelist] https://link.is.it/Hr78fH
##updated 2026-02-20T19:22:53.637000
4 posts
3 repos
https://github.com/vognik/CVE-2026-26980
https://github.com/dinosn/ghost-cve-2026-26980
https://github.com/Kulik-Labs-Development/Ghost-CMS-Code-Injection-Audit-CVE-2026-26980
XLab researchers show how threat actors exploited CVE-2026-26980 to compromise Ghost CMS, causing numerous websites to become accomplices in ClickFix attacks. https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980/
##XLab researchers show how threat actors exploited CVE-2026-26980 to compromise Ghost CMS, causing numerous websites to become accomplices in ClickFix attacks. https://blog.xlab.qianxin.com/ghost-cms-page-poisoning-cve-2026-26980/
##Thanks again! Yeah the read access from the SQL injection allowed exfiltration of admin API keys at which point game over. I don't see any malicious themes or changes to the theme file ... instead it seems like it was the vulnerability descried in https://blog.xlab.qianxin.com/ghost-cms-mass-compromised-via-cve-2026-26980-now-fueling-clickfix-attacks/ (which I don't think had been published yet when I was doing the cleanup, or at least I didn't find it in my searching). Basically the hack edited every posts to put in a script in the "codeinjection_footer" field that brings the payload in from a malware site.
There aren't any obvious signs of LPE exploitation but who knows ... another good argument for spinning up a new instance.
@mildsunrise @JadedBlueEyes @thenexusofprivacy@gotosocial.thenexus.today
##A hacking campaign is planting FakeCaptcha pages and malware on websites built with the Ghost CMS.
The attacks began this month and are exploiting a vulnerability disclosed in February
##updated 2025-09-19T19:33:43.980000
1 posts
Mass Exploitation of Four-Faith Industrial Routers for Botnet Expansion
Threat actors are conducting mass exploitation of a critical hard-coded credential flaw (CVE-2024-9643) in Four-Faith industrial routers to build botnets and gain footholds in corporate networks.
**Make sure all your Four-Faith industrial routers are isolated from the internet and only accessible from trusted networks. Then immediately update to the latest firmware to patch CVE-2024-9643, and disable the web management interface on any public-facing ports.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/mass-exploitation-of-four-faith-industrial-routers-for-botnet-expansion-v-x-5-k-e/gD2P6Ple2L
updated 2025-01-31T15:30:44
1 posts
4 repos
https://github.com/NHAS/VULNERABLE-CVE-2024-45337
https://github.com/peace-maker/CVE-2024-45337
🚨 EUVD-2026-31398
📊 Score: n/a
📦 Product: golang.org/x/crypto/ssh
🏢 Vendor: golang.org/x/crypto
📅 Updated: 2026-05-22
📝 Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.
🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31398
##updated 2023-02-01T05:07:57
1 posts
Bitcoin Value Overflow Incident (CVE-2010-5139)
2010년 8월 비트코인 네트워크에서 정수 오버플로우 버그로 인해 1840억 BTC가 생성되는 사건이 발생했다. 이 버그는 트랜잭션 검증 코드의 64비트 정수 오버플로우로 인해 발생했으며, 5시간 만에 사토시 나카모토가 수정한 하드포크를 통해 해결되었다. 이 사건은 비트코인의 2100만 개 공급 한도가 코드와 노드 운영자의 합의에 의해 유지된다는 점을 보여주는 중요한 사례로, 오픈소스와 커뮤니티의 신속한 대응이 시스템의 신뢰성을 지켰음을 입증한다. 또한, 이후 2014년에는 또 다른 공급 무한 버그(BIP 42)가 발견되어 소프트포크로 조용히 수정되었다. 이 사례는 '검증하라,...
https://www.learnbitcoin.com/rabbit-hole/inflation-bug-postmortem
##updated 2023-02-01T05:06:20
1 posts
Here's the last one in our series of blogs on the unpatchable vulnerabilities of #Kubernetes, with CVE-2021-25740
https://securitylabs.datadoghq.com/articles/unpatchable-kubernetes-vulnerabilities-cve-2021-25740/
##STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ https://radar.offseq.com/threat/cve-2026-25606-cwe-89-improper-neutralization-of-s-41b4f04f #OffSeq #SQLInjection #Vuln #Infosec
##STER (Centralny Instytut Ochrony Pracy) faces a HIGH severity SQL Injection (CVE-2026-25606, CVSS 8.7). Authenticated attackers can access sensitive data via search filters. Patch by upgrading to v9.5. 🛡️ https://radar.offseq.com/threat/cve-2026-25606-cwe-89-improper-neutralization-of-s-41b4f04f #OffSeq #SQLInjection #Vuln #Infosec
##🟠 CVE-2026-9011 - High (7.5)
The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perfor...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9011/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-9011 - High (7.5)
The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perfor...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-9011/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##2 posts
8 repos
https://github.com/HORKimhab/CVE-2026-46300
https://github.com/infiniroot/ansible-mitigate-copyfail-dirtyfrag
https://github.com/ExploitEoom/CVE-2026-46300
https://github.com/First-John/cve_2026_frag_family_fix
https://github.com/Maxime288/Fragnesia-CVE-2026-46300
https://github.com/Koshmare-Blossom/Fragnesia-go
#Debian still without a #fragnesia patch. Not funny anmore!
(I know that there is a mitigation for systems without ipsec)
https://security-tracker.debian.org/tracker/CVE-2026-46300
New.
Picus: Fragnesia CVE-2026-46300: Linux Kernel LPE Vulnerability Explained https://www.picussecurity.com/resource/blog/fragnesia-cve-2026-46300-linux-kernel-lpe-vulnerability-explained #threatresearch #Linux #infosec #vulnerability
##CVE-2026-47243: Kata Containers guest-root to host-root escape via virtiofs https://lobste.rs/s/blhd1c #security #virtualization
https://www.openwall.com/lists/oss-security/2026/05/21/14
CVE-2026-47243: Kata Containers guest-root to host-root escape via virtiofs https://lobste.rs/s/blhd1c #security #virtualization
https://www.openwall.com/lists/oss-security/2026/05/21/14
... they also managed to call dibs on CVE-2026-0001 :party_porg2:
##General セキュリティに関する修正 GHSA-2m3r-xx7x-63j6 (CVE-2026-46712) GHSA-w8x2-gpq6-jxvf (CVE-2026-46713) GHSA-38jx-423m-g387 (CVE-2026-47746) GHSA-wmhf-m93m-rgmj (CVE-2026-46714) GHSA-j49q-76hx-mv8f (CVE-2026-48115) Client Fix: ビルドに失敗することがある問題を修正
https://github.com/misskey-dev/misskey/releases/tag/2026.5.4
##General セキュリティに関する修正 GHSA-2m3r-xx7x-63j6 (CVE-2026-46712) GHSA-w8x2-gpq6-jxvf (CVE-2026-46713) GHSA-38jx-423m-g387 (CVE-2026-47746) GHSA-wmhf-m93m-rgmj (CVE-2026-46714) GHSA-j49q-76hx-mv8f (CVE-2026-48115) Client Fix: ビルドに失敗することがある問題を修正
https://github.com/misskey-dev/misskey/releases/tag/2026.5.4
##General セキュリティに関する修正 GHSA-2m3r-xx7x-63j6 (CVE-2026-46712) GHSA-w8x2-gpq6-jxvf (CVE-2026-46713) GHSA-38jx-423m-g387 (CVE-2026-47746) GHSA-wmhf-m93m-rgmj (CVE-2026-46714) GHSA-j49q-76hx-mv8f (CVE-2026-48115) Client Fix: ビルドに失敗することがある問題を修正
https://github.com/misskey-dev/misskey/releases/tag/2026.5.4
##General セキュリティに関する修正 GHSA-2m3r-xx7x-63j6 (CVE-2026-46712) GHSA-w8x2-gpq6-jxvf (CVE-2026-46713) GHSA-38jx-423m-g387 (CVE-2026-47746) GHSA-wmhf-m93m-rgmj (CVE-2026-46714) GHSA-j49q-76hx-mv8f (CVE-2026-48115) Client Fix: ビルドに失敗することがある問題を修正
https://github.com/misskey-dev/misskey/releases/tag/2026.5.4
##General セキュリティに関する修正 GHSA-2m3r-xx7x-63j6 (CVE-2026-46712) GHSA-w8x2-gpq6-jxvf (CVE-2026-46713) GHSA-38jx-423m-g387 (CVE-2026-47746) GHSA-wmhf-m93m-rgmj (CVE-2026-46714) GHSA-j49q-76hx-mv8f (CVE-2026-48115) Client Fix: ビルドに失敗することがある問題を修正
https://github.com/misskey-dev/misskey/releases/tag/2026.5.4
##1 posts
25 repos
https://github.com/fkj-src/fix_nginx_cve_2026_42945
https://github.com/RedCrazyGhost/CVE-2026-42945
https://github.com/yusufdalbudak/CVE-2026-42945
https://github.com/Renison-Gohel/CVE-2026-42945-NGINX-Rift
https://github.com/gagaltotal/CVE-2026-42945-NGINX-Rift-Toolkit
https://github.com/byezero/nginx-cve-2026-42945-check
https://github.com/nanwinata/nginxrift-CVE-2026-42945
https://github.com/0xBlackash/CVE-2026-42945
https://github.com/realityone/cve-2026-42945-scan
https://github.com/chenqin231/CVE-2026-42945
https://github.com/oseasfr/Scanner_CVE_2026-42945
https://github.com/soksofos/wazuh-nginx-cve-2026-42945-sca-lab
https://github.com/forxiucn/nginx-cve-2026-42945-poc
https://github.com/imSre9/CVE-2026-42945
https://github.com/jelasin/CVE-2026-42945
https://github.com/rheodev/CVE-2026-42945
https://github.com/tal7aouy/nginx-cve-2026-42945
https://github.com/ndhet/bot-CVE-2026-42940
https://github.com/cipherspy/CVE-2026-42945-POC
https://github.com/hnytgl/cve-2026-42945
https://github.com/friparia/NGINX_RIFT_SCAN_CVE_2026_42945
https://github.com/sibersan/web-server-audit_CVE-2026-42945
https://github.com/ChamsBouzaiene/ai-vuln-rediscovery-nginx-cve-2026-42945
⚪️ 18-year-old vulnerability in NGINX leads to remote code execution
🗨️ Researchers from DepthFirst AI have discovered a critical vulnerability in NGINX, CVE-2026-42945, which scored 9.2 on the CVSS scale. The issue affects all NGINX versions from 0.6.27 to 1.30.0 and has been present in the code for about 18 years.…
##