| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-1731 | 0 | 4.22% | 14 | 4 | template | 2026-02-14T01:16:07.740000 | BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote |
| CVE-2026-24853 | 8.1 | 0.00% | 2 | 0 | 2026-02-13T23:16:11.800000 | Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whit | |
| CVE-2026-26273 | 9.8 | 0.00% | 4 | 0 | 2026-02-13T22:16:11.330000 | Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authent | |
| CVE-2026-26269 | 5.4 | 0.00% | 2 | 0 | 2026-02-13T22:16:11.220000 | Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buff | |
| CVE-2025-15157 | 8.8 | 0.00% | 4 | 0 | 2026-02-13T22:16:08.427000 | The Starfish Review Generation & Marketing for WordPress plugin for WordPress is | |
| CVE-2026-26187 | 8.1 | 0.00% | 2 | 0 | 2026-02-13T22:11:50 | ## Summary Two path traversal vulnerabilities in the local block adapter allow | |
| CVE-2026-20615 | 7.8 | 0.02% | 2 | 0 | 2026-02-13T21:43:42.930000 | A path handling issue was addressed with improved validation. This issue is fixe | |
| CVE-2026-26335 | 0 | 0.00% | 2 | 0 | 2026-02-13T21:43:11.137000 | Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey val | |
| CVE-2026-26333 | 0 | 0.00% | 2 | 0 | 2026-02-13T21:43:11.137000 | Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoti | |
| CVE-2025-70123 | 7.5 | 0.00% | 6 | 0 | 2026-02-13T21:43:11.137000 | An improper input validation and protocol compliance vulnerability in free5GC v4 | |
| CVE-2025-69770 | 10.0 | 0.00% | 2 | 0 | 2026-02-13T21:43:11.137000 | A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPorta | |
| CVE-2026-2441 | 8.8 | 0.00% | 8 | 0 | 2026-02-13T21:31:40 | Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote a | |
| CVE-2025-70121 | 7.5 | 0.00% | 2 | 0 | 2026-02-13T21:31:36 | An array index out of bounds vulnerability in the AMF component of free5GC v4.0. | |
| CVE-2025-70122 | 7.5 | 0.00% | 2 | 0 | 2026-02-13T21:31:36 | A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allo | |
| CVE-2026-20667 | 8.8 | 0.01% | 2 | 0 | 2026-02-13T21:31:36 | A logic issue was addressed with improved checks. This issue is fixed in watchOS | |
| CVE-2026-20617 | 7.0 | 0.02% | 2 | 0 | 2026-02-13T21:31:35 | A race condition was addressed with improved state handling. This issue is fixed | |
| CVE-2026-25924 | 8.4 | 0.04% | 1 | 1 | 2026-02-13T21:30:01.447000 | Kanboard is project management software focused on Kanban methodology. Prior to | |
| CVE-2026-20620 | 7.7 | 0.02% | 2 | 0 | 2026-02-13T21:16:30.177000 | An out-of-bounds read issue was addressed with improved input validation. This i | |
| CVE-2026-20614 | 7.8 | 0.02% | 2 | 0 | 2026-02-13T20:22:46.497000 | A path handling issue was addressed with improved validation. This issue is fixe | |
| CVE-2026-2314 | 8.8 | 0.02% | 1 | 0 | 2026-02-13T18:31:24 | Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a | |
| CVE-2026-20660 | 7.5 | 0.05% | 2 | 0 | 2026-02-13T18:16:19.127000 | A path handling issue was addressed with improved logic. This issue is fixed in | |
| CVE-2026-20649 | 7.5 | 0.02% | 2 | 0 | 2026-02-13T18:16:18.967000 | A logging issue was addressed with improved data redaction. This issue is fixed | |
| CVE-2026-25253 | 8.8 | 0.04% | 1 | 4 | 2026-02-13T17:41:02.987000 | OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value f | |
| CVE-2026-2319 | 7.5 | 0.02% | 1 | 0 | 2026-02-13T17:29:10.443000 | Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attack | |
| CVE-2026-26190 | 9.8 | 0.00% | 2 | 0 | 2026-02-13T17:17:13 | ## Summary Milvus exposes TCP port 9091 by default with two critical authentica | |
| CVE-2026-26056 | 8.8 | 0.04% | 2 | 0 | 2026-02-13T17:15:44 | # Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke A | |
| CVE-2026-26055 | 7.5 | 0.07% | 2 | 0 | 2026-02-13T17:15:38 | # Unauthenticated Admission Webhook Endpoints in Yoke ATC This vulnerability ex | |
| CVE-2026-20654 | 5.5 | 0.02% | 2 | 0 | 2026-02-13T15:31:29 | The issue was addressed with improved memory handling. This issue is fixed in wa | |
| CVE-2025-14349 | 8.8 | 0.00% | 2 | 0 | 2026-02-13T15:30:33 | Privilege Defined With Unsafe Actions, Missing Authentication for Critical Funct | |
| CVE-2026-1619 | 8.3 | 0.00% | 2 | 0 | 2026-02-13T15:30:27 | Authorization Bypass Through User-Controlled Key vulnerability in Universal Soft | |
| CVE-2025-15556 | 7.5 | 11.09% | 9 | 2 | 2026-02-13T15:30:24 | Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an upd | |
| CVE-2026-20650 | 7.5 | 0.04% | 2 | 0 | 2026-02-13T14:46:52.993000 | A denial-of-service issue was addressed with improved validation. This issue is | |
| CVE-2026-20658 | 7.8 | 0.02% | 2 | 0 | 2026-02-13T14:45:17.953000 | A package validation issue was addressed by blocking the vulnerable package. Thi | |
| CVE-2026-25108 | 8.8 | 0.25% | 4 | 0 | 2026-02-13T14:23:48.007000 | FileZen contains an OS command injection vulnerability. When FileZen Antivirus C | |
| CVE-2026-1618 | 8.8 | 0.00% | 2 | 0 | 2026-02-13T14:23:48.007000 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Univer | |
| CVE-2026-26219 | 9.1 | 0.02% | 4 | 0 | 2026-02-13T14:23:48.007000 | newbee-mall stores and verifies user passwords using an unsalted MD5 hashing alg | |
| CVE-2025-70886 | 7.5 | 0.10% | 2 | 1 | 2026-02-13T14:23:48.007000 | An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial | |
| CVE-2026-26217 | 8.6 | 0.06% | 4 | 0 | 2026-02-13T14:23:48.007000 | Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in | |
| CVE-2025-54756 | 8.4 | 0.01% | 2 | 0 | 2026-02-13T14:23:48.007000 | BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series | |
| CVE-2025-70981 | 9.8 | 0.03% | 2 | 0 | 2026-02-13T14:23:48.007000 | CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interf | |
| CVE-2026-26218 | 9.8 | 0.07% | 2 | 0 | 2026-02-13T14:23:48.007000 | newbee-mall includes pre-seeded administrator accounts in its database initializ | |
| CVE-2026-1358 | 9.8 | 0.13% | 4 | 0 | 2026-02-13T00:33:00 | Airleader Master versions 6.381 and prior allow for file uploads without restri | |
| CVE-2026-25949 | 7.5 | 0.02% | 2 | 0 | 2026-02-12T22:08:03 | ## Impact There is a potential vulnerability in Traefik managing STARTTLS reque | |
| CVE-2025-61880 | 8.8 | 0.42% | 2 | 0 | 2026-02-12T21:32:31 | In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote co | |
| CVE-2025-69807 | 7.5 | 0.07% | 2 | 0 | 2026-02-12T21:32:31 | p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows u | |
| CVE-2026-20652 | 7.5 | 0.12% | 2 | 0 | 2026-02-12T21:32:30 | The issue was addressed with improved memory handling. This issue is fixed in ma | |
| CVE-2026-20677 | 9.1 | 0.05% | 2 | 0 | 2026-02-12T21:32:30 | A race condition was addressed with improved handling of symbolic links. This is | |
| CVE-2025-61879 | 7.7 | 0.03% | 2 | 0 | 2026-02-12T21:32:30 | In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary | |
| CVE-2025-63421 | 7.8 | 0.02% | 2 | 0 | 2026-02-12T21:32:30 | An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local at | |
| CVE-2025-40536 | 8.1 | 76.95% | 8 | 0 | 2026-02-12T21:32:29 | SolarWinds Web Help Desk was found to be susceptible to a security control bypas | |
| CVE-2025-67432 | 7.5 | 0.04% | 2 | 0 | 2026-02-12T21:31:34 | A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS Dyn | |
| CVE-2025-70314 | 9.8 | 0.04% | 2 | 0 | 2026-02-12T21:31:34 | webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is du | |
| CVE-2026-20700 | 7.8 | 0.21% | 30 | 0 | 2026-02-12T21:31:27 | A memory corruption issue was addressed with improved state management. This iss | |
| CVE-2024-43468 | 9.8 | 86.39% | 10 | 3 | 2026-02-12T21:31:24 | Microsoft Configuration Manager Remote Code Execution Vulnerability | |
| CVE-2026-26216 | None | 0.20% | 4 | 0 | 2026-02-12T20:09:30 | A critical remote code execution vulnerability exists in the Crawl4AI Docker API | |
| CVE-2025-69872 | None | 0.08% | 2 | 0 | 2026-02-12T20:08:45 | DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization | |
| CVE-2025-70085 | 9.8 | 0.04% | 2 | 0 | 2026-02-12T18:31:25 | An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed | |
| CVE-2026-20626 | 7.8 | 0.01% | 2 | 0 | 2026-02-12T18:31:25 | This issue was addressed with improved checks. This issue is fixed in macOS Sequ | |
| CVE-2025-69871 | 8.1 | 0.04% | 2 | 0 | 2026-02-12T18:31:24 | A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in | |
| CVE-2025-46290 | 7.5 | 0.14% | 2 | 0 | 2026-02-12T18:31:24 | A logic issue was addressed with improved checks. This issue is fixed in macOS S | |
| CVE-2026-2249 | 9.8 | 0.17% | 1 | 1 | 2026-02-12T18:31:24 | METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at t | |
| CVE-2026-2248 | 9.8 | 0.17% | 1 | 0 | 2026-02-12T18:31:24 | METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at t | |
| CVE-2025-69634 | 9.1 | 0.05% | 2 | 0 | 2026-02-12T18:30:23 | Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a | |
| CVE-2026-2250 | 7.5 | 0.07% | 1 | 0 | 2026-02-12T16:16:18.783000 | The /dbviewer/ web endpoint in METIS WIC devices is exposed without authenticati | |
| CVE-2026-26235 | 7.5 | 0.07% | 4 | 1 | 2026-02-12T16:16:17.917000 | JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that | |
| CVE-2025-67135 | 9.8 | 0.04% | 2 | 0 | 2026-02-12T16:16:04.620000 | Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allo | |
| CVE-2025-14892 | 9.8 | 0.04% | 2 | 0 | 2026-02-12T15:33:54 | The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gai | |
| CVE-2025-70083 | 7.8 | 0.01% | 2 | 0 | 2026-02-12T15:33:51 | An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecomman | |
| CVE-2026-2004 | 8.8 | 0.10% | 6 | 1 | 2026-02-12T15:32:55 | Missing validation of type of input in PostgreSQL intarray extension selectivity | |
| CVE-2025-10969 | 9.8 | 0.03% | 2 | 0 | 2026-02-12T15:32:54 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | |
| CVE-2026-2007 | 8.2 | 0.04% | 2 | 0 | 2026-02-12T15:32:54 | Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unk | |
| CVE-2025-14014 | 9.8 | 0.04% | 2 | 0 | 2026-02-12T15:32:54 | Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information | |
| CVE-2026-1104 | 8.8 | 0.04% | 2 | 0 | 2026-02-12T15:32:54 | The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is v | |
| CVE-2025-13002 | 8.2 | 0.04% | 2 | 0 | 2026-02-12T15:32:53 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site | |
| CVE-2026-20610 | 7.8 | 0.03% | 2 | 0 | 2026-02-12T15:32:47 | This issue was addressed with improved handling of symlinks. This issue is fixed | |
| CVE-2025-70084 | 7.5 | 0.24% | 2 | 0 | 2026-02-12T15:16:05.350000 | Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain a | |
| CVE-2025-70029 | 7.5 | 0.02% | 2 | 0 | 2026-02-12T15:16:04.567000 | An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensi | |
| CVE-2025-15573 | 9.4 | 0.02% | 2 | 0 | 2026-02-12T15:16:03.043000 | The affected devices do not validate the server certificate when connecting to t | |
| CVE-2026-2360 | 8.0 | 0.04% | 1 | 0 | 2026-02-12T15:11:02.290000 | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superu | |
| CVE-2026-2006 | 8.8 | 0.06% | 2 | 0 | 2026-02-12T15:10:37.307000 | Missing validation of multibyte character length in PostgreSQL text manipulation | |
| CVE-2026-2005 | 8.8 | 0.06% | 2 | 0 | 2026-02-12T15:10:37.307000 | Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to exec | |
| CVE-2026-1320 | 7.2 | 0.03% | 2 | 0 | 2026-02-12T15:10:37.307000 | The Secure Copy Content Protection and Content Locking plugin for WordPress is v | |
| CVE-2026-23857 | 8.2 | 0.01% | 4 | 0 | 2026-02-12T15:10:37.307000 | Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contain | |
| CVE-2026-1729 | 9.8 | 0.19% | 6 | 1 | 2026-02-12T15:10:37.307000 | The AdForest theme for WordPress is vulnerable to authentication bypass in all v | |
| CVE-2025-64487 | 7.6 | 0.01% | 1 | 0 | 2026-02-12T15:10:37.307000 | Outline is a service that allows for collaborative documentation. Prior to 1.1.0 | |
| CVE-2026-25676 | 7.8 | 0.01% | 4 | 1 | 2026-02-12T06:30:21 | The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL sea | |
| CVE-2026-26234 | 8.8 | 0.07% | 4 | 0 | 2026-02-12T06:30:21 | JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerabi | |
| CVE-2026-23856 | 7.8 | 0.01% | 2 | 0 | 2026-02-12T03:31:06 | Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell | |
| CVE-2026-0969 | 8.8 | 0.07% | 4 | 0 | 2026-02-12T03:31:01 | The serialize function used to compile MDX in next-mdx-remote is vulnerable to a | |
| CVE-2026-26215 | None | 0.13% | 2 | 1 | 2026-02-12T00:31:12 | manga-image-translator version beta-0.3 and prior in shared API mode contains an | |
| CVE-2026-26010 | 7.6 | 0.01% | 1 | 0 | 2026-02-11T23:14:54 | ### Summary Calls issued by the UI against `/api/v1/ingestionPipelines` leak JWT | |
| CVE-2026-25759 | 8.7 | 0.01% | 1 | 0 | 2026-02-11T23:14:17 | ### Impact Stored XSS vulnerability in content titles allow authenticated users | |
| CVE-2025-69873 | None | 0.07% | 2 | 0 | 2026-02-11T21:30:48 | ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regu | |
| CVE-2026-2315 | 8.8 | 0.02% | 1 | 0 | 2026-02-11T21:30:48 | Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 a | |
| CVE-2026-2313 | 8.8 | 0.02% | 1 | 0 | 2026-02-11T21:30:48 | Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote a | |
| CVE-2025-52868 | 8.1 | 0.10% | 2 | 0 | 2026-02-11T21:30:40 | A buffer overflow vulnerability has been reported to affect Qsync Central. If a | |
| CVE-2025-48725 | 8.1 | 0.10% | 2 | 0 | 2026-02-11T21:30:39 | A buffer overflow vulnerability has been reported to affect several QNAP operati | |
| CVE-2025-48724 | 8.1 | 0.10% | 2 | 0 | 2026-02-11T21:30:39 | A buffer overflow vulnerability has been reported to affect Qsync Central. If a | |
| CVE-2025-30276 | 8.8 | 0.11% | 2 | 0 | 2026-02-11T21:30:39 | An out-of-bounds write vulnerability has been reported to affect Qsync Central. | |
| CVE-2026-21239 | 7.8 | 0.03% | 2 | 0 | 2026-02-11T21:30:37 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to el | |
| CVE-2025-48723 | 8.1 | 0.10% | 2 | 0 | 2026-02-11T21:18:06.230000 | A buffer overflow vulnerability has been reported to affect Qsync Central. If a | |
| CVE-2025-30269 | 8.1 | 0.04% | 2 | 0 | 2026-02-11T21:10:50.490000 | A use of externally-controlled format string vulnerability has been reported to | |
| CVE-2026-21236 | 7.8 | 0.03% | 2 | 0 | 2026-02-11T21:07:23.287000 | Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allo | |
| CVE-2026-21238 | 7.8 | 0.03% | 2 | 0 | 2026-02-11T21:01:48.670000 | Improper access control in Windows Ancillary Function Driver for WinSock allows | |
| CVE-2026-21245 | 7.8 | 0.03% | 2 | 0 | 2026-02-11T20:44:29.940000 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to el | |
| CVE-2026-25084 | 9.8 | 0.07% | 1 | 0 | 2026-02-11T18:31:36 | Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs | |
| CVE-2026-24789 | 9.8 | 0.07% | 1 | 0 | 2026-02-11T18:31:36 | An unprotected API endpoint allows an attacker to remotely change the device pas | |
| CVE-2026-2361 | 8.1 | 0.04% | 1 | 0 | 2026-02-11T18:31:36 | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superu | |
| CVE-2025-64075 | 10.0 | 0.44% | 1 | 0 | 2026-02-11T18:06:04.010000 | A path traversal vulnerability in the check_token function of Shenzhen Zhibotong | |
| CVE-2026-20841 | 8.8 | 0.13% | 12 | 9 | 2026-02-11T15:31:25 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2025-12059 | 9.8 | 0.04% | 1 | 0 | 2026-02-11T15:30:36 | Insertion of Sensitive Information into Externally-Accessible File or Directory | |
| CVE-2025-48503 | 7.9 | 0.01% | 1 | 0 | 2026-02-11T15:30:35 | A DLL hijacking vulnerability in the AMD Software Installer could allow an attac | |
| CVE-2026-0910 | 8.8 | 0.07% | 2 | 0 | 2026-02-11T15:30:34 | The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in a | |
| CVE-2025-8668 | 9.4 | 0.04% | 2 | 0 | 2026-02-11T15:30:34 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site | |
| CVE-2026-1357 | 9.8 | 0.40% | 4 | 4 | 2026-02-11T15:27:26.370000 | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress | |
| CVE-2026-1560 | 8.8 | 0.24% | 2 | 1 | 2026-02-11T15:27:26.370000 | The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Rem | |
| CVE-2025-8025 | 9.8 | 0.05% | 2 | 0 | 2026-02-11T15:27:26.370000 | Missing Authentication for Critical Function, Improper Access Control vulnerabil | |
| CVE-2026-0958 | 7.5 | 0.03% | 2 | 0 | 2026-02-11T12:30:27 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 | |
| CVE-2025-8099 | 7.5 | 0.04% | 2 | 0 | 2026-02-11T12:30:27 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 | |
| CVE-2025-7659 | 8.0 | 0.01% | 2 | 0 | 2026-02-11T12:30:27 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 | |
| CVE-2025-15096 | 8.8 | 0.04% | 2 | 0 | 2026-02-11T12:30:26 | The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privileg | |
| CVE-2025-10174 | 8.3 | 0.01% | 2 | 0 | 2026-02-11T12:30:26 | Cleartext Transmission of Sensitive Information vulnerability in Pan Software & | |
| CVE-2025-10913 | 8.3 | 0.04% | 2 | 0 | 2026-02-11T09:30:24 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site | |
| CVE-2025-9986 | 8.2 | 0.03% | 2 | 0 | 2026-02-11T09:30:24 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulne | |
| CVE-2026-21228 | 8.1 | 0.04% | 2 | 0 | 2026-02-10T21:51:48.077000 | Improper certificate validation in Azure Local allows an unauthorized attacker t | |
| CVE-2026-21537 | 8.8 | 0.04% | 1 | 0 | 2026-02-10T18:30:54 | Improper control of generation of code ('code injection') in Microsoft Defender | |
| CVE-2026-21240 | 7.8 | 0.02% | 2 | 0 | 2026-02-10T18:30:51 | Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an | |
| CVE-2026-21243 | 7.5 | 0.06% | 2 | 0 | 2026-02-10T18:30:51 | Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol | |
| CVE-2026-1603 | 8.6 | 0.18% | 2 | 0 | 2026-02-10T18:30:49 | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allo | |
| CVE-2026-21229 | 8.0 | 0.07% | 2 | 0 | 2026-02-10T18:30:49 | Improper input validation in Power BI allows an authorized attacker to execute c | |
| CVE-2026-1602 | 6.5 | 0.05% | 2 | 0 | 2026-02-10T18:30:38 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote | |
| CVE-2026-24061 | 9.8 | 83.89% | 7 | 58 | template | 2026-02-10T18:30:34 | telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a " |
| CVE-2025-66630 | None | 0.01% | 2 | 0 | 2026-02-09T18:49:19 | Fiber v2 contains an internal vendored copy of `gofiber/utils`, and its function | |
| CVE-2026-1868 | 9.9 | 0.03% | 2 | 0 | 2026-02-09T16:08:35.290000 | GitLab has remediated a vulnerability in the Duo Workflow Service component of G | |
| CVE-2026-2084 | 7.2 | 0.25% | 1 | 9 | 2026-02-07T12:31:33 | A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknow | |
| CVE-2026-21643 | 9.8 | 0.17% | 3 | 0 | 2026-02-06T09:30:35 | An improper neutralization of special elements used in an sql command ('sql inje | |
| CVE-2025-64712 | 9.8 | 0.08% | 4 | 0 | 2026-02-04T19:53:06 | A Path Traversal vulnerability in the `partition_msg` function allows an attacke | |
| CVE-2026-20119 | 7.5 | 0.09% | 2 | 0 | 2026-02-04T18:30:51 | A vulnerability in the text rendering subsystem of Cisco TelePresence Collaborat | |
| CVE-2026-1281 | 9.8 | 54.26% | 2 | 1 | 2026-01-30T00:31:29 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2026-1340 | 9.8 | 40.23% | 2 | 1 | 2026-01-30T00:31:28 | A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve | |
| CVE-2025-14523 | 8.2 | 0.06% | 1 | 0 | 2026-01-29T16:16:07.627000 | A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a requ | |
| CVE-2026-23760 | 9.8 | 55.52% | 2 | 2 | template | 2026-01-27T18:33:14 | SmarterTools SmarterMail versions prior to build 9511 contain an authentication |
| CVE-2026-20045 | 8.2 | 1.10% | 2 | 1 | 2026-01-21T21:31:31 | A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unif | |
| CVE-2025-8088 | 8.8 | 3.90% | 2 | 29 | 2025-10-22T00:34:26 | A path traversal vulnerability affecting the Windows version of WinRAR allows th | |
| CVE-2025-20360 | 5.8 | 0.13% | 2 | 0 | 2025-10-15T18:31:58 | Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Deco | |
| CVE-2025-20359 | 6.5 | 0.29% | 2 | 0 | 2025-10-15T18:31:58 | Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Deco | |
| CVE-2024-6387 | 8.1 | 25.87% | 2 | 96 | 2025-04-24T21:32:54 | A signal handler race condition was found in OpenSSH's server (sshd), where a cl | |
| CVE-2016-0777 | 6.5 | 67.20% | 2 | 1 | 2025-04-12T10:46:40.837000 | The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, | |
| CVE-2024-53114 | 5.5 | 0.01% | 1 | 0 | 2024-12-11T21:31:57 | In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD | |
| CVE-2017-12542 | 10.0 | 94.25% | 2 | 3 | template | 2023-02-02T05:07:08 | A authentication bypass and execution of code vulnerability in HPE Integrated Li |
| CVE-2026-26268 | 0 | 0.00% | 4 | 0 | N/A | ||
| CVE-2026-25991 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-21878 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-26208 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-25227 | 0 | 0.03% | 7 | 0 | N/A | ||
| CVE-2026-25922 | 0 | 0.01% | 5 | 0 | N/A | ||
| CVE-2026-25748 | 0 | 0.03% | 5 | 0 | N/A | ||
| CVE-2026-26012 | 0 | 0.02% | 2 | 0 | N/A | ||
| CVE-2026-24044 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-26068 | 0 | 0.57% | 2 | 0 | N/A | ||
| CVE-2026-26011 | 0 | 0.06% | 2 | 0 | N/A | ||
| CVE-2026-26020 | 0 | 0.08% | 2 | 0 | N/A | ||
| CVE-2026-26069 | 0 | 0.04% | 2 | 0 | N/A | ||
| CVE-2026-26080 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-26081 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-26029 | 0 | 0.07% | 1 | 0 | N/A |
updated 2026-02-14T01:16:07.740000
14 posts
4 repos
https://github.com/bytehazard/CVE-2026-1731
https://github.com/win3zz/CVE-2026-1731
🚨 [CISA-2026:0213] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0213)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-1731 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1731)
- Name: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: BeyondTrust
- Product: Remote Support (RS) and Privileged Remote Access (PRA)
- Notes: Please adhere to the vendor's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible BeyondTrust products affected by this vulnerability. For more information please: see: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 ; https://nvd.nist.gov/vuln/detail/CVE-2026-1731
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260213 #cisa20260213 #cve_2026_1731 #cve20261731
##CVE ID: CVE-2026-1731
Vendor: BeyondTrust
Product: Remote Support (RS) and Privileged Remote Access (PRA)
Date Added: 2026-02-13
Notes: Please adhere to the vendor's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible BeyondTrust products affected by this vulnerability. For more information please: see: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 ; https://nvd.nist.gov/vuln/detail/CVE-2026-1731
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-1731
Exploitation attempts target CVE-2026-1731, a critical unauthenticated remote code execution flaw in BeyondTrust Remote Support. https://www.securityweek.com/beyondtrust-vulnerability-targeted-by-hackers-within-24-hours-of-poc-release/
##Here's a summary of the latest critical news in technology and cybersecurity:
State-backed hackers are reportedly leveraging Google's Gemini AI for reconnaissance and attack support. A critical BeyondTrust Remote Code Execution vulnerability (CVE-2026-1731) is being actively exploited in the wild. CISA has added four new exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog. In technology, Samsung commenced shipping of industry-first HBM4 memory for AI computing, and HKUST announced a major advance in calcium-ion battery technology.
##Hackers are breaking into BeyondTrust systems worldwide without even needing a password, and attacks started just hours after the flaw went public. Is your organization already compromised?
https://thedefendopsdiaries.com/how-attackers-are-exploiting-the-beyondtrust-rce-flaw-cve-2026-1731/
##New.
GreyNoise: Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731 @greynoise #infosec #vulnerability
##Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far
#CVE_2026_1731
https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731
🚨 [CISA-2026:0213] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0213)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-1731 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1731)
- Name: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: BeyondTrust
- Product: Remote Support (RS) and Privileged Remote Access (PRA)
- Notes: Please adhere to the vendor's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible BeyondTrust products affected by this vulnerability. For more information please: see: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 ; https://nvd.nist.gov/vuln/detail/CVE-2026-1731
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260213 #cisa20260213 #cve_2026_1731 #cve20261731
##CVE ID: CVE-2026-1731
Vendor: BeyondTrust
Product: Remote Support (RS) and Privileged Remote Access (PRA)
Date Added: 2026-02-13
Notes: Please adhere to the vendor's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible BeyondTrust products affected by this vulnerability. For more information please: see: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 ; https://nvd.nist.gov/vuln/detail/CVE-2026-1731
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-1731
Exploitation attempts target CVE-2026-1731, a critical unauthenticated remote code execution flaw in BeyondTrust Remote Support. https://www.securityweek.com/beyondtrust-vulnerability-targeted-by-hackers-within-24-hours-of-poc-release/
##Here's a summary of the latest critical news in technology and cybersecurity:
State-backed hackers are reportedly leveraging Google's Gemini AI for reconnaissance and attack support. A critical BeyondTrust Remote Code Execution vulnerability (CVE-2026-1731) is being actively exploited in the wild. CISA has added four new exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog. In technology, Samsung commenced shipping of industry-first HBM4 memory for AI computing, and HKUST announced a major advance in calcium-ion battery technology.
##Hackers are breaking into BeyondTrust systems worldwide without even needing a password, and attacks started just hours after the flaw went public. Is your organization already compromised?
https://thedefendopsdiaries.com/how-attackers-are-exploiting-the-beyondtrust-rce-flaw-cve-2026-1731/
##New.
GreyNoise: Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731 @greynoise #infosec #vulnerability
##Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far
#CVE_2026_1731
https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731
updated 2026-02-13T23:16:11.800000
2 posts
🟠 CVE-2026-24853 - High (8.1)
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forw...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24853/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24853 - High (8.1)
Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forw...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24853/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T22:16:11.330000
4 posts
🔴 CRITICAL: CVE-2026-26273 in Known <1.6.3 leaks password reset tokens in HTML — full account takeover possible without email access. Upgrade to 1.6.3+ & audit reset flows. https://radar.offseq.com/threat/cve-2026-26273-cwe-200-exposure-of-sensitive-infor-d59f1dbb #OffSeq #CVE202626273 #Vuln #Security
##🔴 CVE-2026-26273 - Critical (9.8)
Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. Th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26273/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CRITICAL: CVE-2026-26273 in Known <1.6.3 leaks password reset tokens in HTML — full account takeover possible without email access. Upgrade to 1.6.3+ & audit reset flows. https://radar.offseq.com/threat/cve-2026-26273-cwe-200-exposure-of-sensitive-infor-d59f1dbb #OffSeq #CVE202626273 #Vuln #Security
##🔴 CVE-2026-26273 - Critical (9.8)
Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. Th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26273/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T22:16:11.220000
2 posts
🔐 CVE-2026-26269
📊 CVSS: 5.4 · Medium
📅 02/13/2026, 08:17 PM
🛡️ CWE: CWE-121
📦 Affected: #vim vim (< 9.1.2148)
📚 https://github.com/vim/vim/security/advisories/GHSA-9w5c-hwr9-hc68 https://github.com/vim/vim/commit/c5f312aad8e4179e437f81ad39a860cd0ef11970
🔐 CVE-2026-26269
📊 CVSS: 5.4 · Medium
📅 02/13/2026, 08:17 PM
🛡️ CWE: CWE-121
📦 Affected: #vim vim (< 9.1.2148)
📚 https://github.com/vim/vim/security/advisories/GHSA-9w5c-hwr9-hc68 https://github.com/vim/vim/commit/c5f312aad8e4179e437f81ad39a860cd0ef11970
updated 2026-02-13T22:16:08.427000
4 posts
🟠 CVE-2025-15157 - High (8.8)
The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srm_restore_options_defaults' function...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15157/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-15157 - High (8.8)
The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srm_restore_options_defaults' function...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15157/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-15157 - High (8.8)
The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srm_restore_options_defaults' function...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15157/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-15157 - High (8.8)
The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srm_restore_options_defaults' function...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15157/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T22:11:50
2 posts
🟠 CVE-2026-26187 - High (8.1)
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter (pkg/block/local/adapter.go) allows authenticated users to read and write files outside their designated storage bo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26187/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26187 - High (8.1)
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter (pkg/block/local/adapter.go) allows authenticated users to read and write files outside their designated storage bo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26187/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:43:42.930000
2 posts
🟠 CVE-2026-20615 - High (7.8)
A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to gain root privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20615/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20615 - High (7.8)
A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to gain root privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20615/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:43:11.137000
2 posts
CVE-2026-26335 (CRITICAL, CVSS 9.3): Calero VeraSMART <2022 R1 uses hard-coded crypto keys, enabling unauth RCE via crafted ViewState in ASP.NET. No exploits yet, but immediate upgrade or key rotation essential! https://radar.offseq.com/threat/cve-2026-26335-cwe-321-use-of-hard-coded-cryptogra-07023d75 #OffSeq #Vulnerability #Calero #RCE
##CVE-2026-26335 (CRITICAL, CVSS 9.3): Calero VeraSMART <2022 R1 uses hard-coded crypto keys, enabling unauth RCE via crafted ViewState in ASP.NET. No exploits yet, but immediate upgrade or key rotation essential! https://radar.offseq.com/threat/cve-2026-26335-cwe-321-use-of-hard-coded-cryptogra-07023d75 #OffSeq #Vulnerability #Calero #RCE
##updated 2026-02-13T21:43:11.137000
2 posts
🚨 CRITICAL: CVE-2026-26333 in Calero VeraSMART (pre-2022 R1) allows unauth RCE via exposed .NET Remoting on port 8001. Attackers can read configs, steal machineKeys, and capture NTLMv2 hashes. Restrict access & patch! https://radar.offseq.com/threat/cve-2026-26333-cwe-306-missing-authentication-for--bbf1e7d2 #OffSeq #CVE202626333 #BlueTeam
##🚨 CRITICAL: CVE-2026-26333 in Calero VeraSMART (pre-2022 R1) allows unauth RCE via exposed .NET Remoting on port 8001. Attackers can read configs, steal machineKeys, and capture NTLMv2 hashes. Restrict access & patch! https://radar.offseq.com/threat/cve-2026-26333-cwe-306-missing-authentication-for--bbf1e7d2 #OffSeq #CVE202626333 #BlueTeam
##updated 2026-02-13T21:43:11.137000
6 posts
🟠 CVE-2025-70123 - High (7.5)
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This place...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70123 - High (7.5)
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This place...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70123 - High (7.5)
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This place...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70123 - High (7.5)
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This place...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70123 - High (7.5)
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This place...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70123 - High (7.5)
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This place...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:43:11.137000
2 posts
🔴 CVE-2025-69770 - Critical (10)
A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69770/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-69770 - Critical (10)
A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69770/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:31:40
8 posts
This build has a fix for CVE-2026-2441 (Use after free in CSS), which has a known exploit in the wild.
##@secbox @vivaldiversiontracker
It might seem strange but this build has a fix for CVE-2026-2441 (Use after free in CSS), which has a known exploit in the wild. 🤷
##This build has a fix for CVE-2026-2441 (Use after free in CSS), which has a known exploit in the wild.
Note: Vivaldi 7.8.3925.66 also has that fix.
##🟠 CVE-2026-2441 - High (8.8)
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2441/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##This build has a fix for CVE-2026-2441 (Use after free in CSS), which has a known exploit in the wild.
##@secbox @vivaldiversiontracker
It might seem strange but this build has a fix for CVE-2026-2441 (Use after free in CSS), which has a known exploit in the wild. 🤷
##This build has a fix for CVE-2026-2441 (Use after free in CSS), which has a known exploit in the wild.
Note: Vivaldi 7.8.3925.66 also has that fix.
##🟠 CVE-2026-2441 - High (8.8)
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2441/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:31:36
2 posts
🟠 CVE-2025-70121 - High (7.5)
An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70121 - High (7.5)
An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:31:36
2 posts
🟠 CVE-2025-70122 - High (7.5)
A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in the SDFFilterFields.UnmarshalBinary function (sdf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70122/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70122 - High (7.5)
A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in the SDFFilterFields.UnmarshalBinary function (sdf...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70122/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:31:36
2 posts
🟠 CVE-2026-20667 - High (8.8)
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20667/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20667 - High (8.8)
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3. An app may be able to break out of its sandbox.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20667/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:31:35
2 posts
🚨 CVE-2026-20617 (CRITICAL): Race condition lets malicious apps escalate to root on macOS & Apple OS. No exploits in the wild yet — patch to Sonoma 14.8.4, Tahoe 26.3 ASAP! https://radar.offseq.com/threat/cve-2026-20617-an-app-may-be-able-to-gain-root-pri-42394d40 #OffSeq #macOS #Apple #Infosec #CVE202620617
##🚨 CVE-2026-20617 (CRITICAL): Race condition lets malicious apps escalate to root on macOS & Apple OS. No exploits in the wild yet — patch to Sonoma 14.8.4, Tahoe 26.3 ASAP! https://radar.offseq.com/threat/cve-2026-20617-an-app-may-be-able-to-gain-root-pri-42394d40 #OffSeq #macOS #Apple #Infosec #CVE202620617
##updated 2026-02-13T21:30:01.447000
1 posts
1 repos
🟠 CVE-2026-25924 - High (8.4)
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution (RCE). Although the application...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25924/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T21:16:30.177000
2 posts
🟠 CVE-2026-20620 - High (7.7)
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An attacker may be able to cause unexpected system termination or read kernel memory.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20620/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20620 - High (7.7)
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An attacker may be able to cause unexpected system termination or read kernel memory.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20620/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T20:22:46.497000
2 posts
🚨 CVE-2026-20614 (CRITICAL): Privilege escalation in macOS lets apps gain root with no user interaction. Fixes: Sequoia 15.7.4, Tahoe 26.3, Sonoma 14.8.4. Patch now to block full compromise — esp. in EU orgs! https://radar.offseq.com/threat/cve-2026-20614-an-app-may-be-able-to-gain-root-pri-30d49a81 #OffSeq #macOS #Vuln #Patch
##🚨 CVE-2026-20614 (CRITICAL): Privilege escalation in macOS lets apps gain root with no user interaction. Fixes: Sequoia 15.7.4, Tahoe 26.3, Sonoma 14.8.4. Patch now to block full compromise — esp. in EU orgs! https://radar.offseq.com/threat/cve-2026-20614-an-app-may-be-able-to-gain-root-pri-30d49a81 #OffSeq #macOS #Vuln #Patch
##updated 2026-02-13T18:31:24
1 posts
🟠 CVE-2026-2314 - High (8.8)
Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2314/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T18:16:19.127000
2 posts
🟠 CVE-2026-20660 - High (7.5)
A path handling issue was addressed with improved logic. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote user may be able to write arbitrary...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20660/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20660 - High (7.5)
A path handling issue was addressed with improved logic. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote user may be able to write arbitrary...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20660/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T18:16:18.967000
2 posts
🟠 CVE-2026-20649 - High (7.5)
A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.3, iOS 26.3 and iPadOS 26.3, tvOS 26.3, macOS Tahoe 26.3. A user may be able to view sensitive user information.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20649/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20649 - High (7.5)
A logging issue was addressed with improved data redaction. This issue is fixed in watchOS 26.3, iOS 26.3 and iPadOS 26.3, tvOS 26.3, macOS Tahoe 26.3. A user may be able to view sensitive user information.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20649/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T17:41:02.987000
1 posts
4 repos
https://github.com/ethiack/moltbot-1click-rce
https://github.com/al4n4n/CVE-2026-25253-research
📰 CVE-2026-25253: How Malicious Links Can Steal Authentication Tokens and Compromise OpenClaw AI Systems
This article examines the CVE-2026-25253 vulnerability in the OpenClaw AI assistant, highlighting how it enables attackers to capture authentication tokens through malicious web pages and compromised WebSocket connections
##updated 2026-02-13T17:29:10.443000
1 posts
🟠 CVE-2026-2319 - High (7.5)
Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium se...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T17:17:13
2 posts
🔴 CVE-2026-26190 - Critical (9.8)
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default au...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26190/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26190 - Critical (9.8)
Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default au...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26190/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T17:15:44
2 posts
🟠 CVE-2026-26056 - High (8.8)
Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller (ATC) component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26056/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26056 - High (8.8)
Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller (ATC) component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26056/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T17:15:38
2 posts
🟠 CVE-2026-26055 - High (7.5)
Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller (ATC) component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26055/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26055 - High (7.5)
Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller (ATC) component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26055/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T15:31:29
2 posts
Got my first Apple CVE!
CVE-2026-20654
At the age of 19, I have finally achieved my goal.
Weird thing is, the 2025 CVE isn't addressed yet haha
More exciting news coming soon!
Thank you everyone for the support 🥹🙏
##Got my first Apple CVE!
CVE-2026-20654
At the age of 19, I have finally achieved my goal.
Weird thing is, the 2025 CVE isn't addressed yet haha
More exciting news coming soon!
Thank you everyone for the support 🥹🙏
##updated 2026-02-13T15:30:33
2 posts
🟠 CVE-2025-14349 - High (8.8)
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects Fl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14349/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-14349 - High (8.8)
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects Fl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14349/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T15:30:27
2 posts
🟠 CVE-2026-1619 - High (8.3)
Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1619/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1619 - High (8.3)
Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1619/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T15:30:24
9 posts
2 repos
https://github.com/George0Papasotiriou/CVE-2025-15556-Notepad-WinGUp-Updater-RCE
CISA has added a critical code execution flaw in Notepad++ to its Known Exploited Vulnerabilities (KEV) catalog.
Notepad++ is a widely used open-source text editor popular among developers and IT teams.
The vulnerability (CVE-2025-15556) allows attackers to intercept or manipulate update traffic, tricking users into installing malicious payloads. The issue has been fixed in version 8.8.9 and all later releases.
##🚨 [CISA-2026:0212] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0212)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-43468 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-43468)
- Name: Microsoft Configuration Manager SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Configuration Manager
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
⚠️ CVE-2025-15556 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15556)
- Name: Notepad++ Download of Code Without Integrity Check Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Notepad++
- Product: Notepad++
- Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
⚠️ CVE-2025-40536 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-40536)
- Name: SolarWinds Web Help Desk Security Control Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536
⚠️ CVE-2026-20700 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20700)
- Name: Apple Multiple Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260212 #cisa20260212 #cve_2024_43468 #cve_2025_15556 #cve_2025_40536 #cve_2026_20700 #cve202443468 #cve202515556 #cve202540536 #cve202620700
##CISA has updated the KEV catalogue. I see Notepad++ has made it to the list.
- CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-40536
- CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-15556
- CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-43468
- CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20700
There are also several industrial advisories here: https://www.cisa.gov/ #CISA #infosec #vulnerability #Apple #Microsoft #Notepad #SolarWinds
##CVE ID: CVE-2025-15556
Vendor: Notepad++
Product: Notepad++
Date Added: 2026-02-12
Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-15556
‼️ CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
##🚨 [CISA-2026:0212] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0212)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-43468 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-43468)
- Name: Microsoft Configuration Manager SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Configuration Manager
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
⚠️ CVE-2025-15556 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15556)
- Name: Notepad++ Download of Code Without Integrity Check Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Notepad++
- Product: Notepad++
- Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
⚠️ CVE-2025-40536 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-40536)
- Name: SolarWinds Web Help Desk Security Control Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536
⚠️ CVE-2026-20700 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20700)
- Name: Apple Multiple Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260212 #cisa20260212 #cve_2024_43468 #cve_2025_15556 #cve_2025_40536 #cve_2026_20700 #cve202443468 #cve202515556 #cve202540536 #cve202620700
##CISA has updated the KEV catalogue. I see Notepad++ has made it to the list.
- CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-40536
- CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-15556
- CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-43468
- CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20700
There are also several industrial advisories here: https://www.cisa.gov/ #CISA #infosec #vulnerability #Apple #Microsoft #Notepad #SolarWinds
##CVE ID: CVE-2025-15556
Vendor: Notepad++
Product: Notepad++
Date Added: 2026-02-12
Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-15556
‼️ CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
##updated 2026-02-13T14:46:52.993000
2 posts
🟠 CVE-2026-20650 - High (7.5)
A denial-of-service issue was addressed with improved validation. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to perform denial...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20650/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20650 - High (7.5)
A denial-of-service issue was addressed with improved validation. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileged network position may be able to perform denial...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20650/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:45:17.953000
2 posts
🟠 CVE-2026-20658 - High (7.8)
A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20658/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20658 - High (7.8)
A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20658/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
4 posts
🟠 CVE-2026-25108 - High (8.8)
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25108/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25108 - High (8.8)
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25108/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25108 - High (8.8)
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25108/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25108 - High (8.8)
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25108/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
2 posts
🟠 CVE-2026-1618 - High (8.8)
Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1618/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1618 - High (8.8)
Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1618/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
4 posts
🚨 CVE-2026-26219 (CRITICAL): newbee-mall 1.0.0 uses unsalted MD5 for password storage — enabling fast offline attacks if hashes leak. Upgrade to secure hashing (Argon2, bcrypt, PBKDF2) ASAP! https://radar.offseq.com/threat/cve-2026-26219-cwe-327-use-of-a-broken-or-risky-cr-46123275 #OffSeq #infosec #vuln #ecommerce
##🔴 CVE-2026-26219 - Critical (9.1)
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26219/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-26219 (CRITICAL): newbee-mall 1.0.0 uses unsalted MD5 for password storage — enabling fast offline attacks if hashes leak. Upgrade to secure hashing (Argon2, bcrypt, PBKDF2) ASAP! https://radar.offseq.com/threat/cve-2026-26219-cwe-327-use-of-a-broken-or-risky-cr-46123275 #OffSeq #infosec #vuln #ecommerce
##🔴 CVE-2026-26219 - Critical (9.1)
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26219/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
2 posts
1 repos
🟠 CVE-2025-70886 - High (7.5)
An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70886 - High (7.5)
An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70886/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
4 posts
🟠 CVE-2026-26217 - High (8.6)
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26217/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-26217 in Crawl4AI (<0.8.0) enables unauthenticated file read via Docker API endpoints. Attackers can access /etc/passwd, configs, and secrets. Upgrade to 0.8.0+! https://radar.offseq.com/threat/cve-2026-26217-cwe-22-improper-limitation-of-a-pat-0f89b04d #OffSeq #CVE202626217 #infosec
##🟠 CVE-2026-26217 - High (8.6)
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26217/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-26217 in Crawl4AI (<0.8.0) enables unauthenticated file read via Docker API endpoints. Attackers can access /etc/passwd, configs, and secrets. Upgrade to 0.8.0+! https://radar.offseq.com/threat/cve-2026-26217-cwe-22-improper-limitation-of-a-pat-0f89b04d #OffSeq #CVE202626217 #infosec
##updated 2026-02-13T14:23:48.007000
2 posts
🟠 CVE-2025-54756 - High (8.4)
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or
series 5 prior to v9.0.166 use a default password that is guessable with
knowledge of the device information. The latest release fixes this
issue for new installations; use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-54756/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-54756 - High (8.4)
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or
series 5 prior to v9.0.166 use a default password that is guessable with
knowledge of the device information. The latest release fixes this
issue for new installations; use...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-54756/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
2 posts
🔴 CVE-2025-70981 - Critical (9.8)
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70981/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70981 - Critical (9.8)
CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70981/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T14:23:48.007000
2 posts
🔴 CVE-2026-26218 - Critical (9.8)
newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26218/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-26218 - Critical (9.8)
newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26218/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-13T00:33:00
4 posts
🚨 CVE-2026-1358 (CRITICAL, CVSS 9.8): Airleader Master (≤6.381) allows unauthenticated file uploads, enabling remote code execution. ICS & building automation in Europe at risk — patch ASAP, restrict uploads, segment networks. https://radar.offseq.com/threat/cve-2026-1358-cwe-434-in-airleader-gmbh-airleader--2b35e562 #OffSeq #CVE20261358 #ICS #InfoSec
##🔴 CVE-2026-1358 - Critical (9.8)
Airleader Master versions 6.381 and prior allow for file uploads without
restriction to multiple webpages running maximum privileges. This could
allow an unauthenticated user to potentially obtain remote code
execution on the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-1358 (CRITICAL, CVSS 9.8): Airleader Master (≤6.381) allows unauthenticated file uploads, enabling remote code execution. ICS & building automation in Europe at risk — patch ASAP, restrict uploads, segment networks. https://radar.offseq.com/threat/cve-2026-1358-cwe-434-in-airleader-gmbh-airleader--2b35e562 #OffSeq #CVE20261358 #ICS #InfoSec
##🔴 CVE-2026-1358 - Critical (9.8)
Airleader Master versions 6.381 and prior allow for file uploads without
restriction to multiple webpages running maximum privileges. This could
allow an unauthenticated user to potentially obtain remote code
execution on the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1358/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T22:08:03
2 posts
🟠 CVE-2026-25949 - High (7.5)
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25949/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25949 - High (7.5)
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25949/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T21:32:31
2 posts
🟠 CVE-2025-61880 - High (8.8)
In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61880/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-61880 - High (8.8)
In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61880/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T21:32:31
2 posts
🟠 CVE-2025-69807 - High (7.5)
p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of service via a packet sent to the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69807/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-69807 - High (7.5)
p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of service via a packet sent to the server.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69807/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T21:32:30
2 posts
🟠 CVE-2026-20652 - High (7.5)
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote attacker may be able to cause a denial-of-service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20652/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20652 - High (7.5)
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote attacker may be able to cause a denial-of-service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20652/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T21:32:30
2 posts
🔴 CVE-2026-20677 - Critical (9)
A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. A shortcut may be able to bypass sandbox ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20677/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-20677 - Critical (9)
A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. A shortcut may be able to bypass sandbox ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20677/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T21:32:30
2 posts
🟠 CVE-2025-61879 - High (7.7)
In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61879/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-61879 - High (7.7)
In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61879/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T21:32:30
2 posts
🟠 CVE-2025-63421 - High (7.8)
An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-63421/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-63421 - High (7.8)
An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-63421/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T21:32:29
8 posts
🚨 [CISA-2026:0212] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0212)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-43468 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-43468)
- Name: Microsoft Configuration Manager SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Configuration Manager
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
⚠️ CVE-2025-15556 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15556)
- Name: Notepad++ Download of Code Without Integrity Check Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Notepad++
- Product: Notepad++
- Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
⚠️ CVE-2025-40536 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-40536)
- Name: SolarWinds Web Help Desk Security Control Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536
⚠️ CVE-2026-20700 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20700)
- Name: Apple Multiple Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260212 #cisa20260212 #cve_2024_43468 #cve_2025_15556 #cve_2025_40536 #cve_2026_20700 #cve202443468 #cve202515556 #cve202540536 #cve202620700
##CISA has updated the KEV catalogue. I see Notepad++ has made it to the list.
- CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-40536
- CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-15556
- CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-43468
- CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20700
There are also several industrial advisories here: https://www.cisa.gov/ #CISA #infosec #vulnerability #Apple #Microsoft #Notepad #SolarWinds
##CVE ID: CVE-2025-40536
Vendor: SolarWinds
Product: Web Help Desk
Date Added: 2026-02-12
Notes: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-40536
‼️ CISA added one more vulnerability to the KEV Catalog today...
CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability: SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.
##🚨 [CISA-2026:0212] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0212)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-43468 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-43468)
- Name: Microsoft Configuration Manager SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Configuration Manager
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
⚠️ CVE-2025-15556 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15556)
- Name: Notepad++ Download of Code Without Integrity Check Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Notepad++
- Product: Notepad++
- Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
⚠️ CVE-2025-40536 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-40536)
- Name: SolarWinds Web Help Desk Security Control Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536
⚠️ CVE-2026-20700 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20700)
- Name: Apple Multiple Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260212 #cisa20260212 #cve_2024_43468 #cve_2025_15556 #cve_2025_40536 #cve_2026_20700 #cve202443468 #cve202515556 #cve202540536 #cve202620700
##CISA has updated the KEV catalogue. I see Notepad++ has made it to the list.
- CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-40536
- CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-15556
- CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-43468
- CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20700
There are also several industrial advisories here: https://www.cisa.gov/ #CISA #infosec #vulnerability #Apple #Microsoft #Notepad #SolarWinds
##CVE ID: CVE-2025-40536
Vendor: SolarWinds
Product: Web Help Desk
Date Added: 2026-02-12
Notes: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-40536
‼️ CISA added one more vulnerability to the KEV Catalog today...
CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability: SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality.
##updated 2026-02-12T21:31:34
2 posts
🟠 CVE-2025-67432 - High (7.5)
A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67432/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-67432 - High (7.5)
A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67432/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T21:31:34
2 posts
🔴 CVE-2025-70314 - Critical (9.8)
webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70314/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70314 - Critical (9.8)
webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. This is due to the filename variable
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70314/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T21:31:27
30 posts
Global cybersecurity remains critical: Threat actors are actively exploiting Google's Gemini AI for varied attack stages, from reconnaissance to phishing. Apple has patched a critical zero-day vulnerability (CVE-2026-20700) exploited in sophisticated attacks. CISA updated its KEV Catalog with four new vulnerabilities, urging immediate remediation. Furthermore, the EU launched a new ICT Supply Chain Security Toolbox to enhance risk mitigation. (Feb 12-13, 2026)
##Apple Patches Actively Exploited Flaw, Over 90 Vulnerabilities in macOS, iOS, and iPadOS in February 2026 Security Updates
Apple released security updates on February 11, 2026, patching over 90 vulnerabilities across macOS, iOS, and iPadOS, including an actively exploited zero-day (CVE-2026-20700) — a memory corruption flaw in dyld enabling arbitrary code execution, likely used by nation-state actors or commercial spyware vendors against targeted individuals.
**Time to update your Apple devices. Prioritize iOS 26 devices, especially if you are a journalist or active in economy and policy - those are the first ones targeted by state actors to take control of mobile phones. Then all the rest of devices. Even if you are not a high profile target, update because hackers will learn to exploit the same flaws, so it will be open season on every vulnerable device.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apple-patches-actively-exploited-flaw-over-90-vulnerabilities-in-macos-ios-and-ipados-in-february-2026-security-updates-j-a-7-e-o/gD2P6Ple2L
CVE-2026-20700 – Apple corrige sa première faille zero-day de 2026 : patchez ! https://www.it-connect.fr/cve-2026-20700-apple-corrige-sa-premiere-faille-zero-day-de-2026-patchez/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Apple
##Here's a summary of recent global, technology, and cybersecurity news from the last 24 hours:
Globally, Canada mourned 10 lives lost in a mass shooting in British Columbia (February 12).
In technology, Samsung began mass production of HBM4 with ultimate performance for AI computing (February 12). Waymo also launched fully autonomous operations with its 6th-generation Driver (February 12).
For cybersecurity, Google reported state-backed hackers are using Gemini AI for reconnaissance and attack support (February 12). Apple patched an actively exploited zero-day vulnerability (CVE-2026-20700) affecting iOS, macOS, and other devices (February 12). Additionally, Palo Alto Networks reportedly chose not to publicly link a global cyberespionage campaign to China over fears of retaliation (February 13).
##🟠 CVE-2026-20700 - High (7.8)
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20700/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 [CISA-2026:0212] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0212)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-43468 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-43468)
- Name: Microsoft Configuration Manager SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Configuration Manager
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
⚠️ CVE-2025-15556 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15556)
- Name: Notepad++ Download of Code Without Integrity Check Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Notepad++
- Product: Notepad++
- Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
⚠️ CVE-2025-40536 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-40536)
- Name: SolarWinds Web Help Desk Security Control Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536
⚠️ CVE-2026-20700 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20700)
- Name: Apple Multiple Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260212 #cisa20260212 #cve_2024_43468 #cve_2025_15556 #cve_2025_40536 #cve_2026_20700 #cve202443468 #cve202515556 #cve202540536 #cve202620700
##CISA has updated the KEV catalogue. I see Notepad++ has made it to the list.
- CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-40536
- CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-15556
- CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-43468
- CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20700
There are also several industrial advisories here: https://www.cisa.gov/ #CISA #infosec #vulnerability #Apple #Microsoft #Notepad #SolarWinds
##CVE ID: CVE-2026-20700
Vendor: Apple
Product: Multiple Products
Date Added: 2026-02-12
Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20700
‼️ CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
##Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #technologyAtKukei https://masto.kukei.eu/browse/technology category:
- Eddy Merckx Bikes unveils Corsa Strasbourg Ti and Corsa Pévèle Ti titanium bikes, handmade in Italy.
- WordPress plugin with ~900k installs exposed to a critical RCE flaw.
- Apple iOS 26.3 update patches CVE-2026-20700.
- Palantir sues Republik Magazin (Swiss outlet) over a published article.
- Waymo launches World Model for autonomous driving [1/2]
iPhoneissa ja Maceissä vakava haavoittuvuus - päivitä heti
Applen koko tuoteperheestä on löytynyt vakava haavoittuvuus, johon isketään jo nyt rikollisten toimesta.
Kyseinen haavoittuvuus, CVE-2026-20700, koskee käytännössä kaikkia Applen tuotteita dawn.fi/uutiset/2026...
iPhoneissa ja Maceissä vakava ...
Update your iPhones to iOS 26.3, CVE-2026-20700 is pretty bad!
https://go.theregister.com/feed/www.theregister.com/2026/02/12/apple_ios_263/
##The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html
##Apple Releases Emergency Security Updates to Patch Actively Exploited Zero-Day CVE-2026-20700 Across iOS, macOS, and More + Video
A Critical Memory Corruption Flaw Forces Apple Into Rapid Defensive Action Apple has rolled out urgent security updates across its entire ecosystem, including iOS, iPadOS, macOS, watchOS, tvOS, and visionOS, to address an actively exploited zero-day vulnerability identified as CVE-2026-20700. The flaw, discovered by Google’s Threat Analysis…
##Apple aktualisiert alles 2026-02
Apples reguläre Updates im Februar flicken 71 Sicherheitslücken. Einige von denen stecken in mehreren von Apple Produkten. Bemerkenswert ist CVE-2026-20700, die bereits für Angriffe ausgenutzt wird (Zero-Day). Weitere drei neue Sicherheitslücken betreffen die Spracherkennung (Siri), ermöglichen sie doch, auch einem gesperrten iPhone persönliche Daten zu entloc
https://www.pc-fluesterer.info/wordpress/taxopress_logs/apple-aktualisiert-alles-2026-02/
##Apple aktualisiert alles 2026-02
Apples reguläre Updates im Februar flicken 71 Sicherheitslücken. Einige von denen stecken in mehreren von Apple Produkten. Bemerkenswert ist CVE-2026-20700, die bereits für Angriffe ausgenutzt wird (Zero-Day). Weitere drei neue Sicherheit
https://www.pc-fluesterer.info/wordpress/2026/02/12/apple-aktualisiert-alles-2026-02/
#Allgemein #Empfehlung #Hintergrund #Mobilfunk #Warnung #0day #apple #cybercrime #ios #macos #sicherheit #UnplugTrump #vorbeugen
##A hidden flaw in Apple’s core system let hackers quietly bypass defenses and target high-profile users before anyone noticed. How did this zero-day slip through the cracks?
https://thedefendopsdiaries.com/inside-cve-2026-20700-how-a-zero-day-slipped-past-apples-defenses/
##🚨 CRITICAL: CVE-2026-20700 impacts Apple macOS, iOS, iPadOS & more before v26.3. Memory corruption enables arbitrary code execution — exploited in sophisticated, targeted attacks. Urgently update all devices! https://radar.offseq.com/threat/cve-2026-20700-an-attacker-with-memory-write-capab-30065920 #OffSeq #AppleSecurity #CVE202620700 #ThreatIntel
##Global cybersecurity remains critical: Threat actors are actively exploiting Google's Gemini AI for varied attack stages, from reconnaissance to phishing. Apple has patched a critical zero-day vulnerability (CVE-2026-20700) exploited in sophisticated attacks. CISA updated its KEV Catalog with four new vulnerabilities, urging immediate remediation. Furthermore, the EU launched a new ICT Supply Chain Security Toolbox to enhance risk mitigation. (Feb 12-13, 2026)
##Apple Patches Actively Exploited Flaw, Over 90 Vulnerabilities in macOS, iOS, and iPadOS in February 2026 Security Updates
Apple released security updates on February 11, 2026, patching over 90 vulnerabilities across macOS, iOS, and iPadOS, including an actively exploited zero-day (CVE-2026-20700) — a memory corruption flaw in dyld enabling arbitrary code execution, likely used by nation-state actors or commercial spyware vendors against targeted individuals.
**Time to update your Apple devices. Prioritize iOS 26 devices, especially if you are a journalist or active in economy and policy - those are the first ones targeted by state actors to take control of mobile phones. Then all the rest of devices. Even if you are not a high profile target, update because hackers will learn to exploit the same flaws, so it will be open season on every vulnerable device.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apple-patches-actively-exploited-flaw-over-90-vulnerabilities-in-macos-ios-and-ipados-in-february-2026-security-updates-j-a-7-e-o/gD2P6Ple2L
CVE-2026-20700 – Apple corrige sa première faille zero-day de 2026 : patchez ! https://www.it-connect.fr/cve-2026-20700-apple-corrige-sa-premiere-faille-zero-day-de-2026-patchez/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Apple
##Here's a summary of recent global, technology, and cybersecurity news from the last 24 hours:
Globally, Canada mourned 10 lives lost in a mass shooting in British Columbia (February 12).
In technology, Samsung began mass production of HBM4 with ultimate performance for AI computing (February 12). Waymo also launched fully autonomous operations with its 6th-generation Driver (February 12).
For cybersecurity, Google reported state-backed hackers are using Gemini AI for reconnaissance and attack support (February 12). Apple patched an actively exploited zero-day vulnerability (CVE-2026-20700) affecting iOS, macOS, and other devices (February 12). Additionally, Palo Alto Networks reportedly chose not to publicly link a global cyberespionage campaign to China over fears of retaliation (February 13).
##🟠 CVE-2026-20700 - High (7.8)
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20700/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 [CISA-2026:0212] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0212)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-43468 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-43468)
- Name: Microsoft Configuration Manager SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Configuration Manager
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
⚠️ CVE-2025-15556 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15556)
- Name: Notepad++ Download of Code Without Integrity Check Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Notepad++
- Product: Notepad++
- Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
⚠️ CVE-2025-40536 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-40536)
- Name: SolarWinds Web Help Desk Security Control Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536
⚠️ CVE-2026-20700 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20700)
- Name: Apple Multiple Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260212 #cisa20260212 #cve_2024_43468 #cve_2025_15556 #cve_2025_40536 #cve_2026_20700 #cve202443468 #cve202515556 #cve202540536 #cve202620700
##CISA has updated the KEV catalogue. I see Notepad++ has made it to the list.
- CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-40536
- CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-15556
- CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-43468
- CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20700
There are also several industrial advisories here: https://www.cisa.gov/ #CISA #infosec #vulnerability #Apple #Microsoft #Notepad #SolarWinds
##CVE ID: CVE-2026-20700
Vendor: Apple
Product: Multiple Products
Date Added: 2026-02-12
Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20700
‼️ CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
##The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html
##A hidden flaw in Apple’s core system let hackers quietly bypass defenses and target high-profile users before anyone noticed. How did this zero-day slip through the cracks?
https://thedefendopsdiaries.com/inside-cve-2026-20700-how-a-zero-day-slipped-past-apples-defenses/
##🚨 CRITICAL: CVE-2026-20700 impacts Apple macOS, iOS, iPadOS & more before v26.3. Memory corruption enables arbitrary code execution — exploited in sophisticated, targeted attacks. Urgently update all devices! https://radar.offseq.com/threat/cve-2026-20700-an-attacker-with-memory-write-capab-30065920 #OffSeq #AppleSecurity #CVE202620700 #ThreatIntel
##updated 2026-02-12T21:31:24
10 posts
3 repos
A Microsoft ConfigMgr flaw went from “too complex to worry about” to a full-blown crisis almost overnight after public exploit code dropped. How did this one slip through the cracks?
##🚨 [CISA-2026:0212] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0212)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-43468 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-43468)
- Name: Microsoft Configuration Manager SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Configuration Manager
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
⚠️ CVE-2025-15556 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15556)
- Name: Notepad++ Download of Code Without Integrity Check Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Notepad++
- Product: Notepad++
- Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
⚠️ CVE-2025-40536 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-40536)
- Name: SolarWinds Web Help Desk Security Control Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536
⚠️ CVE-2026-20700 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20700)
- Name: Apple Multiple Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260212 #cisa20260212 #cve_2024_43468 #cve_2025_15556 #cve_2025_40536 #cve_2026_20700 #cve202443468 #cve202515556 #cve202540536 #cve202620700
##CISA has updated the KEV catalogue. I see Notepad++ has made it to the list.
- CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-40536
- CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-15556
- CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-43468
- CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20700
There are also several industrial advisories here: https://www.cisa.gov/ #CISA #infosec #vulnerability #Apple #Microsoft #Notepad #SolarWinds
##CVE ID: CVE-2024-43468
Vendor: Microsoft
Product: Configuration Manager
Date Added: 2026-02-12
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-43468
‼️ CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
##A Microsoft ConfigMgr flaw went from “too complex to worry about” to a full-blown crisis almost overnight after public exploit code dropped. How did this one slip through the cracks?
##🚨 [CISA-2026:0212] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0212)
CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2024-43468 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-43468)
- Name: Microsoft Configuration Manager SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Configuration Manager
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
⚠️ CVE-2025-15556 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15556)
- Name: Notepad++ Download of Code Without Integrity Check Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Notepad++
- Product: Notepad++
- Notes: https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556
⚠️ CVE-2025-40536 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-40536)
- Name: SolarWinds Web Help Desk Security Control Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536
⚠️ CVE-2026-20700 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20700)
- Name: Apple Multiple Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260212 #cisa20260212 #cve_2024_43468 #cve_2025_15556 #cve_2025_40536 #cve_2026_20700 #cve202443468 #cve202515556 #cve202540536 #cve202620700
##CISA has updated the KEV catalogue. I see Notepad++ has made it to the list.
- CVE-2025-40536: SolarWinds Web Help Desk Security Control Bypass Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-40536
- CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-15556
- CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-43468
- CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20700
There are also several industrial advisories here: https://www.cisa.gov/ #CISA #infosec #vulnerability #Apple #Microsoft #Notepad #SolarWinds
##CVE ID: CVE-2024-43468
Vendor: Microsoft
Product: Configuration Manager
Date Added: 2026-02-12
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-43468
‼️ CISA has added 3 vulnerabilities to the KEV Catalog
CVE-2025-15556: Notepad++ Download of Code Without Integrity Check Vulnerability: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user.
CVE-2026-20700: Apple Multiple Buffer Overflow Vulnerability: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
CVE-2024-43468: Microsoft Configuration Manager SQL Injection Vulnerability: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
##updated 2026-02-12T20:09:30
4 posts
🔴 CVE-2026-26216 - Critical (10)
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The __import__ builtin was included in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26216/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL RCE (CVE-2026-26216) in Crawl4AI <0.8.0: /crawl endpoint allows unauthenticated Python code injection via exec(), enabling server takeover & lateral movement. Restrict access, monitor activity, upgrade ASAP. https://radar.offseq.com/threat/cve-2026-26216-cwe-94-improper-control-of-generati-09f71e54 #OffSeq #CVE202626216 #infosec #RCE
##🔴 CVE-2026-26216 - Critical (10)
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The __import__ builtin was included in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26216/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL RCE (CVE-2026-26216) in Crawl4AI <0.8.0: /crawl endpoint allows unauthenticated Python code injection via exec(), enabling server takeover & lateral movement. Restrict access, monitor activity, upgrade ASAP. https://radar.offseq.com/threat/cve-2026-26216-cwe-94-improper-control-of-generati-09f71e54 #OffSeq #CVE202626216 #infosec #RCE
##updated 2026-02-12T20:08:45
2 posts
🔴 CVE-2025-69872 - Critical (9.8)
DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69872/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-69872 - Critical (9.8)
DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69872/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T18:31:25
2 posts
🔴 CVE-2025-70085 - Critical (9.8)
An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_FileStateStr) into this buffer without any length...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70085/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-70085 - Critical (9.8)
An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_FileStateStr) into this buffer without any length...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70085/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T18:31:25
2 posts
🟠 CVE-2026-20626 - High (7.8)
This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20626/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20626 - High (7.8)
This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20626/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T18:31:24
2 posts
🟠 CVE-2025-69871 - High (8.1)
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69871/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-69871 - High (8.1)
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69871/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T18:31:24
2 posts
🟠 CVE-2025-46290 - High (7.5)
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. A remote attacker may be able to cause a denial-of-service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-46290/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-46290 - High (7.5)
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. A remote attacker may be able to cause a denial-of-service.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-46290/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T18:31:24
1 posts
1 repos
🔴 CVE-2026-2249 - Critical (9.8)
METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2249/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T18:31:24
1 posts
🔴 CVE-2026-2248 - Critical (9.8)
METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with root...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2248/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T18:30:23
2 posts
🔴 CVE-2025-69634 - Critical (9)
Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69634/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-69634 - Critical (9)
Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69634/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T16:16:18.783000
1 posts
🟠 CVE-2026-2250 - High (7.5)
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2250/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T16:16:17.917000
4 posts
1 repos
https://github.com/mbanyamer/CVE-2026-26235-JUNG-Smart-Visu-Server-Unauthenticated-Reboot-Shutdown
🟠 CVE-2026-26235 - High (7.5)
JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26235/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-26235 (HIGH): JUNG Smart Visu Server 1.1.1050 lets unauthenticated users remotely shut down or reboot the server via POST request. Restrict network access, monitor logs, and await vendor patch. Details: https://radar.offseq.com/threat/cve-2026-26235-missing-authentication-for-critical-64624540 #OffSeq #Vulnerability #OTSecurity
##🟠 CVE-2026-26235 - High (7.5)
JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26235/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-26235 (HIGH): JUNG Smart Visu Server 1.1.1050 lets unauthenticated users remotely shut down or reboot the server via POST request. Restrict network access, monitor logs, and await vendor patch. Details: https://radar.offseq.com/threat/cve-2026-26235-missing-authentication-for-critical-64624540 #OffSeq #Vulnerability #OTSecurity
##updated 2026-02-12T16:16:04.620000
2 posts
🔴 CVE-2025-67135 - Critical (9.8)
Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67135/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-67135 - Critical (9.8)
Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-67135/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:33:54
2 posts
🔴 CVE-2025-14892 - Critical (9.8)
The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14892/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-14892 - Critical (9.8)
The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14892/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:33:51
2 posts
🟠 CVE-2025-70083 - High (7.8)
An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70083/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70083 - High (7.8)
An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70083/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:32:55
6 posts
1 repos
Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- MinIO repository is no longer maintained.
- CVE-2026-2004: PostgreSQL intarray extension has missing input validation allowing OS code execution.
- JupyterLite officially joins Project Jupyter.
- TypeScript 6.0 Beta released.
- Interop 2026: WebKit features including container queries, anchor positioning, and related CSS/HTML innovations.
- [1/2]
🟠 CVE-2026-2004 - High (8.8)
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2004/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Blip blop, I'm a #mastobot.
Here is a summary (in beta) of the latest posts in #programmingAtKukei https://masto.kukei.eu/browse/programming category:
- AI agents coordinating on real work and autonomous coding (Claude Code, agent frameworks, Copilot-style testing)
- PostgreSQL CVE-2026-2004: missing input validation in intarray extension allows OS code execution
- Python ecosystem events: PyCon Namibia 2026 and PyCon Sweden 2025/2026 (speaker announcements and tracks)
- NixOS and Guix: full [1/2]
few new #postgresql vulns out there today
🔐 CVE-2026-2004
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database.
📊 CVSS Score: 8.8
⚠️ Severity: High
📅 Published: 02/12/2026, 02:16 PM
🏷️ Aliases: CVE-2026-2004
🛡️ CWE: CWE-1287
📚 References: https://www.postgresql.org/support/security/CVE-2026-2004/
🟠 CVE-2026-2004 - High (8.8)
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2004/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##few new #postgresql vulns out there today
🔐 CVE-2026-2004
CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database.
📊 CVSS Score: 8.8
⚠️ Severity: High
📅 Published: 02/12/2026, 02:16 PM
🏷️ Aliases: CVE-2026-2004
🛡️ CWE: CWE-1287
📚 References: https://www.postgresql.org/support/security/CVE-2026-2004/
updated 2026-02-12T15:32:54
2 posts
🔴 CVE-2025-10969 - Critical (9.8)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection.This issue affects E-Commerce Package: through 27112025.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-10969 - Critical (9.8)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection.This issue affects E-Commerce Package: through 27112025.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:32:54
2 posts
🟠 CVE-2026-2007 - High (8.2)
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks tha...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2007/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2007 - High (8.2)
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks tha...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2007/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:32:54
2 posts
🔴 CVE-2025-14014 - Critical (9.8)
Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel allows Accessing Functionality Not Properly Constrained by ACLs.This issue affe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14014/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-14014 - Critical (9.8)
Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel allows Accessing Functionality Not Properly Constrained by ACLs.This issue affe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14014/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:32:54
2 posts
🟠 CVE-2026-1104 - High (8.8)
The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This make...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1104/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1104 - High (8.8)
The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This make...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1104/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:32:53
2 posts
🟠 CVE-2025-13002 - High (8.2)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting (XSS).This issue affects E-Commerce Package: thro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13002/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-13002 - High (8.2)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting (XSS).This issue affects E-Commerce Package: thro...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13002/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:32:47
2 posts
🟠 CVE-2026-20610 - High (7.8)
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20610/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-20610 - High (7.8)
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20610/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:16:05.350000
2 posts
🟠 CVE-2025-70084 - High (7.5)
Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70084/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70084 - High (7.5)
Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70084/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:16:04.567000
2 posts
🟠 CVE-2025-70029 - High (7.5)
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70029/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-70029 - High (7.5)
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70029/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:16:03.043000
2 posts
🔴 CVE-2025-15573 - Critical (9.4)
The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitim...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15573/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-15573 - Critical (9.4)
The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). This allows attackers in a man-in-the-middle position to act as the legitim...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15573/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:11:02.290000
1 posts
🟠 CVE-2026-2360 - High (8)
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privil...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2360/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:10:37.307000
2 posts
🟠 CVE-2026-2006 - High (8.8)
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the datab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2006/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2006 - High (8.8)
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the datab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2006/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:10:37.307000
2 posts
🟠 CVE-2026-2005 - High (8.8)
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2005/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2005 - High (8.8)
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2005/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:10:37.307000
2 posts
⚠️ HIGH severity alert: CVE-2026-1320 impacts ays-pro Secure Copy Content Protection & Content Locking (all versions) — Stored XSS via 'X-Forwarded-For' lets unauth attackers inject scripts. Monitor and restrict input. More: https://radar.offseq.com/threat/cve-2026-1320-cwe-79-improper-neutralization-of-in-70548f61 #OffSeq #WordPress #XSS
##⚠️ HIGH severity alert: CVE-2026-1320 impacts ays-pro Secure Copy Content Protection & Content Locking (all versions) — Stored XSS via 'X-Forwarded-For' lets unauth attackers inject scripts. Monitor and restrict input. More: https://radar.offseq.com/threat/cve-2026-1320-cwe-79-improper-neutralization-of-in-70548f61 #OffSeq #WordPress #XSS
##updated 2026-02-12T15:10:37.307000
4 posts
Dell Update Package Framework (23.12.00 – 24.12.00) hit by HIGH severity (CVSS 8.2) vuln: improper permission checks enable local privilege escalation. Restrict access & monitor for updates. CVE-2026-23857 🛡️ https://radar.offseq.com/threat/cve-2026-23857-cwe-280-improper-handling-of-insuff-a6a15377 #OffSeq #Dell #PrivilegeEscalation #Vuln
##🟠 CVE-2026-23857 - High (8.2)
Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23857/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Dell Update Package Framework (23.12.00 – 24.12.00) hit by HIGH severity (CVSS 8.2) vuln: improper permission checks enable local privilege escalation. Restrict access & monitor for updates. CVE-2026-23857 🛡️ https://radar.offseq.com/threat/cve-2026-23857-cwe-280-improper-handling-of-insuff-a6a15377 #OffSeq #Dell #PrivilegeEscalation #Vuln
##🟠 CVE-2026-23857 - High (8.2)
Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23857/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:10:37.307000
6 posts
1 repos
https://github.com/ninjazan420/CVE-2026-1729-PoC-AdForest-WordPress-Authentication-Bypass
🚨 CRITICAL: CVE-2026-1729 in AdForest (≤6.0.12) enables unauthenticated OTP login as any user — including admins. No patch yet. Block vulnerable OTP function, monitor logs, and deploy WAF rules ASAP. https://radar.offseq.com/threat/cve-2026-1729-cwe-306-missing-authentication-for-c-1533b53f #OffSeq #WordPress #Vulnerability
##🚨 CVE-2026-1729 (CRITICAL): AdForest WordPress theme authentication bypass lets attackers log in as any user — including admin! All versions affected, no patch yet. Disable OTP login & deploy WAF rules ASAP. More: https://radar.offseq.com/threat/cve-2026-1729-cwe-306-missing-authentication-for-c-1533b53f #OffSeq #WordPress #CVE20261729 #WebSecurity
##🔴 CVE-2026-1729 - Critical (9.8)
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1729/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-1729 in AdForest (≤6.0.12) enables unauthenticated OTP login as any user — including admins. No patch yet. Block vulnerable OTP function, monitor logs, and deploy WAF rules ASAP. https://radar.offseq.com/threat/cve-2026-1729-cwe-306-missing-authentication-for-c-1533b53f #OffSeq #WordPress #Vulnerability
##🚨 CVE-2026-1729 (CRITICAL): AdForest WordPress theme authentication bypass lets attackers log in as any user — including admin! All versions affected, no patch yet. Disable OTP login & deploy WAF rules ASAP. More: https://radar.offseq.com/threat/cve-2026-1729-cwe-306-missing-authentication-for-c-1533b53f #OffSeq #WordPress #CVE20261729 #WebSecurity
##🔴 CVE-2026-1729 - Critical (9.8)
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1729/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T15:10:37.307000
1 posts
🟠 CVE-2025-64487 - High (7.6)
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership mana...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64487/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T06:30:21
4 posts
1 repos
🟠 CVE-2026-25676 - High (7.8)
The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrator privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25676/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-25676: HIGH-severity DLL search path vuln in M-Audio M-Track Duo HD v1.0.0 installer. Local attackers can hijack DLLs to run code as admin. Restrict installer use, monitor for patches! https://radar.offseq.com/threat/cve-2026-25676-uncontrolled-search-path-element-in-108bd32e #OffSeq #Vulnerability #Infosec #CVE2026_25676
##🟠 CVE-2026-25676 - High (7.8)
The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrator privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25676/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CVE-2026-25676: HIGH-severity DLL search path vuln in M-Audio M-Track Duo HD v1.0.0 installer. Local attackers can hijack DLLs to run code as admin. Restrict installer use, monitor for patches! https://radar.offseq.com/threat/cve-2026-25676-uncontrolled-search-path-element-in-108bd32e #OffSeq #Vulnerability #Infosec #CVE2026_25676
##updated 2026-02-12T06:30:21
4 posts
🔎 CVE-2026-26234 (HIGH): JUNG Smart Visu Server (v1.0.830 – 1.1.1050) allows unauthenticated X-Forwarded-Host header injection — leads to cache poisoning, phishing, and redirects. Patch when available, restrict access, monitor logs. https://radar.offseq.com/threat/cve-2026-26234-improper-neutralization-of-http-hea-13dc0f5b #OffSeq #Vuln #IoT
##🟠 CVE-2026-26234 - High (8.8)
JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26234/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 CVE-2026-26234 (HIGH): JUNG Smart Visu Server (v1.0.830 – 1.1.1050) allows unauthenticated X-Forwarded-Host header injection — leads to cache poisoning, phishing, and redirects. Patch when available, restrict access, monitor logs. https://radar.offseq.com/threat/cve-2026-26234-improper-neutralization-of-http-hea-13dc0f5b #OffSeq #Vuln #IoT
##🟠 CVE-2026-26234 - High (8.8)
JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26234/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T03:31:06
2 posts
🟠 CVE-2026-23856 - High (7.8)
Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23856/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-23856 - High (7.8)
Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access could p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23856/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T03:31:01
4 posts
🟠 CVE-2026-0969 - High (8.8)
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0969 - High (8.8)
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0969 - High (8.8)
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0969 - High (8.8)
The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-12T00:31:12
2 posts
1 repos
https://github.com/mbanyamer/-CVE-2026-26215-manga-image-translator-RCE
CVE-2026-26215: CRITICAL RCE in zyddnys manga-image-translator (beta-0.3 & earlier). Unauthenticated attackers can exploit unsafe pickle.loads() in FastAPI endpoints to execute code. Disable endpoints & monitor for threats! https://radar.offseq.com/threat/cve-2026-26215-cwe-502-deserialization-of-untruste-e3572f04 #OffSeq #CVE202626215 #infosec
##CVE-2026-26215: CRITICAL RCE in zyddnys manga-image-translator (beta-0.3 & earlier). Unauthenticated attackers can exploit unsafe pickle.loads() in FastAPI endpoints to execute code. Disable endpoints & monitor for threats! https://radar.offseq.com/threat/cve-2026-26215-cwe-502-deserialization-of-untruste-e3572f04 #OffSeq #CVE202626215 #infosec
##updated 2026-02-11T23:14:54
1 posts
🟠 CVE-2026-26010 - High (7.6)
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to a high...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26010/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T23:14:17
1 posts
🟠 CVE-2026-25759 - High (8.7)
Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that execu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25759/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:48
2 posts
🟠 CVE-2025-69873 - High (7.5)
ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69873/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-69873 - High (7.5)
ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69873/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:48
1 posts
🟠 CVE-2026-2315 - High (8.8)
Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2315/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:48
1 posts
🟠 CVE-2026-2313 - High (8.8)
Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:40
2 posts
🟠 CVE-2025-52868 - High (8.1)
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the foll...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52868/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-52868 - High (8.1)
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the foll...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52868/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:39
2 posts
🟠 CVE-2025-48725 - High (8.1)
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48725/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48725 - High (8.1)
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48725/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:39
2 posts
🟠 CVE-2025-48724 - High (8.1)
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the foll...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48724/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48724 - High (8.1)
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the foll...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48724/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:39
2 posts
🟠 CVE-2025-30276 - High (8.8)
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory.
We have already fixed the vulnerability in the followi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30276/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-30276 - High (8.8)
An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory.
We have already fixed the vulnerability in the followi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30276/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:30:37
2 posts
🟠 CVE-2026-21239 - High (7.8)
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21239/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21239 - High (7.8)
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21239/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:18:06.230000
2 posts
🟠 CVE-2025-48723 - High (8.1)
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the foll...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48723/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-48723 - High (8.1)
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the foll...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48723/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:10:50.490000
2 posts
🟠 CVE-2025-30269 - High (8.1)
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30269/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-30269 - High (8.1)
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data or modify memory.
We have already fixed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-30269/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:07:23.287000
2 posts
🟠 CVE-2026-21236 - High (7.8)
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21236/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21236 - High (7.8)
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21236/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T21:01:48.670000
2 posts
🟠 CVE-2026-21238 - High (7.8)
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21238/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21238 - High (7.8)
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21238/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T20:44:29.940000
2 posts
🟠 CVE-2026-21245 - High (7.8)
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21245/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21245 - High (7.8)
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21245/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:31:36
1 posts
🔴 CVE-2026-25084 - Critical (9.8)
Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25084/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:31:36
1 posts
🔴 CVE-2026-24789 - Critical (9.8)
An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24789/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:31:36
1 posts
🟠 CVE-2026-2361 - High (8)
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2361/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T18:06:04.010000
1 posts
🔴 CVE-2025-64075 - Critical (10)
A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie value.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64075/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:31:25
12 posts
9 repos
https://github.com/tangent65536/CVE-2026-20841
https://github.com/uky007/CVE-2026-20841_notepad_analysis
https://github.com/BTtea/CVE-2026-20841-PoC
https://github.com/dogukankurnaz/CVE-2026-20841-PoC
https://github.com/atiilla/CVE-2026-20841
https://github.com/patchpoint/CVE-2026-20841
https://github.com/RajaUzairAbdullah/CVE-2026-20841
Windows Notepad RCE - CVE-2026-20841
A crafted Markdown link could trigger command execution via protocol handler abuse on Windows 11 Notepad.
##Microsoft's #Notepad Got Pawned. The #vulnerability exploit #PoC code is public. Fork it while it's hot: https://github.com/BTtea/CVE-2026-20841-PoC
##Windows Notepad App Remote Code Execution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-20841
##https://www.cve.org/CVERecord?id=CVE-2026-20841
AI enabled remote code execution in Windows Notepad if you open the wrong text file.
(CVE)
##revolt.
- AI governance: SpaceX merger prompts XAI leadership shake‑up; GLM‑5 discussed; EU digital sovereignty push.
- Windows security: Windows 11 Notepad remote code execution CVE-2026-20841 disclosed.
- Bochum urban space: Bochum city center has thousands of unused parking spots; space wasted, calls for transit/urban‑planning action. [2/2]
Microsoft's Notepad Got Pwned (CVE-2026-20841) https://foss-daily.org/posts/microsoft-notepad-2026/
##Social engineering using Notepad?
https://jacen.moe/blog/20260211-weaponizing-notepad-bypassing-microsofts-cve-2026-20841-fix/
#Cybersecurity #SocialEngineering #Infosec #Microsoft #Windows #Tech #Technology
##Windows Notepad RCE - CVE-2026-20841
A crafted Markdown link could trigger command execution via protocol handler abuse on Windows 11 Notepad.
##https://www.cve.org/CVERecord?id=CVE-2026-20841
AI enabled remote code execution in Windows Notepad if you open the wrong text file.
Microsoft's Notepad Got Pwned (CVE-2026-20841) https://foss-daily.org/posts/microsoft-notepad-2026/
##Social engineering using Notepad?
https://jacen.moe/blog/20260211-weaponizing-notepad-bypassing-microsofts-cve-2026-20841-fix/
#Cybersecurity #SocialEngineering #Infosec #Microsoft #Windows #Tech #Technology
##updated 2026-02-11T15:30:36
1 posts
🔴 CVE-2025-12059 - Critical (9.8)
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Logo ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-12059/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:30:35
1 posts
🟠 CVE-2025-48503 - High (7.8)
A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-48503/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:30:34
2 posts
🟠 CVE-2026-0910 - High (8.8)
The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function. This makes it possible for authenticated a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0910 - High (8.8)
The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function. This makes it possible for authenticated a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:30:34
2 posts
🔴 CVE-2025-8668 - Critical (9.4)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard allows Reflected XSS.This issue a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-8668 - Critical (9.4)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard allows Reflected XSS.This issue a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:27:26.370000
4 posts
4 repos
https://github.com/microcyberr/CVE-2026-1357
https://github.com/LucasM0ntes/POC-CVE-2026-1357
Critical RCE Vulnerability Reported in WPvivid Backup Plugin
WPvivid Backup & Migration plugin for WordPress patched a critical RCE vulnerability (CVE-2026-1357) that allows unauthenticated attackers to upload malicious PHP files via predictable cryptographic keys.
**If you are using WPvivid plugin, update to version 0.9.124 ASAP. If you cannot update right away, ensure the 'receive backup from another site' feature is disabled to close the primary attack vector.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-vulnerability-reported-in-wpvivid-backup-plugin-3-d-o-v-9/gD2P6Ple2L
🔴 CVE-2026-1357 - Critical (9.8)
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1357/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Critical RCE Vulnerability Reported in WPvivid Backup Plugin
WPvivid Backup & Migration plugin for WordPress patched a critical RCE vulnerability (CVE-2026-1357) that allows unauthenticated attackers to upload malicious PHP files via predictable cryptographic keys.
**If you are using WPvivid plugin, update to version 0.9.124 ASAP. If you cannot update right away, ensure the 'receive backup from another site' feature is disabled to close the primary attack vector.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-vulnerability-reported-in-wpvivid-backup-plugin-3-d-o-v-9/gD2P6Ple2L
🔴 CVE-2026-1357 - Critical (9.8)
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1357/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:27:26.370000
2 posts
1 repos
https://github.com/Z3YR0xX/CVE-2026-1560-Authenticated-Remote-Code-Execution-in-Lazy-Blocks-4.2.0
🟠 CVE-2026-1560 - High (8.8)
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class. This makes it possible for authenticated atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1560/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1560 - High (8.8)
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class. This makes it possible for authenticated atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1560/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T15:27:26.370000
2 posts
🔴 CVE-2025-8025 - Critical (9.8)
Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from < 3.0.1 throug...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-8025 - Critical (9.8)
Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from < 3.0.1 throug...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8025/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T12:30:27
2 posts
🟠 CVE-2026-0958 - High (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0958/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0958 - High (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0958/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T12:30:27
2 posts
🟠 CVE-2025-8099 - High (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by send...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8099/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-8099 - High (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by send...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-8099/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T12:30:27
2 posts
🟠 CVE-2025-7659 - High (8)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-7659/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-7659 - High (8)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-7659/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T12:30:26
2 posts
🟠 CVE-2025-15096 - High (8.8)
The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-15096 - High (8.8)
The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15096/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T12:30:26
2 posts
🟠 CVE-2025-10174 - High (8.3)
Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from < 3.3.2 through 23092025.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10174/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-10174 - High (8.3)
Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. PanCafe Pro allows Flooding.This issue affects PanCafe Pro: from < 3.3.2 through 23092025.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10174/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T09:30:24
2 posts
🟠 CVE-2025-10913 - High (8.3)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS).This issue affects TemizlikYolda: through 110...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10913/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-10913 - High (8.3)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS).This issue affects TemizlikYolda: through 110...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10913/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-11T09:30:24
2 posts
🟠 CVE-2025-9986 - High (8.2)
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-9986/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-9986 - High (8.2)
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-9986/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T21:51:48.077000
2 posts
🟠 CVE-2026-21228 - High (8.1)
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21228/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21228 - High (8.1)
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21228/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:54
1 posts
updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21240 - High (7.8)
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21240 - High (7.8)
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:51
2 posts
🟠 CVE-2026-21243 - High (7.5)
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21243/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21243 - High (7.5)
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21243/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:49
2 posts
Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager
Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.
**If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ivanti-patches-high-severity-authentication-bypass-in-endpoint-manager-d-7-x-9-j/gD2P6Ple2L
Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager
Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.
**If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ivanti-patches-high-severity-authentication-bypass-in-endpoint-manager-d-7-x-9-j/gD2P6Ple2L
updated 2026-02-10T18:30:49
2 posts
🟠 CVE-2026-21229 - High (8)
Improper input validation in Power BI allows an authorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21229/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21229 - High (8)
Improper input validation in Power BI allows an authorized attacker to execute code over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21229/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-10T18:30:38
2 posts
Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager
Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.
**If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ivanti-patches-high-severity-authentication-bypass-in-endpoint-manager-d-7-x-9-j/gD2P6Ple2L
Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager
Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.
**If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ivanti-patches-high-severity-authentication-bypass-in-endpoint-manager-d-7-x-9-j/gD2P6Ple2L
updated 2026-02-10T18:30:34
7 posts
58 repos
https://github.com/ibrahmsql/CVE-2026-24061-PoC
https://github.com/obrunolima1910/CVE-2026-24061
https://github.com/cumakurt/tscan
https://github.com/LucasPDiniz/CVE-2026-24061
https://github.com/madfxr/Twenty-Three-Scanner
https://github.com/duy-31/CVE-2026-24061---telnetd
https://github.com/SeptembersEND/CVE--2026-24061
https://github.com/ridpath/Terrminus-CVE-2026-2406
https://github.com/Lingzesec/CVE-2026-24061-GUI
https://github.com/X-croot/CVE-2026-24061_POC
https://github.com/novitahk/Exploit-CVE-2026-24061
https://github.com/yanxinwu946/CVE-2026-24061--telnetd
https://github.com/z3n70/CVE-2026-24061
https://github.com/hilwa24/CVE-2026-24061
https://github.com/buzz075/CVE-2026-24061
https://github.com/hackingyseguridad/root
https://github.com/TryA9ain/CVE-2026-24061
https://github.com/ms0x08-dev/CVE-2026-24061-POC
https://github.com/punitdarji/telnetd-cve-2026-24061
https://github.com/Chocapikk/CVE-2026-24061
https://github.com/typeconfused/CVE-2026-24061
https://github.com/nrnw/CVE-2026-24061-GNU-inetutils-Telnet-Detector
https://github.com/canpilayda/inetutils-telnetd-cve-2026-24061
https://github.com/FurkanKAYAPINAR/CVE-2026-24061-telnet2root
https://github.com/h3athen/CVE-2026-24061
https://github.com/Parad0x7e/CVE-2026-24061
https://github.com/SafeBreach-Labs/CVE-2026-24061
https://github.com/Mefhika120/Ashwesker-CVE-2026-24061
https://github.com/SystemVll/CVE-2026-24061
https://github.com/r00tuser111/CVE-2026-24061
https://github.com/Gabs-hub/CVE-2026-24061_Lab
https://github.com/androidteacher/CVE-2026-24061-PoC-Telnetd
https://github.com/leonjza/inetutils-telnetd-auth-bypass
https://github.com/killsystema/scan-cve-2026-24061
https://github.com/BrainBob/Telnet-TestVuln-CVE-2026-24061
https://github.com/MY0723/GNU-Inetutils-telnet-CVE-2026-24061-
https://github.com/scumfrog/cve-2026-24061
https://github.com/shivam-bathla/CVE-2026-24061-setup
https://github.com/infat0x/CVE-2026-24061
https://github.com/xuemian168/CVE-2026-24061
https://github.com/lavabyte/telnet-CVE-2026-24061
https://github.com/franckferman/CVE_2026_24061_PoC
https://github.com/cyberpoul/CVE-2026-24061-POC
https://github.com/midox008/CVE-2026-24061
https://github.com/XsanFlip/CVE-2026-24061-Scanner
https://github.com/JayGLXR/CVE-2026-24061-POC
https://github.com/BrainBob/CVE-2026-24061
https://github.com/Mr-Zapi/CVE-2026-24061
https://github.com/balgan/CVE-2026-24061
https://github.com/hyu164/Terrminus-CVE-2026-2406
https://github.com/Alter-N0X/CVE-2026-24061-POC
https://github.com/m3ngx1ng/cve_2026_24061_cli
https://github.com/monstertsl/CVE-2026-24061
https://github.com/Ali-brarou/telnest
https://github.com/0x7556/CVE-2026-24061
https://github.com/0xXyc/telnet-inetutils-auth-bypass-CVE-2026-24061
https://github.com/parameciumzhang/Tell-Me-Root
https://github.com/dotelpenguin/telnetd_CVE-2026-24061_tester
2026-01-14: The Day the telnet Died
"On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation."
Link: https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
#linkdump #blogpost #filtering #internet #iso #security #telnet
##USER='-f root' telnet -a ur.momma
root@ur.momma:~# got em!
https://www.cve.org/CVERecord?id=CVE-2026-24061
https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
##Fixed Issues
> Fixed a security vulnerability regarding telnetd (CVE-2026-24061).
Thanks Synology.
##2026-01-14: The Day the telnet Died
"On January 14, 2026, global telnet traffic observed by GreyNoise sensors fell off a cliff. A 59% sustained reduction, eighteen ASNs going completely silent, five countries vanishing from our data entirely. Six days later, CVE-2026-24061 dropped. Coincidence is one explanation."
Link: https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
#linkdump #blogpost #filtering #internet #iso #security #telnet
##USER='-f root' telnet -a ur.momma
root@ur.momma:~# got em!
https://www.cve.org/CVERecord?id=CVE-2026-24061
https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
##Fixed Issues
> Fixed a security vulnerability regarding telnetd (CVE-2026-24061).
Thanks Synology.
##I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. https://www.cve.org/CVERecord?id=CVE-2026-24061
##updated 2026-02-09T18:49:19
2 posts
Critical UUID Flaw in Fiber v2 Framework Enables Session Hijacking
Fiber v2 patched a critical vulnerability (CVE-2025-66630) that generates predictable all-zero UUIDs when secure randomness fails, enabling session hijacking and CSRF bypass.
**If you are running applications running Fiber v2, prioritize updating to version 2.52.11 and update environments to Go 1.24, This is a weird flaw that may not happen regularly and is hard to reproduce, but it will hit you if you leave the old version long enough. It's better to patch than to hope.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-uuid-flaw-in-fiber-v2-framework-enables-session-hijacking-s-n-a-1-9/gD2P6Ple2L
Critical UUID Flaw in Fiber v2 Framework Enables Session Hijacking
Fiber v2 patched a critical vulnerability (CVE-2025-66630) that generates predictable all-zero UUIDs when secure randomness fails, enabling session hijacking and CSRF bypass.
**If you are running applications running Fiber v2, prioritize updating to version 2.52.11 and update environments to Go 1.24, This is a weird flaw that may not happen regularly and is hard to reproduce, but it will hit you if you leave the old version long enough. It's better to patch than to hope.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-uuid-flaw-in-fiber-v2-framework-enables-session-hijacking-s-n-a-1-9/gD2P6Ple2L
updated 2026-02-09T16:08:35.290000
2 posts
🔐 CVE-2026-1868
📊 CVSS: 9.9 · Critical
📅 02/09/2026, 07:16 AM
🛡️ CWE: CWE-1336
📦 Affected: #GitLab GitLab AI Gateway (>= 18.1.6, < 18.6.2, >= 18.7.0, < 18.7.1, >= 18.8.0, < 18.8.1)
📚 References: https://about.gitlab.com/releases/2026/02/06/patch-release-gitlab-ai-gateway-18-8-1-released/
##🔐 CVE-2026-1868
📊 CVSS: 9.9 · Critical
📅 02/09/2026, 07:16 AM
🛡️ CWE: CWE-1336
📦 Affected: #GitLab GitLab AI Gateway (>= 18.1.6, < 18.6.2, >= 18.7.0, < 18.7.1, >= 18.8.0, < 18.8.1)
📚 References: https://about.gitlab.com/releases/2026/02/06/patch-release-gitlab-ai-gateway-18-8-1-released/
##updated 2026-02-07T12:31:33
1 posts
9 repos
https://github.com/tangent65536/CVE-2026-20841
https://github.com/uky007/CVE-2026-20841_notepad_analysis
https://github.com/BTtea/CVE-2026-20841-PoC
https://github.com/dogukankurnaz/CVE-2026-20841-PoC
https://github.com/atiilla/CVE-2026-20841
https://github.com/patchpoint/CVE-2026-20841
https://github.com/RajaUzairAbdullah/CVE-2026-20841
Microsoft's #Notepad Got Pawned. The #vulnerability exploit #PoC code is public. Fork it while it's hot: https://github.com/BTtea/CVE-2026-20841-PoC
##updated 2026-02-06T09:30:35
3 posts
📢 Fortinet corrige une SQLi critique dans FortiClientEMS (CVE-2026-21643)
📝 Selon un avis PSIRT de Fortinet publié le 6 février 2026, une vulnérabilité critique d’injection SQL affecte FortiClientEMS.
📖 cyberveille : https://cyberveille.ch/posts/2026-02-11-fortinet-corrige-une-sqli-critique-dans-forticlientems-cve-2026-21643/
🌐 source : https://www.fortiguard.com/psirt/FG-IR-25-1142
#CVE_2026_21643 #FortiClientEMS #Cyberveille
🔐 CVE-2026-21643
📊 CVSS: 9.1 · Critical
📅 02/06/2026, 08:24 AM
🛡️ CWE: CWE-89
📦 Affected: Fortinet FortiClientEMS (7.4.4)
📚 https://fortiguard.fortinet.com/psirt/FG-IR-25-1142
🔐 CVE-2026-21643
📊 CVSS: 9.1 · Critical
📅 02/06/2026, 08:24 AM
🛡️ CWE: CWE-89
📦 Affected: Fortinet FortiClientEMS (7.4.4)
📚 https://fortiguard.fortinet.com/psirt/FG-IR-25-1142
updated 2026-02-04T19:53:06
4 posts
DESTRUCTURED - Critical Vulnerability in Unstructured.io (CVE-2025–64712) https://www.cyera.com/research-labs/inside-destructured---critical-vulnerability-in-unstructured-io-cve-2025-64712
##Critical RCE Vulnerability in Unstructured.io (CVE-2025–64712) - CVSS 9.8 https://www.cyera.com/research-labs/inside-destructured---critical-vulnerability-in-unstructured-io-cve-2025-64712
##DESTRUCTURED - Critical Vulnerability in Unstructured.io (CVE-2025–64712) https://www.cyera.com/research-labs/inside-destructured---critical-vulnerability-in-unstructured-io-cve-2025-64712
##Critical RCE Vulnerability in Unstructured.io (CVE-2025–64712) - CVSS 9.8 https://www.cyera.com/research-labs/inside-destructured---critical-vulnerability-in-unstructured-io-cve-2025-64712
##updated 2026-02-04T18:30:51
2 posts
New advisory.
This updates a critical Cisco vulnerability first published in january.
CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
From yesterday:
CVE-2026-20119: Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
CVE-2025-20359 and CVE-2025-20360: Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-mime-vulns-tTL8PgVH @TalosSecurity #Cisco #infosec #vulnerability
##New advisory.
This updates a critical Cisco vulnerability first published in january.
CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
From yesterday:
CVE-2026-20119: Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
CVE-2025-20359 and CVE-2025-20360: Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-mime-vulns-tTL8PgVH @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-01-30T00:31:29
2 posts
1 repos
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
@wiert @christopherkunz https://www.hackernoob.tips/critical-ivanti-epmm-zero-day-vulnerabilities-cve-2026-1281-cve-2026-1340-demand-immediate-ciso-action/
##@wiert @christopherkunz https://www.hackernoob.tips/critical-ivanti-epmm-zero-day-vulnerabilities-cve-2026-1281-cve-2026-1340-demand-immediate-ciso-action/
##updated 2026-01-30T00:31:28
2 posts
1 repos
https://github.com/MehdiLeDeaut/CVE-2026-1281-Ivanti-EPMM-RCE
@wiert @christopherkunz https://www.hackernoob.tips/critical-ivanti-epmm-zero-day-vulnerabilities-cve-2026-1281-cve-2026-1340-demand-immediate-ciso-action/
##@wiert @christopherkunz https://www.hackernoob.tips/critical-ivanti-epmm-zero-day-vulnerabilities-cve-2026-1281-cve-2026-1340-demand-immediate-ciso-action/
##updated 2026-01-29T16:16:07.627000
1 posts
updated 2026-01-27T18:33:14
2 posts
2 repos
https://github.com/MaxMnMl/smartermail-CVE-2026-23760-poc
https://github.com/hilwa24/CVE-2026-23760_SmarterMail-Auth-Bypass-and-RCE
Storm-2603 Exploits CVE-2026-23760 to Stage Warlock Ransomware
#Storm_2603 #CVE_2026_23760 #WarlockRansomware
https://reliaquest.com/blog/threat-spotlight-storm-2603-exploits-CVE-2026-23760-to-stage-warlock-ransomware
Storm-2603 Exploits CVE-2026-23760 to Stage Warlock Ransomware
#Storm_2603 #CVE_2026_23760 #WarlockRansomware
https://reliaquest.com/blog/threat-spotlight-storm-2603-exploits-CVE-2026-23760-to-stage-warlock-ransomware
updated 2026-01-21T21:31:31
2 posts
1 repos
New advisory.
This updates a critical Cisco vulnerability first published in january.
CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
From yesterday:
CVE-2026-20119: Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
CVE-2025-20359 and CVE-2025-20360: Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-mime-vulns-tTL8PgVH @TalosSecurity #Cisco #infosec #vulnerability
##New advisory.
This updates a critical Cisco vulnerability first published in january.
CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
From yesterday:
CVE-2026-20119: Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
CVE-2025-20359 and CVE-2025-20360: Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-mime-vulns-tTL8PgVH @TalosSecurity #Cisco #infosec #vulnerability
##updated 2025-10-22T00:34:26
2 posts
29 repos
https://github.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC
https://github.com/ghostn4444/CVE-2025-8088
https://github.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal
https://github.com/techcorp/CVE-2025-8088-Exploit
https://github.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit-
https://github.com/pescada-dev/-CVE-2025-8088
https://github.com/onlytoxi/CVE-2025-8088-Winrar-Tool
https://github.com/Ismael-20223/CVE-2025-8088
https://github.com/nuky-alt/CVE-2025-8088
https://github.com/pentestfunctions/CVE-2025-8088-Multi-Document
https://github.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition
https://github.com/hexsecteam/CVE-2025-8088-Winrar-Tool
https://github.com/lucyna77/winrar-exploit
https://github.com/ilhamrzr/RAR-Anomaly-Inspector
https://github.com/Markusino488/cve-2025-8088
https://github.com/pentestfunctions/best-CVE-2025-8088
https://github.com/papcaii2004/CVE-2025-8088-WinRAR-builder
https://github.com/Shinkirou789/Cve-2025-8088-WinRar-vulnerability
https://github.com/jordan922/CVE-2025-8088
https://github.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui
https://github.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC
https://github.com/walidpyh/CVE-2025-8088
https://github.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR
https://github.com/nhattanhh/CVE-2025-8088
https://github.com/travisbgreen/cve-2025-8088
https://github.com/xi0onamdev/WinRAR-CVE-2025-8088-Exploitation-Toolkit
https://github.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC
Stairwell: "over 80% of monitored environments contain vulnerable versions of WinRAR affected by CVE-2025-8088"
🙃🙃🙃🙃🙃 :blobpeek:
##Stairwell: "over 80% of monitored environments contain vulnerable versions of WinRAR affected by CVE-2025-8088"
🙃🙃🙃🙃🙃 :blobpeek:
##updated 2025-10-15T18:31:58
2 posts
New advisory.
This updates a critical Cisco vulnerability first published in january.
CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
From yesterday:
CVE-2026-20119: Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
CVE-2025-20359 and CVE-2025-20360: Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-mime-vulns-tTL8PgVH @TalosSecurity #Cisco #infosec #vulnerability
##New advisory.
This updates a critical Cisco vulnerability first published in january.
CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
From yesterday:
CVE-2026-20119: Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
CVE-2025-20359 and CVE-2025-20360: Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-mime-vulns-tTL8PgVH @TalosSecurity #Cisco #infosec #vulnerability
##updated 2025-10-15T18:31:58
2 posts
New advisory.
This updates a critical Cisco vulnerability first published in january.
CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
From yesterday:
CVE-2026-20119: Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
CVE-2025-20359 and CVE-2025-20360: Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-mime-vulns-tTL8PgVH @TalosSecurity #Cisco #infosec #vulnerability
##New advisory.
This updates a critical Cisco vulnerability first published in january.
CVE-2026-20045: Cisco Unified Communications Products Remote Code Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
From yesterday:
CVE-2026-20119: Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q
CVE-2025-20359 and CVE-2025-20360: Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-mime-vulns-tTL8PgVH @TalosSecurity #Cisco #infosec #vulnerability
##updated 2025-04-24T21:32:54
2 posts
96 repos
https://github.com/l0n3m4n/CVE-2024-6387
https://github.com/identity-threat-labs/CVE-2024-6387-Vulnerability-Checker
https://github.com/bigb0x/CVE-2024-6387
https://github.com/password123456/cve-security-response-guidelines
https://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker
https://github.com/zenzue/CVE-2024-6387-Mitigation
https://github.com/thegenetic/CVE-2024-6387-exploit
https://github.com/xonoxitron/regreSSHion-checker
https://github.com/RickGeex/CVE-2024-6387-Checker
https://github.com/passwa11/cve-2024-6387-poc
https://github.com/grupooruss/CVE-2024-6387
https://github.com/getdrive/CVE-2024-6387-PoC
https://github.com/Karmakstylez/CVE-2024-6387
https://github.com/BrandonLynch2402/cve-2024-6387-nuclei-template
https://github.com/imv7/CVE-2024-6387
https://github.com/invaderslabs/regreSSHion-CVE-2024-6387-
https://github.com/hssmo/cve-2024-6387_AImade
https://github.com/identity-threat-labs/Article-RegreSSHion-CVE-2024-6387
https://github.com/FerasAlrimali/CVE-2024-6387-POC
https://github.com/shyrwall/cve-2024-6387-poc
https://github.com/vkaushik-chef/regreSSHion
https://github.com/Ngagne-Demba-Dia/CVE-2024-6387-corrigee
https://github.com/dgourillon/mitigate-CVE-2024-6387
https://github.com/xaitax/CVE-2024-6387_Check
https://github.com/sardine-web/CVE-2024-6387_Check
https://github.com/Symbolexe/CVE-2024-6387
https://github.com/prelearn-code/CVE-2024-6387
https://github.com/jack0we/CVE-2024-6387
https://github.com/edsonjt81/CVE-2024-6387_Check
https://github.com/JackSparrowhk/ssh-CVE-2024-6387-poc
https://github.com/daniel-odrinski/CVE-2024-6387-Mitigation-Ansible-Playbook
https://github.com/acrono/cve-2024-6387-poc
https://github.com/sardine-web/CVE-2024-6387-template
https://github.com/TAM-K592/CVE-2024-6387
https://github.com/YassDEV221608/CVE-2024-6387_PoC
https://github.com/kuffsit/check_cve_2024_6387
https://github.com/lflare/cve-2024-6387-poc
https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH
https://github.com/0x4D31/cve-2024-6387_hassh
https://github.com/redux-sibi-jose/mitigate_ssh
https://github.com/sxlmnwb/CVE-2024-6387
https://github.com/xonoxitron/regreSSHion
https://github.com/ahlfors/CVE-2024-6387
https://github.com/theaog/spirit
https://github.com/xristos8574/regreSSHion-nmap-scanner
https://github.com/DimaMend/cve-2024-6387-poc
https://github.com/no-one-sec/CVE-2024-6387
https://github.com/kinu404/CVE-2024-6387
https://github.com/alex14324/ssh_poc2024
https://github.com/awusan125/test_for6387
https://github.com/arielrbrdev/redteamlab1
https://github.com/CognisysGroup/CVE-2024-6387-Checker
https://github.com/Mufti22/CVE-2024-6387-checkher
https://github.com/ACHUX21/checker-CVE-2024-6387
https://github.com/moften/regreSSHion-CVE-2024-6387
https://github.com/mrmtwoj/CVE-2024-6387
https://github.com/xiw1ll/CVE-2024-6387_Checker
https://github.com/AiGptCode/ssh_exploiter_CVE-2024-6387
https://github.com/rumochnaya/openssh-cve-2024-6387.sh
https://github.com/P4x1s/CVE-2024-6387
https://github.com/jocker2410/CVE-2024-6387_poc
https://github.com/sms2056/CVE-2024-6387
https://github.com/MaulikxLakhani/SSHScout
https://github.com/muyuanlove/CVE-2024-6387fixshell
https://github.com/ThatNotEasy/CVE-2024-6387
https://github.com/harshinsecurity/sentinelssh
https://github.com/HadesNull123/CVE-2024-6387_Check
https://github.com/dawnl3ss/CVE-2024-6387
https://github.com/anhvutuan/CVE-2024-6387-poc-1
https://github.com/d0rb/CVE-2024-6387
https://github.com/dream434/CVE-2024-6387
https://github.com/turbobit/CVE-2024-6387-OpenSSH-Vulnerability-Checker
https://github.com/teamos-hub/regreSSHion
https://github.com/n1cks0n/Test_CVE-2024-6387
https://github.com/OhDamnn/Noregressh
https://github.com/R4Tw1z/CVE-2024-6387
https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix
https://github.com/YassDEV221608/CVE-2024-6387
https://github.com/l-urk/CVE-2024-6387
https://github.com/th3gokul/CVE-2024-6387
https://github.com/paradessia/CVE-2024-6387-nmap
https://github.com/betancour/OpenSSH-Vulnerability-test
https://github.com/lala-amber/CVE-2024-6387
https://github.com/CiderAndWhisky/regression-scanner
https://github.com/PrincipalAnthony/CVE-2024-6387-Updated-x64bit
https://github.com/MrR0b0t19/CVE-2024-6387-Exploit-POC
https://github.com/zgzhang/cve-2024-6387-poc
https://github.com/SkyGodling/CVE-2024-6387-POC
https://github.com/4lxprime/regreSSHive
https://github.com/shamo0/CVE-2024-6387_PoC
https://github.com/t3rry327/cve-2024-6387-poc
https://github.com/devarshishimpi/CVE-2024-6387-Check
https://github.com/wiggels/regresshion-check
https://github.com/X-Projetion/CVE-2023-4596-OpenSSH-Multi-Checker
https://github.com/kubota/CVE-2024-6387-Vulnerability-Checker
@r @ireneista it should be possible to package a secure messenger client in a stable linux distro like debian and have it still be usable 3+ years after release with only fixes for specific vulns backported.
and there should be a single digit number of these vulns, if any, if you designed your network and parsing architecture right.
Like, if you exclude DOSes and bugs in non-default features, CVE-2024-6387 is the last SSH vuln that I actually worry about. The last one of substance before that was the 2023 double-free that's not believed exploitable, then we get all the way back to CVE-2016-0777 and 0778 for another bad one.
Why can we not make a messenger with that kind of security record? One where running an early-2025 release today is perfectly safe?
##@r @ireneista it should be possible to package a secure messenger client in a stable linux distro like debian and have it still be usable 3+ years after release with only fixes for specific vulns backported.
and there should be a single digit number of these vulns, if any, if you designed your network and parsing architecture right.
Like, if you exclude DOSes and bugs in non-default features, CVE-2024-6387 is the last SSH vuln that I actually worry about. The last one of substance before that was the 2023 double-free that's not believed exploitable, then we get all the way back to CVE-2016-0777 and 0778 for another bad one.
Why can we not make a messenger with that kind of security record? One where running an early-2025 release today is perfectly safe?
##updated 2025-04-12T10:46:40.837000
2 posts
1 repos
https://github.com/Abdirisaq-ali-aynab/openssh-vulnerability-assessment
@r @ireneista it should be possible to package a secure messenger client in a stable linux distro like debian and have it still be usable 3+ years after release with only fixes for specific vulns backported.
and there should be a single digit number of these vulns, if any, if you designed your network and parsing architecture right.
Like, if you exclude DOSes and bugs in non-default features, CVE-2024-6387 is the last SSH vuln that I actually worry about. The last one of substance before that was the 2023 double-free that's not believed exploitable, then we get all the way back to CVE-2016-0777 and 0778 for another bad one.
Why can we not make a messenger with that kind of security record? One where running an early-2025 release today is perfectly safe?
##@r @ireneista it should be possible to package a secure messenger client in a stable linux distro like debian and have it still be usable 3+ years after release with only fixes for specific vulns backported.
and there should be a single digit number of these vulns, if any, if you designed your network and parsing architecture right.
Like, if you exclude DOSes and bugs in non-default features, CVE-2024-6387 is the last SSH vuln that I actually worry about. The last one of substance before that was the 2023 double-free that's not believed exploitable, then we get all the way back to CVE-2016-0777 and 0778 for another bad one.
Why can we not make a messenger with that kind of security record? One where running an early-2025 release today is perfectly safe?
##updated 2024-12-11T21:31:57
1 posts
updated 2023-02-02T05:07:08
2 posts
3 repos
https://github.com/sk1dish/ilo4-rce-vuln-scanner
🟠 CVE-2026-26268 - High (8)
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git ho...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26268/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26268 - High (8)
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git ho...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26268/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26268 - High (8)
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git ho...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26268/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26268 - High (8)
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git ho...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26268/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25991 - High (7.7)
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery (SSRF) vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The ap...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25991/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25991 - High (7.7)
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery (SSRF) vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The ap...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25991/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21878 - High (7.5)
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21878/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-21878 - High (7.5)
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21878/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26208 - High (7.8)
ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserialize the App.txt settings file using Newtonsoft.Js...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26208/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26208 - High (7.8)
ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserialize the App.txt settings file using Newtonsoft.Js...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26208/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##1.3/mbedTLS updates.
- JupyterLite officially joins Project Jupyter.
- Authentik CVEs: CVE-2026-25227, CVE-2026-25922, CVE-2026-25748; patched in 2025.10.4/2025.12.4. [2/2]
🔐 CVE-2026-25227
CVE-2026-25227
📊 CVSS Score: 9.1
⚠️ Severity: Critical
📅 Published: 02/12/2026, 08:16 PM
🏷️ Aliases: CVE-2026-25227
🛡️ CWE: CWE-94
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H (security-advisories@github.com)
📚 References: https://github.com/goauthentik/authentik/commit/c691afaef164cf73c10a26a944ef2f11dbb1ac80 https://github.com/goauthentik/authentik/releases/tag/version/2025.10.4
⚠️ CVE-2026-25227 (CRITICAL, CVSS 9.1): Code injection in goauthentik authentik via delegated permissions. Patch to 2025.8.6, 2025.10.4, or 2025.12.4 urgently. Audit permissions & monitor test endpoint usage. https://radar.offseq.com/threat/cve-2026-25227-cwe-94-improper-control-of-generati-cc39f642 #OffSeq #authentik #infosec #CVE
##🔴 CVE-2026-25227 - Critical (9.1)
authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view * Property Mapping or Can view Expression Policy is able to execut...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25227/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-25227
CVE-2026-25227
📊 CVSS Score: 9.1
⚠️ Severity: Critical
📅 Published: 02/12/2026, 08:16 PM
🏷️ Aliases: CVE-2026-25227
🛡️ CWE: CWE-94
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H (security-advisories@github.com)
📚 References: https://github.com/goauthentik/authentik/commit/c691afaef164cf73c10a26a944ef2f11dbb1ac80 https://github.com/goauthentik/authentik/releases/tag/version/2025.10.4
⚠️ CVE-2026-25227 (CRITICAL, CVSS 9.1): Code injection in goauthentik authentik via delegated permissions. Patch to 2025.8.6, 2025.10.4, or 2025.12.4 urgently. Audit permissions & monitor test endpoint usage. https://radar.offseq.com/threat/cve-2026-25227-cwe-94-improper-control-of-generati-cc39f642 #OffSeq #authentik #infosec #CVE
##🔴 CVE-2026-25227 - Critical (9.1)
authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view * Property Mapping or Can view Expression Policy is able to execut...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25227/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##1.3/mbedTLS updates.
- JupyterLite officially joins Project Jupyter.
- Authentik CVEs: CVE-2026-25227, CVE-2026-25922, CVE-2026-25748; patched in 2025.10.4/2025.12.4. [2/2]
🔐 CVE-2026-25922
CVE-2026-25922
📊 CVSS Score: 8.8
⚠️ Severity: High
📅 Published: 02/12/2026, 08:16 PM
🏷️ Aliases: CVE-2026-25922
🛡️ CWE: CWE-287, CWE-347
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (security-advisories@github.com)
📚 References: https://github.com/goauthentik/authentik/releases/tag/version/2025.10.4 https://github.com/goauthentik/authentik/releases/tag/version/2025.12.4
🟠 CVE-2026-25922 - High (8.8)
authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-25922
CVE-2026-25922
📊 CVSS Score: 8.8
⚠️ Severity: High
📅 Published: 02/12/2026, 08:16 PM
🏷️ Aliases: CVE-2026-25922
🛡️ CWE: CWE-287, CWE-347
🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (security-advisories@github.com)
📚 References: https://github.com/goauthentik/authentik/releases/tag/version/2025.10.4 https://github.com/goauthentik/authentik/releases/tag/version/2025.12.4
🟠 CVE-2026-25922 - High (8.8)
authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does n...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##1.3/mbedTLS updates.
- JupyterLite officially joins Project Jupyter.
- Authentik CVEs: CVE-2026-25227, CVE-2026-25922, CVE-2026-25748; patched in 2025.10.4/2025.12.4. [2/2]
🔐 CVE-2026-25748 CVE-2026-25748 📊 CVSS Score: 8.6 ⚠️ Severity: High 📅 Published: 02/12/2026, 08:16 PM 🏷️ Aliases: CVE-2026-25748 🛡️ CWE: CWE-287 🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N (security-advisories@github.com) 📚 References: https://github.com/goauthentik/authentik/releases/tag/version/2025.10.4 https://github.com/goauthentik/authentik/releases/tag/version/2025.12.4 🔗 https://hecate.pw/vulnerability/CVE-2026-25748 #cve #vulnerability #hecate
##🟠 CVE-2026-25748 - High (8.6)
authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traef...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25748/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔐 CVE-2026-25748 CVE-2026-25748 📊 CVSS Score: 8.6 ⚠️ Severity: High 📅 Published: 02/12/2026, 08:16 PM 🏷️ Aliases: CVE-2026-25748 🛡️ CWE: CWE-287 🔗 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N (security-advisories@github.com) 📚 References: https://github.com/goauthentik/authentik/releases/tag/version/2025.10.4 https://github.com/goauthentik/authentik/releases/tag/version/2025.12.4 🔗 https://hecate.pw/vulnerability/CVE-2026-25748 #cve #vulnerability #hecate
##🟠 CVE-2026-25748 - High (8.6)
authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traef...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25748/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Vaultwarden – CVE-2026-26012 : cette faille expose vos mots de passe aux autres utilisateurs ! https://www.it-connect.fr/vaultwarden-cve-2026-26012-cette-faille-expose-vos-mots-de-passe-aux-autres-utilisateurs/ #ActuCybersécurité #Cybersécurité #Vulnérabilité
##Vaultwarden – CVE-2026-26012 : cette faille expose vos mots de passe aux autres utilisateurs ! https://www.it-connect.fr/vaultwarden-cve-2026-26012-cette-faille-expose-vos-mots-de-passe-aux-autres-utilisateurs/ #ActuCybersécurité #Cybersécurité #Vulnérabilité
##🚨 CRITICAL: CVE-2026-24044 in element-hq ess-helm (<25.12.1) uses an insecure PRNG for Matrix server keys. Attackers can recreate keys, impersonate servers & disrupt comms. Upgrade to 25.12.1+ & rotate keys! https://radar.offseq.com/threat/cve-2026-24044-cwe-336-same-seed-in-pseudo-random--1eb14671 #OffSeq #Matrix #CVE202624044 #Helm
##🚨 CRITICAL: CVE-2026-24044 in element-hq ess-helm (<25.12.1) uses an insecure PRNG for Matrix server keys. Attackers can recreate keys, impersonate servers & disrupt comms. Upgrade to 25.12.1+ & rotate keys! https://radar.offseq.com/threat/cve-2026-24044-cwe-336-same-seed-in-pseudo-random--1eb14671 #OffSeq #Matrix #CVE202624044 #Helm
##⚠️ CRITICAL: CVE-2026-26068 impacts jm33-m0 emp3r0r (<3.21.1), allowing unauthenticated RCE via command injection on operator hosts. Upgrade to 3.21.1+ now and restrict access. Details: https://radar.offseq.com/threat/cve-2026-26068-cwe-77-improper-neutralization-of-s-58777eec #OffSeq #Linux #Vuln #C2
##⚠️ CRITICAL: CVE-2026-26068 impacts jm33-m0 emp3r0r (<3.21.1), allowing unauthenticated RCE via command injection on operator hosts. Upgrade to 3.21.1+ now and restrict access. Details: https://radar.offseq.com/threat/cve-2026-26068-cwe-77-improper-neutralization-of-s-58777eec #OffSeq #Linux #Vuln #C2
##🚨 CRITICAL: CVE-2026-26011 in ROS 2 navigation2 (≤1.3.11) allows unauth attackers in the same DDS domain to trigger heap out-of-bounds writes via /initialpose, causing DoS or further exploit. Isolate & patch! https://radar.offseq.com/threat/cve-2026-26011-cwe-787-out-of-bounds-write-in-ros--a5e729c2 #OffSeq #ROS2 #infosec #robotics
##🚨 CRITICAL: CVE-2026-26011 in ROS 2 navigation2 (≤1.3.11) allows unauth attackers in the same DDS domain to trigger heap out-of-bounds writes via /initialpose, causing DoS or further exploit. Isolate & patch! https://radar.offseq.com/threat/cve-2026-26011-cwe-787-out-of-bounds-write-in-ros--a5e729c2 #OffSeq #ROS2 #infosec #robotics
##🚨 CRITICAL: CVE-2026-26020 in AutoGPT (<0.6.48) allows authenticated RCE via improper authorization of BlockInstallationBlock. Patch to 0.6.48+ ASAP! Monitor for suspicious graph configs. https://radar.offseq.com/threat/cve-2026-26020-cwe-285-improper-authorization-in-s-31ca744c #OffSeq #AutoGPT #Infosec #Vulnerability
##🚨 CRITICAL: CVE-2026-26020 in AutoGPT (<0.6.48) allows authenticated RCE via improper authorization of BlockInstallationBlock. Patch to 0.6.48+ ASAP! Monitor for suspicious graph configs. https://radar.offseq.com/threat/cve-2026-26020-cwe-285-improper-authorization-in-s-31ca744c #OffSeq #AutoGPT #Infosec #Vulnerability
##🚨 CVE-2026-26069 (CRITICAL, CVSS 9.1): Scraparr v3.0.0-beta to <3.0.2 leaks Readarr API keys via /metrics if no alias is set. Upgrade to 3.0.2+, restrict /metrics access, and check for exposed endpoints. https://radar.offseq.com/threat/cve-2026-26069-cwe-200-exposure-of-sensitive-infor-4d72e5e9 #OffSeq #Vuln #Scraparr #APISecurity
##🚨 CVE-2026-26069 (CRITICAL, CVSS 9.1): Scraparr v3.0.0-beta to <3.0.2 leaks Readarr API keys via /metrics if no alias is set. Upgrade to 3.0.2+, restrict /metrics access, and check for exposed endpoints. https://radar.offseq.com/threat/cve-2026-26069-cwe-200-exposure-of-sensitive-infor-4d72e5e9 #OffSeq #Vuln #Scraparr #APISecurity
##2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC
https://www.haproxy.com/blog/cves-2026-quic-denial-of-service
##2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC
https://www.haproxy.com/blog/cves-2026-quic-denial-of-service
##2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC
https://www.haproxy.com/blog/cves-2026-quic-denial-of-service
##2 vulnerabilities in HAProxy have been fixed:
CVE-2026-26080 and CVE-2026-26081. DoS affecting QUIC
https://www.haproxy.com/blog/cves-2026-quic-denial-of-service
##🟠 CVE-2026-26029 - High (7.5)
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26029/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##