## Updated at UTC 2026-07-19T17:44:46.443475

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2026-16221 7.5 0.00% 2 0 2026-07-19T15:16:49.027000 Impact: fast-uri versions from 2.3.1 through 4.1.0 (including the 3.x line up to
CVE-2026-16228 7.3 0.41% 1 0 2026-07-19T12:30:30 A vulnerability was detected in SourceCodester Class and Exam Timetabling System
CVE-2026-16229 4.3 0.44% 1 0 2026-07-19T12:30:30 A flaw has been found in itsourcecode Courier Management System up to 1.0. Affec
CVE-2026-16227 7.3 0.41% 1 0 2026-07-19T12:30:21 A security vulnerability has been detected in SourceCodester Class and Exam Time
CVE-2026-16223 6.3 0.21% 1 0 2026-07-19T09:31:42 A vulnerability was determined in 1Panel-dev CordysCRM up to 1.4.1. Impacted is
CVE-2026-16217 6.3 0.22% 1 0 2026-07-19T06:30:33 A security vulnerability has been detected in guohongze adminset up to 0.61. Aff
CVE-2026-16210 7.3 0.40% 1 0 2026-07-19T04:17:04.343000 A vulnerability was found in newpanjing simpleui 2026.01.13. This affects the fu
CVE-2026-10130 8.2 0.37% 2 0 2026-07-19T00:30:23 QueryWeaver contains an authentication bypass vulnerability that allows unauthen
CVE-2026-12228 8.7 0.26% 2 0 2026-07-18T21:30:30 A stored cross-site scripting (XSS) vulnerability exists in the `POST /api/promp
CVE-2026-53994 7.5 0.40% 2 0 2026-07-18T20:17:30.283000 ProFTPD mod_sftp contains a heap-based buffer overflow reachable by an authentic
CVE-2026-55518 9.6 0.33% 1 0 2026-07-18T17:22:30 ## Summary A critical missing authorization flaw exists in Avo's association at
CVE-2026-16125 7.3 0.29% 1 0 2026-07-18T16:17:12.873000 A vulnerability was found in zevorn rt-claw up to 0.2.0. The affected element is
CVE-2026-11826 8.8 0.42% 2 0 2026-07-18T15:31:56 OpenPLC_v3 contains a heap-based buffer overflow in the getData() function in we
CVE-2026-9323 8.1 0.42% 1 0 2026-07-18T15:31:56 The urwid web display backend (urwid/display/web.py) generates web session ident
CVE-2026-9147 7.8 0.15% 2 0 2026-07-18T15:31:55 uproot dynamically generates Python class source code from ROOT TStreamerInfo re
CVE-2026-16117 10.0 0.27% 1 0 2026-07-18T14:17:11.620000 Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite
CVE-2026-16097 8.8 0.46% 2 0 2026-07-18T12:33:18 A vulnerability was found in Shibby Tomato 1.28. This vulnerability affects the
CVE-2026-16096 8.8 0.44% 3 0 2026-07-18T12:33:13 A vulnerability has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Th
CVE-2026-16095 8.8 0.42% 1 0 2026-07-18T11:16:43.833000 A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by
CVE-2026-47871 8.8 0.90% 1 0 2026-07-18T09:32:24 VMware Avi Load Balancer contains a directory traversal vulnerability. Flaws in
CVE-2026-47869 8.7 0.68% 1 0 2026-07-18T09:32:24 VMware Avi Load Balancer contains a remote code execution vulnerability. A malic
CVE-2026-47866 8.3 0.43% 1 0 2026-07-18T09:32:24 VMware Avi Load Balancer contains an authorization bypass vulnerability. A malic
CVE-2026-47865 9.8 0.66% 1 0 2026-07-18T09:32:24 VMware Avi Load Balancer contains an authentication bypass vulnerability. A mali
CVE-2026-47868 7.8 0.15% 1 0 2026-07-18T09:32:18 VMware Avi Load Balancer contains a local privilege escalation vulnerability. A
CVE-2026-47867 8.7 0.68% 1 0 2026-07-18T09:17:08.527000 VMware Avi Load Balancer contains a remote code execution vulnerability. A malic
CVE-2026-9198 9.8 0.35% 1 0 2026-07-18T05:16:56.320000 IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain
CVE-2026-62228 8.8 0.26% 2 0 2026-07-18T05:16:55.780000 OpenClaw before 2026.6.5 contain an authorization bypass vulnerability in node e
CVE-2026-44739 8.7 0.28% 1 0 2026-07-18T00:16:47.840000 Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.1
CVE-2026-56740 7.5 0.51% 1 0 2026-07-17T22:17:57.153000 JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, an
CVE-2026-7667 8.8 0.34% 1 0 2026-07-17T21:31:53 IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create
CVE-2026-8481 9.9 0.44% 1 0 2026-07-17T21:31:53 IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution v
CVE-2026-7755 8.8 0.41% 1 0 2026-07-17T21:31:53 IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution
CVE-2026-8859 9.9 0.34% 1 0 2026-07-17T21:31:53 IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write
CVE-2026-8505 9.8 0.60% 2 0 2026-07-17T21:31:53 IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook
CVE-2026-14499 8.8 0.43% 1 0 2026-07-17T21:31:52 IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user
CVE-2026-13473 8.1 0.46% 1 0 2026-07-17T21:31:52 IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 throu
CVE-2026-13448 8.1 0.44% 1 0 2026-07-17T21:31:52 IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated re
CVE-2026-15091 9.3 0.57% 1 0 2026-07-17T21:31:52 IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to
CVE-2026-48373 7.8 0.19% 1 0 2026-07-17T21:31:52 Acrobat Reader is affected by a Heap-based Buffer Overflow vulnerability that co
CVE-2026-8476 9.9 0.47% 1 0 2026-07-17T21:31:52 IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution v
CVE-2026-8635 9.9 0.29% 1 0 2026-07-17T21:31:52 IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate pri
CVE-2026-9171 7.5 0.55% 1 0 2026-07-17T21:31:52 IBM PowerVM Novalink are vulnerable to a denial of service, caused by sending a
CVE-2026-9103 9.8 0.41% 1 0 2026-07-17T21:31:52 IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unau
CVE-2026-54159 10.0 0.75% 1 0 2026-07-17T21:17:07.963000 PrestaShop ps_facetedsearch is a module that adds layered navigation filters. Fr
CVE-2026-50274 7.5 0.79% 2 0 2026-07-17T21:17:07.337000 Datadog dd-trace-go is a Go client library for Datadog application performance m
CVE-2026-50271 7.5 0.79% 1 0 2026-07-17T21:17:07.070000 Datadog dd-trace-py is the Datadog Python APM client. Prior to 4.8.2, Datadog tr
CVE-2026-13446 9.8 0.21% 2 0 2026-07-17T21:17:05.960000 IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a
CVE-2026-13445 8.1 0.20% 1 0 2026-07-17T21:17:05.473000 IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exp
CVE-2026-8056 8.8 0.29% 1 0 2026-07-17T20:17:30.500000 IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override com
CVE-2026-7872 7.5 0.38% 1 0 2026-07-17T20:17:30.377000 IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to read a
CVE-2026-7754 7.7 0.22% 1 0 2026-07-17T20:17:29.470000 IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could allow server-side req
CVE-2026-58195 8.8 0.46% 1 0 2026-07-17T20:17:27.157000 Agentic-Flow is an AI agent orchestration platform. Prior to 2.0.14, agentic-flo
CVE-2026-50273 7.5 0.79% 1 0 2026-07-17T20:17:24.220000 Datadog .NET Tracer is a client library for Datadog APM for .NET applications. P
CVE-2026-15322 7.5 0.52% 1 0 2026-07-17T20:17:15.800000 IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to
CVE-2026-9135 9.9 0.80% 1 0 2026-07-17T19:17:19.390000 IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 (commit 9498
CVE-2026-62241 9.1 0.39% 3 0 2026-07-17T19:17:18.647000 clawvet self-hosted API server (apps/api) before 0.7.5 hard-codes a fallback JWT
CVE-2026-62227 7.7 0.24% 2 0 2026-07-17T19:17:18.390000 OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulner
CVE-2026-55173 8.1 3.43% 1 0 2026-07-17T18:36:41.143000 WWBN AVideo is an open source video platform. Versions 29.0 and below remain vul
CVE-2026-44182 0 0.35% 1 0 2026-07-17T18:35:23.877000 Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distr
CVE-2025-60357 8.1 0.40% 1 1 2026-07-17T18:32:30 AhnLab EPP Management v1.0.14.32-6249 was discovered to contain a NoSQL injectio
CVE-2026-13410 8.2 0.24% 1 0 2026-07-17T18:32:29 Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verificatio
CVE-2026-51080 9.8 0.30% 1 0 2026-07-17T18:32:29 libpvestorage-perl v9.1.1 and libpve-storage-perl v8.3.7 were discovered to cont
CVE-2026-57860 7.8 0.13% 1 0 2026-07-17T18:31:35 ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI, automatically load
CVE-2026-9762 7.8 0.17% 1 0 2026-07-17T18:31:35 IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote
CVE-2026-9202 9.8 0.29% 2 0 2026-07-17T18:31:35 IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create
CVE-2026-12694 9.1 0.24% 1 0 2026-07-17T18:31:34 Missing Authorization vulnerability in Vimesoft Inc. Enterprise Video Platform a
CVE-2026-12693 9.4 0.26% 1 0 2026-07-17T18:31:34 Authorization bypass through User-Controlled key vulnerability in Vimesoft Inc.
CVE-2026-12692 9.8 0.35% 1 0 2026-07-17T18:31:34 Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platf
CVE-2026-12691 7.5 0.30% 1 0 2026-07-17T18:31:34 Missing authentication for critical function vulnerability in Vimesoft Inc. Ente
CVE-2026-63101 7.5 0.30% 1 0 2026-07-17T18:31:34 Open Event Server through 1.19.1 contains a missing authentication vulnerability
CVE-2026-8297 9.8 0.26% 1 0 2026-07-17T17:54:18.640000 Improper neutralization of special elements used in an SQL command ('SQL injecti
CVE-2026-13352 8.8 0.57% 1 0 2026-07-17T16:17:13.187000 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User
CVE-2026-62386 7.5 0.27% 2 0 2026-07-17T15:44:29.553000 The Grav API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 accepts JWT acc
CVE-2026-62234 8.1 0.30% 2 0 2026-07-17T15:44:29.553000 Grav before 2.0.4 fails to restrict cURL protocols in webhook dispatch, allowing
CVE-2026-62232 7.4 0.28% 1 0 2026-07-17T15:44:29.553000 Grav before 2.0.4 contains a two-factor authentication bypass vulnerability in t
CVE-2026-11575 7.5 0.21% 1 0 2026-07-17T15:33:32 The PhonePe Payment Solutions WordPress plugin before 3.1.0 does not properly ve
CVE-2026-8396 7.5 0.26% 1 0 2026-07-17T15:32:37 Improper restriction of XML external entity reference vulnerability in Netcad So
CVE-2026-7488 7.5 0.24% 1 0 2026-07-17T15:32:37 Insertion of sensitive information into sent data vulnerability in IKAS Technolo
CVE-2026-63094 8.1 0.17% 1 0 2026-07-17T15:32:37 SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authen
CVE-2026-63093 8.8 0.43% 1 0 2026-07-17T15:32:37 Cursor for Windows version 3.2.16 contains a binary planting vulnerability that
CVE-2026-7189 7.5 0.24% 1 0 2026-07-17T15:32:29 Insertion of sensitive information into sent data vulnerability in Proliz Softwa
CVE-2026-9810 9.8 0.28% 1 0 2026-07-17T15:32:28 The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens
CVE-2026-11961 8.1 0.23% 2 0 2026-07-17T15:32:27 The User Registration & Membership WordPress plugin before 5.2.3 does not valid
CVE-2026-15982 9.8 0.29% 2 0 2026-07-17T14:59:38.667000 The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Too
CVE-2026-13765 7.5 0.39% 1 0 2026-07-17T06:31:06 The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin
CVE-2026-50454 7.8 0.40% 1 0 2026-07-17T05:16:39.690000 Relative path traversal in Windows User Interface Core allows an authorized atta
CVE-2026-25089 9.8 36.13% 4 2 2026-07-17T05:16:38.687000 A improper neutralization of special elements used in an os command ('os command
CVE-2026-53412 9.8 0.51% 5 0 2026-07-17T00:32:18 Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client fo
CVE-2026-53409 7.8 0.15% 1 0 2026-07-16T21:30:46 Improper Privilege Management in Zoom Rooms for Windows before version 7.1.0 may
CVE-2026-39808 9.8 84.16% 4 6 template 2026-07-16T18:32:24 A improper neutralization of special elements used in an os command ('os command
CVE-2026-58644 9.8 1.47% 7 0 2026-07-16T18:31:26 Deserialization of untrusted data in Microsoft Office SharePoint allows an unaut
CVE-2026-12525 8.8 0.24% 1 0 2026-07-16T18:16:41.633000 The Redux Framework WordPress plugin before 4.5.13 does not restrict which user
CVE-2026-11386 9.0 0.32% 2 0 2026-07-16T15:33:11 An input validation and injection vulnerability exists in Canonical ubuntu-pro-c
CVE-2026-63305 8.1 1.38% 1 0 2026-07-16T15:33:11 AVideo through 29.0 contains an OS command injection vulnerability in the ffmpeg
CVE-2026-62314 5.8 0.27% 1 0 2026-07-16T14:16:56.427000 Anubis is a Web AI Firewall Utility that challenges users' connections in order
CVE-2026-22752 9.6 0.43% 1 0 2026-07-16T12:32:28 Authentication bypass by primary weakness vulnerability in Spring Security Sprin
CVE-2026-15013 9.8 0.30% 1 0 2026-07-16T06:31:33 The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authen
CVE-2026-20298 5.3 0.22% 1 0 2026-07-16T05:16:19.120000 In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splu
CVE-2026-50272 7.5 0.79% 1 0 2026-07-15T22:58:53 ### Impact Datadog tracing libraries that implement W3C baggage propagation pars
CVE-2026-54498 8.7 0.45% 1 0 2026-07-15T22:51:05 ## Summary `ViewComponent::Base#around_render` can return HTML-unsafe strings t
CVE-2026-15895 7.8 1.24% 1 0 2026-07-15T21:31:26 OS command injection in the npm package loading component in AWS jsii-diff befor
CVE-2026-46817 9.8 1.04% 4 2 2026-07-15T18:32:50 Vulnerability in the Oracle Payments product of Oracle E-Business Suite (compone
CVE-2023-4346 7.5 0.85% 2 0 2026-07-15T18:32:50 KNX devices that use KNX Connection Authorization and support Option 1 are, depe
CVE-2026-20297 7.2 0.38% 1 0 2026-07-15T18:32:05 In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14,
CVE-2026-20296 8.3 0.17% 1 0 2026-07-15T18:32:05 In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splu
CVE-2026-60005 8.2 0.61% 1 0 2026-07-15T16:23:03.437000 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_modu
CVE-2026-42533 8.1 0.83% 1 1 2026-07-15T15:33:14 A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive
CVE-2026-56434 6.5 0.39% 1 0 2026-07-15T15:33:13 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssi_module
CVE-2026-48309 7.8 0.17% 1 0 2026-07-15T13:51:52.543000 Audition is affected by an out-of-bounds write vulnerability that could result i
CVE-2026-9770 None 0.22% 1 0 2026-07-15T03:33:02 Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key st
CVE-2026-13585 None 0.11% 1 1 2026-07-15T03:33:01 Allocation of Resources Without Limits and Throttling and Sensitive Information
CVE-2026-56155 7.8 0.38% 2 0 2026-07-14T21:32:52 Insufficient granularity of access control in Active Directory Federation Servic
CVE-2026-15409 10.0 1.27% 3 5 2026-07-14T21:32:22 A Server-side request forgery (SSRF) vulnerability has been identified in the SM
CVE-2026-15410 7.2 1.49% 1 3 2026-07-14T21:32:21 Post-authentication improper control of generation of code ('Code Injection') vu
CVE-2026-13001 9.8 1.08% 1 2 2026-07-14T21:32:21 The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary fi
CVE-2026-56164 5.3 5.60% 1 1 2026-07-14T21:10:41.693000 Missing authentication for critical function in Microsoft Office SharePoint allo
CVE-2026-44891 7.5 0.69% 1 0 2026-07-14T20:16:37 ### Summary The StompSubframeDecoder fails to limit the total number of headers
CVE-2026-54052 9.9 0.39% 2 0 2026-07-14T19:07:15 ## Impact In multi-tenant HTTP deployments — where a single n8n-mcp server serv
CVE-2026-58635 7.8 0.22% 1 1 2026-07-14T18:32:12 Improper neutralization of special elements used in a command ('command injectio
CVE-2026-50663 8.8 0.65% 1 0 2026-07-14T18:32:06 Relative path traversal in Age of Empires II: Definitive Edition Game allows an
CVE-2026-53565 None 0.10% 1 0 2026-07-14T15:32:25 Improper Privilege Management vulnerability in Citrix Secure Access Client for W
CVE-2026-53566 None 0.11% 1 0 2026-07-14T15:32:24 Out-of-bounds read vulnerability in Citrix Citrix Secure Access Client for Windo
CVE-2026-6875 None 0.51% 1 0 2026-07-13T21:31:30 ServiceNow has addressed a remote code execution vulnerability that was identifi
CVE-2026-45260 8.1 0.43% 1 0 2026-07-10T19:08:23 ### Summary Pimcore's WebDAV asset endpoint exposes a `MOVE` operation through `
CVE-2026-45162 8.0 0.57% 1 0 2026-07-10T19:07:30 # GitHub Security Advisory Draft — GM-374 ## Summary Multiple locations in Pimc
CVE-2026-56688 9.1 1.29% 1 0 2026-07-10T12:31:56 Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutral
CVE-2026-15378 9.3 0.42% 1 0 2026-07-10T12:31:55 A flaw was found in the `guardrails-detectors` component. This vulnerability all
CVE-2026-59826 9.1 0.39% 1 0 2026-07-10T05:16:38.427000 Metabase is an open-source business intelligence and embedded analytics tool. Fr
CVE-2026-49485 7.5 0.68% 1 0 2026-07-09T13:43:04 # Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expres
CVE-2026-54496 9.3 0.32% 1 0 2026-07-06T21:23:42 ### Summary A soundness vulnerability in the variable-base scalar multiplicatio
CVE-2026-52746 7.5 0.68% 1 0 2026-07-02T20:13:56 ### Impact In JSONata `<v2.2.0`, it is possible to craft non-matching inputs to
CVE-2026-45659 8.8 3.22% 1 1 2026-07-01T21:35:53 Deserialization of untrusted data in Microsoft Office SharePoint allows an autho
CVE-2026-50151 7.5 0.48% 1 0 2026-07-01T21:35:48 ## Summary oras-go follows a registry-controlled `Location` header during the m
CVE-2026-54458 9.6 0.30% 2 0 2026-06-22T14:36:04 # Unauthenticated Stored DOM XSS via `page_title` Broadcast in AVideo YPTSocket
CVE-2026-43088 5.5 0.12% 1 0 2026-06-19T15:34:14 In the Linux kernel, the following vulnerability has been resolved: net: af_key
CVE-2026-3891 9.8 2.77% 1 7 template 2026-06-17T10:44:23.283000 The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file upl
CVE-2026-32201 6.5 21.48% 1 1 2026-06-17T10:35:20.103000 Improper input validation in Microsoft Office SharePoint allows an unauthorized
CVE-2026-2699 9.8 49.42% 1 2 template 2026-06-17T10:31:33.870000 Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthentica
CVE-2026-48062 9.8 0.44% 1 0 2026-06-11T17:16:09 ### Impact The `ext_in` upload validation rule checked the MIME-derived guessed
CVE-2026-44023 8.6 0.29% 1 0 2026-06-03T21:16:26 ### Impact In versions `>= 1.5.0, < 2.74.1`, `docling-core` did not sufficiently
CVE-2026-45799 7.5 0.50% 1 0 2026-05-19T19:54:51 # CVE-2026-45799 ## Maintainer summary Wire's protobuf group-skipping logic di
CVE-2026-46339 10.0 4.57% 1 0 template 2026-05-19T19:22:06 ## Summary 9router exposes two unauthenticated API endpoints that, when chained
CVE-2026-3220 8.8 0.32% 1 4 2026-05-18T15:30:37 The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin
CVE-2025-69443 6.3 0.31% 1 0 2026-05-15T15:31:41 Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when access
CVE-2025-40949 9.1 0.67% 1 0 2026-05-12T12:32:14 A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.1
CVE-2026-2701 9.1 48.81% 1 0 2026-04-21T00:33:18 Authenticated user can upload a malicious file to the server and execute it, whi
CVE-2026-3300 9.8 40.99% 1 2 template 2026-03-31T03:31:35 The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Executio
CVE-2026-33482 8.1 2.06% 1 0 2026-03-25T18:50:03 ## Summary The `sanitizeFFmpegCommand()` function in `plugin/API/standAlone/fun
CVE-2025-3248 None 99.99% 1 28 template 2025-11-05T20:12:46 Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v
CVE-2025-20204 4.8 0.31% 1 0 2025-02-05T18:34:46 A vulnerability in the web-based management interface of Cisco Identity Services
CVE-2025-20205 4.8 0.31% 1 0 2025-02-05T18:34:46 A vulnerability in the web-based management interface of Cisco Identity Services
CVE-2026-14266 0 0.00% 3 1 N/A
CVE-2026-63030 0 8.95% 15 40 template N/A
CVE-2026-60137 0 4.03% 9 22 N/A
CVE-2026-15631 0 0.30% 1 0 N/A
CVE-2026-16158 0 0.23% 1 0 N/A
CVE-2026-56741 0 0.52% 1 0 N/A
CVE-2026-54523 0 0.00% 2 0 N/A
CVE-2026-44436 0 0.28% 1 0 N/A
CVE-2026-39359 0 0.24% 1 0 N/A
CVE-2026-15899 0 0.00% 1 0 N/A
CVE-2026-59827 0 0.46% 1 1 N/A
CVE-2026-55445 0 0.40% 1 0 N/A
CVE-2026-55234 0 0.24% 1 0 N/A
CVE-2026-55652 0 0.36% 1 0 N/A

CVE-2026-16221
(7.5 HIGH)

EPSS: 0.00%

updated 2026-07-19T15:16:49.027000

2 posts

Impact: fast-uri versions from 2.3.1 through 4.1.0 (including the 3.x line up to 3.1.3 and the 2.x line up to 2.4.2) do not treat a literal backslash character (U+005C) as an authority delimiter. Node's native WHATWG URL parser, used by fetch, undici, and Node's http and https clients, normalizes the backslash to a forward slash for special schemes such as http, https, ws, wss, ftp, and file. As a

thehackerwire@mastodon.social at 2026-07-19T15:59:50.000Z ##

🟠 CVE-2026-16221 - High (7.5)

Impact: fast-uri versions from 2.3.1 through 4.1.0 (including the 3.x line up to 3.1.3 and the 2.x line up to 2.4.2) do not treat a literal backslash character (U+005C) as an authority delimiter. Node's native WHATWG URL parser, used by fetch, und...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-19T15:59:50.000Z ##

🟠 CVE-2026-16221 - High (7.5)

Impact: fast-uri versions from 2.3.1 through 4.1.0 (including the 3.x line up to 3.1.3 and the 2.x line up to 2.4.2) do not treat a literal backslash character (U+005C) as an authority delimiter. Node's native WHATWG URL parser, used by fetch, und...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-16228
(7.3 HIGH)

EPSS: 0.41%

updated 2026-07-19T12:30:30

1 posts

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /edit_schoolyr.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

offseq@infosec.exchange at 2026-07-19T12:00:25.000Z ##

CVE-2026-16228: MEDIUM-severity SQL injection in SourceCodester Class and Exam Timetabling System 1.0 (/edit_schoolyr.php). Remote, unauthenticated exploitation possible. No patch — apply input validation & parameterized queries. radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #AppSec

##

CVE-2026-16229
(4.3 MEDIUM)

EPSS: 0.44%

updated 2026-07-19T12:30:30

1 posts

A flaw has been found in itsourcecode Courier Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Executing a manipulation of the argument page can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.

offseq@infosec.exchange at 2026-07-19T10:30:24.000Z ##

CVE-2026-16229 (MEDIUM, CVSS 5.3): XSS in itsourcecode Courier Management System v1.0 via 'page' param in /index.php. Remote exploitation possible, user interaction needed. No patch yet — use WAF and input validation. radar.offseq.com/threat/cve-20 #OffSeq #XSS #Vuln

##

CVE-2026-16227
(7.3 HIGH)

EPSS: 0.41%

updated 2026-07-19T12:30:21

1 posts

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /edit_subject.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

offseq@infosec.exchange at 2026-07-19T13:30:26.000Z ##

CVE-2026-16227: SQL injection in SourceCodester Class and Exam Timetabling System v1.0 (/edit_subject.php, ID param). MEDIUM severity (CVSS 6.9). No patch yet — use input validation & parameterized queries. radar.offseq.com/threat/cve-20 #OffSeq #SQLInjection #AppSec #Vuln

##

CVE-2026-16223
(6.3 MEDIUM)

EPSS: 0.21%

updated 2026-07-19T09:31:42

1 posts

A vulnerability was determined in 1Panel-dev CordysCRM up to 1.4.1. Impacted is the function getSqlBotSrc of the file backend/crm/src/main/java/cn/cordys/crm/system/service/IntegrationConfigService.java of the component Third Party Edit Endpoint. Executing a manipulation of the argument appSecret can lead to server-side request forgery. The attack may be launched remotely. The exploit has been pub

offseq@infosec.exchange at 2026-07-19T09:00:26.000Z ##

CVE-2026-16223: SSRF in 1Panel-dev CordysCRM 1.4.0 & 1.4.1 (MEDIUM, CVSS 5.3). Exploitable via appSecret — enables unauthorized server requests. No patch yet: restrict endpoint, monitor logs. radar.offseq.com/threat/cve-20 #OffSeq #SSRF #CyberSecurity #Vuln

##

CVE-2026-16217
(6.3 MEDIUM)

EPSS: 0.22%

updated 2026-07-19T06:30:33

1 posts

A security vulnerability has been detected in guohongze adminset up to 0.61. Affected by this vulnerability is an unknown functionality of the file delivery/deli.py of the component Delivery Deployment Endpoint. The manipulation of the argument project_id leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The proj

offseq@infosec.exchange at 2026-07-19T06:00:24.000Z ##

guohongze adminset (v0.1 – 0.61) is vulnerable to authorization bypass (CVE-2026-16217) via delivery/deli.py. Remote exploitation is possible, exploit is public. Severity: MEDIUM. Patch unavailable. radar.offseq.com/threat/cve-20 #OffSeq #CVE202616217 #Vuln #Infosec

##

CVE-2026-16210
(7.3 HIGH)

EPSS: 0.40%

updated 2026-07-19T04:17:04.343000

1 posts

A vulnerability was found in newpanjing simpleui 2026.01.13. This affects the function self.get_action of the file simpleui/admin.py of the component AjaxAdmin AJAX Endpoint. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The project was informed of the problem early through an issue re

offseq@infosec.exchange at 2026-07-19T04:30:24.000Z ##

CVE-2026-16210: Medium severity vuln in newpanjing simpleui 2026.01.13 allows remote, unauthenticated actions via AjaxAdmin AJAX Endpoint. Exploit is public — no vendor fix yet. Restrict access or disable endpoint until patched. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #SimpleUI

##

CVE-2026-10130
(8.2 HIGH)

EPSS: 0.37%

updated 2026-07-19T00:30:23

2 posts

QueryWeaver contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain valid session tokens for existing accounts by submitting a signup request with a known victim email address. The signup route unconditionally creates and links a new token to the matching Identity via a Cypher MERGE operation before checking whether the email belongs to an existing account,

thehackerwire@mastodon.social at 2026-07-19T05:59:55.000Z ##

🟠 CVE-2026-10130 - High (8.2)

QueryWeaver contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain valid session tokens for existing accounts by submitting a signup request with a known victim email address. The signup route unconditional...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-18T22:30:23.000Z ##

CVE-2026-10130 (HIGH, CVSS 8.2) in FalkorDB QueryWeaver: attackers can bypass authentication and obtain session tokens for existing accounts by submitting signup requests with known emails. Review signup flows. radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #FalkorDB #Infosec

##

CVE-2026-12228
(8.7 HIGH)

EPSS: 0.26%

updated 2026-07-18T21:30:30

2 posts

A stored cross-site scripting (XSS) vulnerability exists in the `POST /api/prompts/share` endpoint of parisneo/lollms (latest version). The endpoint stores attacker-controlled `prompt_content` into `DBDirectMessage.content` without server-side sanitization. When a victim opens the direct message (DM) thread, the message is rendered by the DM UI through `MessageContentRenderer`, which uses `v-html`

thehackerwire@mastodon.social at 2026-07-19T06:00:04.000Z ##

🟠 CVE-2026-12228 - High (8.7)

A stored cross-site scripting (XSS) vulnerability exists in the `POST /api/prompts/share` endpoint of parisneo/lollms (latest version). The endpoint stores attacker-controlled `prompt_content` into `DBDirectMessage.content` without server-side san...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-19T00:00:33.000Z ##

CVE-2026-12228: parisneo/lollms suffers HIGH severity stored XSS (CVSS 8.7) via POST /api/prompts/share. Authenticated users can execute JS in victims' browsers, risking account takeover. Patch status unknown — check vendor updates. radar.offseq.com/threat/cve-20 #OffSeq #XSS #Vuln #InfoSec

##

CVE-2026-53994
(7.5 HIGH)

EPSS: 0.40%

updated 2026-07-18T20:17:30.283000

2 posts

ProFTPD mod_sftp contains a heap-based buffer overflow reachable by an authenticated SFTP user. The fxp_packet_read() function accepts the attacker-supplied 32-bit big-endian SFTP packet length without a minimum sanity check. A value of 0 causes an unsigned subtraction elsewhere in the read path to underflow to approximately 4 GB. That oversized request reaches the core memory allocator, where the

thehackerwire@mastodon.social at 2026-07-19T06:00:15.000Z ##

🟠 CVE-2026-53994 - High (7.5)

ProFTPD mod_sftp contains a heap-based buffer overflow reachable by an authenticated SFTP user. The fxp_packet_read() function accepts the attacker-supplied 32-bit big-endian SFTP packet length without a minimum sanity check. A value of 0 causes a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-19T01:30:30.000Z ##

CVE-2026-53994: ProFTPD mod_sftp heap buffer overflow (HIGH severity, CVSS 7.5) lets authenticated SFTP users crash session processes via crafted 0-length packets. Patch status unconfirmed — restrict SFTP access & monitor logs. radar.offseq.com/threat/cve-20 #OffSeq #ProFTPD #infosec #vuln

##

CVE-2026-55518
(9.6 CRITICAL)

EPSS: 0.33%

updated 2026-07-18T17:22:30

1 posts

## Summary A critical missing authorization flaw exists in Avo's association attach workflow. The UI and `GET /resources/:resource/:id/:related/new` path can check `attach_<association>?`, but the actual write endpoint, `POST /resources/:resource/:id/:related`, does not run the same authorization check before mutating the association. As a result, an authenticated low-privileged Avo user can byp

thehackerwire@mastodon.social at 2026-07-17T22:00:26.000Z ##

🔴 CVE-2026-55518 - Critical (9.6)

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to 3.32.1 and 4.0.0.beta.51, Avo's association attach workflow checks attach_? in the UI and GET /resources/:resource/:id/:related/new path, but the actual write endpoint, POS...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-16125
(7.3 HIGH)

EPSS: 0.29%

updated 2026-07-18T16:17:12.873000

1 posts

A vulnerability was found in zevorn rt-claw up to 0.2.0. The affected element is the function claw_net_get/claw_net_post of the file claw/services/tools/net.c of the component http_request. The manipulation of the argument url results in server-side request forgery. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem earl

hugovalters@mastodon.social at 2026-07-19T17:07:36.000Z ##

CVE-2026-16125 - SSRF in Zevorn rt-claw up to 0.2.0. Remote exploitation via url argument in claw_net_get/claw_net_post. CVSS 7.3. Exploit public, no patch available. Monitor or isolate affected systems. #CVE #Zevorn #infosec

valtersit.com/cve/CVE-2026-161

##

CVE-2026-11826
(8.8 HIGH)

EPSS: 0.42%

updated 2026-07-18T15:31:56

2 posts

OpenPLC_v3 contains a heap-based buffer overflow in the getData() function in webserver/core/modbus_master.cpp. getData() reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig() the function is invoked with the 100-byte heap-allocated MB_device.dev_name field. An authenticated attacker with access to the OpenPLC web interfa

offseq@infosec.exchange at 2026-07-18T15:00:29.000Z ##

CVE-2026-11826 | HIGH severity heap overflow in openplcproject OpenPLC_v3: Crafted HTTP POST to /modbus can crash the PLC process & corrupt config fields. No fix — migrate to v4 & restrict access. radar.offseq.com/threat/cve-20 #OffSeq #ICS #Vulnerability #Infosec

##

thehackerwire@mastodon.social at 2026-07-18T15:00:12.000Z ##

🟠 CVE-2026-11826 - High (8.8)

OpenPLC_v3 contains a heap-based buffer overflow in the getData() function in webserver/core/modbus_master.cpp. getData() reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseCon...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-9323
(8.1 HIGH)

EPSS: 0.42%

updated 2026-07-18T15:31:56

1 posts

The urwid web display backend (urwid/display/web.py) generates web session identifiers (urwid_id) in Screen.start() by concatenating two random.randrange(10**9) calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and the Mersenne Twister internal state is approximately 19,937 bits, so an attacker who observes

thehackerwire@mastodon.social at 2026-07-18T15:00:03.000Z ##

🟠 CVE-2026-9323 - High (8.1)

The urwid web display backend (urwid/display/web.py) generates web session identifiers (urwid_id) in Screen.start() by concatenating two random.randrange(10**9) calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-9147
(7.8 HIGH)

EPSS: 0.15%

updated 2026-07-18T15:31:55

2 posts

uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields (for example, streamer element names) are interpolated into the generated Python source without safe quoting via repr() or the !r format specifier. An attacker who can supply a crafted ROOT file can place Python expression-breakin

thehackerwire@mastodon.social at 2026-07-18T14:00:12.000Z ##

🟠 CVE-2026-9147 - High (7.8)

uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields (for example, streamer element names) are interpolated into the generated Pyt...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-18T13:30:27.000Z ##

scikit-hep uproot has a HIGH-severity code injection flaw (CVE-2026-9147, CVSS 8.5). Malicious ROOT files can trigger arbitrary Python code execution. Avoid untrusted files until fixed. Full details: radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #Python #ThreatIntel

##

CVE-2026-16117
(10.0 CRITICAL)

EPSS: 0.27%

updated 2026-07-18T14:17:11.620000

1 posts

Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite the request prefix when the prefix segment is URL-encoded. Fastify's router URL-decodes paths for route matching, but request.url retains the original encoded form, and the prefix-rewrite step uses a literal string replace against the decoded prefix. A request that encodes one or more characters of the configured prefi

thehackerwire@mastodon.social at 2026-07-18T15:00:23.000Z ##

🔴 CVE-2026-16117 - Critical (10)

Impact: @fastify/http-proxy versions up to and including 11.5.0 fail to rewrite the request prefix when the prefix segment is URL-encoded. Fastify's router URL-decodes paths for route matching, but request.url retains the original encoded form, an...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-16097
(8.8 HIGH)

EPSS: 0.46%

updated 2026-07-18T12:33:18

2 posts

A vulnerability was found in Shibby Tomato 1.28. This vulnerability affects the function sub_42537C of the component Scheduler Name Handler. The manipulation of the argument a1 results in stack-based buffer overflow. It is possible to launch the attack remotely. This project is superseded by FreshTomato.

offseq@infosec.exchange at 2026-07-18T19:30:23.000Z ##

CVE-2026-16097: HIGH severity stack-based buffer overflow in Shibby Tomato 1.28's Scheduler Name Handler. Remote code execution possible, no patch exists. Migrate to FreshTomato for security. Details: radar.offseq.com/threat/a-vuln #OffSeq #Vulnerability #RouterSecurity #InfoSec

##

thehackerwire@mastodon.social at 2026-07-18T13:00:38.000Z ##

🟠 CVE-2026-16097 - High (8.8)

A vulnerability was found in Shibby Tomato 1.28. This vulnerability affects the function sub_42537C of the component Scheduler Name Handler. The manipulation of the argument a1 results in stack-based buffer overflow. It is possible to launch the a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-16096
(8.8 HIGH)

EPSS: 0.44%

updated 2026-07-18T12:33:13

3 posts

A vulnerability has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. This affects the function sub_40BB50 of the file /proc/webmon_recent_domains. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This project is superseded by FreshTomato.

offseq@infosec.exchange at 2026-07-19T03:00:26.000Z ##

CVE-2026-16096: HIGH severity stack buffer overflow in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124 (/proc/webmon_recent_domains). Remote exploit possible, no official patch. Migrate to FreshTomato. radar.offseq.com/threat/a-vuln #OffSeq #Vulnerability #RouterSecurity #CVE #IoT

##

thehackerwire@mastodon.social at 2026-07-18T13:00:20.000Z ##

🟠 CVE-2026-16096 - High (8.8)

A vulnerability has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. This affects the function sub_40BB50 of the file /proc/webmon_recent_domains. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attac...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-18T12:00:25.000Z ##

CVE-2026-16096: Stack-based buffer overflow (CVSS 8.7, HIGH) in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124 (/proc/webmon_recent_domains). Remote exploit possible. Migrate to FreshTomato. radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #Infosec

##

CVE-2026-16095
(8.8 HIGH)

EPSS: 0.42%

updated 2026-07-18T11:16:43.833000

1 posts

A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by this issue is the function setup_conntrack of the file /sbin/rc. Executing a manipulation of the argument ct_tcp_timeout can lead to out-of-bounds write. The attack may be performed from remote. This project is superseded by FreshTomato.

thehackerwire@mastodon.social at 2026-07-18T11:59:57.000Z ##

🟠 CVE-2026-16095 - High (8.8)

A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by this issue is the function setup_conntrack of the file /sbin/rc. Executing a manipulation of the argument ct_tcp_timeout can lead to out-of-bounds write. The attack m...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-47871
(8.8 HIGH)

EPSS: 0.90%

updated 2026-07-18T09:32:24

1 posts

VMware Avi Load Balancer contains a directory traversal vulnerability. Flaws in file path validation allow malicious, authenticated network users to perform directory traversal attacks. Affected versions: 32.1.1 (fixed in 32.1.2) 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3) 30.1.1 through 30.2.6 (fixed in 30.2.7) 22.1.1 through 22.1.7 (fixed in 30.2.7)

thehackerwire@mastodon.social at 2026-07-18T10:01:16.000Z ##

🟠 CVE-2026-47871 - High (8.8)

VMware Avi Load Balancer contains a directory traversal vulnerability. Flaws in file path validation allow malicious, authenticated network users to perform directory traversal attacks.

Affected versions:
32.1.1 (fixed in 32.1.2)
31.1.1 through 3...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-47869
(8.7 HIGH)

EPSS: 0.68%

updated 2026-07-18T09:32:24

1 posts

VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious authenticated user with network access may be able to inject and execute code. Affected versions: 32.1.1 (fixed in 32.1.2) 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3) 30.1.1 through 30.2.6 (fixed in 30.2.7) 22.1.1 through 22.1.7 (fixed in 30.2.7)

thehackerwire@mastodon.social at 2026-07-18T10:01:06.000Z ##

🟠 CVE-2026-47869 - High (8.7)

VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious authenticated user with network access may be able to inject and execute code.

Affected versions:
32.1.1 (fixed in 32.1.2)
31.1.1 through 31.2.2 (fixed in 31.2.2...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-47866
(8.3 HIGH)

EPSS: 0.43%

updated 2026-07-18T09:32:24

1 posts

VMware Avi Load Balancer contains an authorization bypass vulnerability. A malicious actor on the network can access a limited subset of the Avi Control Plane without proper authorization. Affected versions: 32.1.1 (fixed in 32.1.2) 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3) 30.1.1 through 30.2.6 (fixed in 30.2.7) 22.1.1 through 22.1.7 (fixed in 30.2.7)

thehackerwire@mastodon.social at 2026-07-18T10:00:10.000Z ##

🟠 CVE-2026-47866 - High (8.3)

VMware Avi Load Balancer contains an authorization bypass vulnerability. A malicious actor on the network can access a limited subset of the Avi Control Plane without proper authorization.

Affected versions:
32.1.1 (fixed in 32.1.2)
31.1.1 throug...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-47865
(9.8 CRITICAL)

EPSS: 0.66%

updated 2026-07-18T09:32:24

1 posts

VMware Avi Load Balancer contains an authentication bypass vulnerability. A malicious user with network access may be able to access the Avi Control plane by bypassing the authentication mechanism. Affected versions: 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3) 30.1.1 through 30.2.6 (fixed in 30.2.7) 22.1.1 through 22.1.7 (fixed in 30.2.7)

thehackerwire@mastodon.social at 2026-07-18T10:00:01.000Z ##

🔴 CVE-2026-47865 - Critical (9.8)

VMware Avi Load Balancer contains an authentication bypass vulnerability. A malicious user with network access may be able to access the Avi Control plane by bypassing the authentication mechanism.

Affected versions:
31.1.1 through 31.2.2 (fixed ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-47868
(7.8 HIGH)

EPSS: 0.15%

updated 2026-07-18T09:32:18

1 posts

VMware Avi Load Balancer contains a local privilege escalation vulnerability. A malicious user with local access may be able to escalate their privileges to run code as root. Affected versions: 32.1.1 (fixed in 32.1.2) 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3) 30.1.1 through 30.2.6 (fixed in 30.2.7) 22.1.1 through 22.1.7 (fixed in 30.2.7)

thehackerwire@mastodon.social at 2026-07-18T10:00:55.000Z ##

🟠 CVE-2026-47868 - High (7.8)

VMware Avi Load Balancer contains a local privilege escalation vulnerability. A malicious user with local access may be able to escalate their privileges to run code as root.

Affected versions:
32.1.1 (fixed in 32.1.2)
31.1.1 through 31.2.2 (fixe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-47867
(8.7 HIGH)

EPSS: 0.68%

updated 2026-07-18T09:17:08.527000

1 posts

VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious user with network access may be able to access the Avi Control plane and execute code remotely. Affected versions: 32.1.1 (fixed in 32.1.2) 31.1.1 through 31.2.2 (fixed in 31.2.2-2p3) 30.1.1 through 30.2.6 (fixed in 30.2.7) 22.1.1 through 22.1.7 (fixed in 30.2.7)

thehackerwire@mastodon.social at 2026-07-18T10:00:20.000Z ##

🟠 CVE-2026-47867 - High (8.7)

VMware Avi Load Balancer contains a remote code execution vulnerability. A malicious user with network access may be able to access the Avi Control plane and execute code remotely.

Affected versions:
32.1.1 (fixed in 32.1.2)
31.1.1 through 31.2.2...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-9198
(9.8 CRITICAL)

EPSS: 0.35%

updated 2026-07-18T05:16:56.320000

1 posts

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/auto_login (mints SUPERUSER tokens to any network caller) with /api/v1/validate/code (executes user code via exec()) to achieve full RCE on default Langflow deployments

thehackerwire@mastodon.social at 2026-07-18T19:59:58.000Z ##

🔴 CVE-2026-9198 - Critical (9.8)

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/auto_login (mints SUPERUSER tokens to any network caller) with /api/v1/validate/code (executes user code via exec()) to achieve full RCE on default Langflow de...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-62228
(8.8 HIGH)

EPSS: 0.26%

updated 2026-07-18T05:16:55.780000

2 posts

OpenClaw before 2026.6.5 contain an authorization bypass vulnerability in node exec approvals that allows lower-trust callers to execute actions beyond their intended authorization by using different gateway and node environments. Attackers can exploit mismatched environment configurations to persist or execute actions that exceed the caller's approved permissions.

thehackerwire@mastodon.social at 2026-07-19T16:00:11.000Z ##

🟠 CVE-2026-62228 - High (8.8)

OpenClaw before 2026.6.5 contain an authorization bypass vulnerability in node exec approvals that allows lower-trust callers to execute actions beyond their intended authorization by using different gateway and node environments. Attackers can ex...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-19T16:00:11.000Z ##

🟠 CVE-2026-62228 - High (8.8)

OpenClaw before 2026.6.5 contain an authorization bypass vulnerability in node exec approvals that allows lower-trust callers to execute actions beyond their intended authorization by using different gateway and node environments. Attackers can ex...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44739
(8.7 HIGH)

EPSS: 0.28%

updated 2026-07-18T00:16:47.840000

1 posts

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.6, the columnConfigAction endpoint in bundles/CustomReportsBundle/src/Controller/Reports/CustomReportController.php passes malicious SQL configuration through CustomReportController:columnConfigAction, SqlAdapter::getColumns, SqlAdapter::buildQueryString, and Db::fetchAssociative(), allowing an attacke

thehackerwire@mastodon.social at 2026-07-18T17:00:40.000Z ##

🟠 CVE-2026-44739 - High (8.7)

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.6, the columnConfigAction endpoint in bundles/CustomReportsBundle/src/Controller/Reports/CustomReportController.php passes malicious SQL configuration...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56740
(7.5 HIGH)

EPSS: 0.51%

updated 2026-07-17T22:17:57.153000

1 posts

JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not limit the number of environment variables a client may inject via the Telnet NEW-ENVIRON option, and TelnetIO.readNEVariables() in TelnetIO.java:1127-1180 stores each variable pair in a HashMap held by ConnectionData, allowing an unauthenticated attacker t

thehackerwire@mastodon.social at 2026-07-18T05:00:10.000Z ##

🟠 CVE-2026-56740 - High (7.5)

JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not limit the number of environment variables a client may inject via the Telnet NEW-ENVIRON option, and Te...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7667
(8.8 HIGH)

EPSS: 0.34%

updated 2026-07-17T21:31:53

1 posts

IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header (e.g., filename="../../../target/path" ), enabling arbitrary file write operations with attacker-controlled content to any path accessible by the Langflow process.

thehackerwire@mastodon.social at 2026-07-18T15:00:58.000Z ##

🟠 CVE-2026-7667 - High (8.8)

IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header (e.g., filename="../../../target/path" ), enabling...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-8481
(9.9 CRITICAL)

EPSS: 0.44%

updated 2026-07-17T21:31:53

1 posts

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python code and executes it directly using Python's built-in exec() function without sandboxing, input validation, or privilege restrictions, enabling any authenticated user to execute arbitrary system comman

thehackerwire@mastodon.social at 2026-07-18T14:01:17.000Z ##

🔴 CVE-2026-8481 - Critical (9.9)

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python code and executes it directly using Python's bu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7755
(8.8 HIGH)

EPSS: 0.41%

updated 2026-07-17T21:31:53

1 posts

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files.

thehackerwire@mastodon.social at 2026-07-18T12:00:34.000Z ##

🟠 CVE-2026-7755 - High (8.8)

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-8859
(9.9 CRITICAL)

EPSS: 0.34%

updated 2026-07-17T21:31:53

1 posts

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the APIRequest component. A path traversal vulnerability exists when the "Save to File" feature is enabled, where filenames extracted from HTTP response Content-Disposition headers are not sanitized before being joined to the temporary director

thehackerwire@mastodon.social at 2026-07-18T12:00:23.000Z ##

🔴 CVE-2026-8859 - Critical (9.9)

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the APIRequest component. A path traversal vulnerability exists when the "Save to File" fea...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-8505
(9.8 CRITICAL)

EPSS: 0.60%

updated 2026-07-17T21:31:53

2 posts

IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook authentication logic allows unauthenticated users to trigger the execution of any flow. The system incorrectly bypasses API key validation when the WEBHOOK_AUTH_ENABLE configuration is set to False (which is the default setting). This allows a remote attacker who knows a flow's UUID to execute it as if they were the ow

thehackerwire@mastodon.social at 2026-07-18T11:00:27.000Z ##

🔴 CVE-2026-8505 - Critical (9.8)

IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook authentication logic allows unauthenticated users to trigger the execution of any flow. The system incorrectly bypasses API key validation when the WEBHOOK_AUTH_ENABLE...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-18T10:30:27.000Z ##

CRITICAL (CVSS 9.8): CVE-2026-8505 in IBM Langflow OSS 1.0.0 – 1.10.0 enables unauthenticated RCE via default webhook auth config. Set WEBHOOK_AUTH_ENABLE=True to mitigate until official fix. Details: radar.offseq.com/threat/cve-20 #OffSeq #CVE20268505 #RCE #IBM

##

CVE-2026-14499
(8.8 HIGH)

EPSS: 0.43%

updated 2026-07-17T21:31:52

1 posts

IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input in the Python Interpreter component.

thehackerwire@mastodon.social at 2026-07-18T18:59:52.000Z ##

🟠 CVE-2026-14499 - High (8.8)

IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input in the Python Interpreter component.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13473
(8.1 HIGH)

EPSS: 0.46%

updated 2026-07-17T21:31:52

1 posts

IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 through 8.2.1.0 IBM Storage Protect is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.

thehackerwire@mastodon.social at 2026-07-18T18:01:01.000Z ##

🟠 CVE-2026-13473 - High (8.1)

IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 through 8.2.1.0 IBM Storage Protect is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13448
(8.1 HIGH)

EPSS: 0.44%

updated 2026-07-17T21:31:52

1 posts

IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build endpoint ( /api/v1/build_public_tmp/{flow_id}/flow ). The vulnerability stems from an incomplete denylist in the validate_public_flow_no_code_execution() function that fails to block several code-execution agent components including OpenDsStarAgent, CodeActAgen

thehackerwire@mastodon.social at 2026-07-18T18:00:50.000Z ##

🟠 CVE-2026-13448 - High (8.1)

IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build endpoint ( /api/v1/build_public_tmp/{flow_id}/flow ). The vulnerability stems from an incomplete denylist in...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-15091
(9.3 CRITICAL)

EPSS: 0.57%

updated 2026-07-17T21:31:52

1 posts

IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to execute arbitrary scripts due to improper neutralization of input during web page generation.

thehackerwire@mastodon.social at 2026-07-18T17:00:59.000Z ##

🔴 CVE-2026-15091 - Critical (9.3)

IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to execute arbitrary scripts due to improper neutralization of input during web page generation.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-48373
(7.8 HIGH)

EPSS: 0.19%

updated 2026-07-17T21:31:52

1 posts

Acrobat Reader is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

thehackerwire@mastodon.social at 2026-07-18T16:00:12.000Z ##

🟠 CVE-2026-48373 - High (7.8)

Acrobat Reader is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-8476
(9.9 CRITICAL)

EPSS: 0.47%

updated 2026-07-17T21:31:52

1 posts

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache class uses Python's unsafe pickle.loads() function to deserialize cached objects from disk without validation, integrity verification, or authentication, enabling arbitrary code execution when malicious pickle payloads are processed. Attackers who can

thehackerwire@mastodon.social at 2026-07-18T14:01:07.000Z ##

🔴 CVE-2026-8476 - Critical (9.9)

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache class uses Python's unsafe pickle.loads() function to deserialize cached objects from disk withou...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-8635
(9.9 CRITICAL)

EPSS: 0.29%

updated 2026-07-17T21:31:52

1 posts

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions.

thehackerwire@mastodon.social at 2026-07-18T11:00:39.000Z ##

🔴 CVE-2026-8635 - Critical (9.9)

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to escalate privileges to superuser by directly manipulating the database, execute arbitrary system commands, and achieve full system compromise with Langflow service permissions.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-9171
(7.5 HIGH)

EPSS: 0.55%

updated 2026-07-17T21:31:52

1 posts

IBM PowerVM Novalink are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

thehackerwire@mastodon.social at 2026-07-17T20:00:35.000Z ##

🟠 CVE-2026-9171 - High (7.5)

IBM PowerVM Novalink are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-9103
(9.8 CRITICAL)

EPSS: 0.41%

updated 2026-07-17T21:31:52

1 posts

IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access due to improper authentication in the /api/v1/login/auto_login endpoint. The endpoint issues long-lived superuser bearer tokens without requiring authentication when the AUTO_LOGIN configuration is enabled (enabled by default), which may allow an unauthenticated network attacker to obtain full administr

thehackerwire@mastodon.social at 2026-07-17T20:00:13.000Z ##

🔴 CVE-2026-9103 - Critical (9.8)

IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access due to improper authentication in the /api/v1/login/auto_login endpoint. The endpoint issues long-lived superuser bearer tokens without requiring authe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54159
(10.0 CRITICAL)

EPSS: 0.75%

updated 2026-07-17T21:17:07.963000

1 posts

PrestaShop ps_facetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the ps_facetedsearch module rebuilds selected search filters from the request URL, and the value of a slider filter, price or weight, is taken from the URL without sufficient validation and stored in an internal filter-block cache where it is serialized and later read back with a raw native unseri

thehackerwire@mastodon.social at 2026-07-18T05:01:30.000Z ##

🔴 CVE-2026-54159 - Critical (10)

PrestaShop ps_facetedsearch is a module that adds layered navigation filters. From 3.0.0 until 4.0.4, the ps_facetedsearch module rebuilds selected search filters from the request URL, and the value of a slider filter, price or weight, is taken fr...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-50274
(7.5 HIGH)

EPSS: 0.79%

updated 2026-07-17T21:17:07.337000

2 posts

Datadog dd-trace-go is a Go client library for Datadog application performance monitoring, profiling, and security monitoring. Prior to 2.8.1, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES limits on the extract path. A remote, unauthenticated attacker can send a request

hugovalters@mastodon.social at 2026-07-19T14:01:05.000Z ##

CVE-2026-50274 - High-severity DoS in Datadog dd-trace-go. Unpatched. Remote attacker can exploit missing baggage limits (CVSS 7.5). Update to 2.8.1 immediately. #CVE #Datadog #infosec

valtersit.com/cve/CVE-2026-502

##

thehackerwire@mastodon.social at 2026-07-18T05:01:18.000Z ##

🟠 CVE-2026-50274 - High (7.5)

Datadog dd-trace-go is a Go client library for Datadog application performance monitoring, profiling, and security monitoring. Prior to 2.8.1, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers wit...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-50271
(7.5 HIGH)

EPSS: 0.79%

updated 2026-07-17T21:17:07.070000

1 posts

Datadog dd-trace-py is the Datadog Python APM client. Prior to 4.8.2, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES limits on the extract path. A remote, unauthenticated attacker can send a request whose baggage header contains an arbitrarily large number of comma-separ

thehackerwire@mastodon.social at 2026-07-17T22:00:49.000Z ##

🟠 CVE-2026-50271 - High (7.5)

Datadog dd-trace-py is the Datadog Python APM client. Prior to 4.8.2, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES l...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13446
(9.8 CRITICAL)

EPSS: 0.21%

updated 2026-07-17T21:17:05.960000

2 posts

IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

thehackerwire@mastodon.social at 2026-07-18T11:00:14.000Z ##

🔴 CVE-2026-13446 - Critical (9.8)

IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-18T09:00:36.000Z ##

CVE-2026-13446: IBM Langflow OSS 1.0.0 – 1.10.1 contains hard-coded credentials (CRITICAL, CVSS 9.8). Total system compromise possible. No patch yet — restrict access, monitor activity. More: radar.offseq.com/threat/cve-20 #OffSeq #Vuln #Cybersecurity #IBM

##

CVE-2026-13445
(8.1 HIGH)

EPSS: 0.20%

updated 2026-07-17T21:17:05.473000

1 posts

IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the SaveToFile component to read and modify another user's uploaded files by specifying absolute paths pointing to victim storage locations. In append mode, the attacker's workflow reads victim file contents, appends attacker-controlled data, and uploads a copy containing victim data to the attacker's namespace (c

thehackerwire@mastodon.social at 2026-07-18T09:00:32.000Z ##

🟠 CVE-2026-13445 - High (8.1)

IBM Langflow OSS 1.0.0 through 1.10.1 can allow an authenticated attacker to exploit the SaveToFile component to read and modify another user's uploaded files by specifying absolute paths pointing to victim storage locations. In append mode, the a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-8056
(8.8 HIGH)

EPSS: 0.29%

updated 2026-07-17T20:17:30.500000

1 posts

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exists in the parameter filtering mechanism within the `apply_tweaks()` function.

thehackerwire@mastodon.social at 2026-07-18T14:00:57.000Z ##

🟠 CVE-2026-8056 - High (8.8)

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exists in the parameter filtering mechanism within the `apply_tweaks()` function.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7872
(7.5 HIGH)

EPSS: 0.38%

updated 2026-07-17T20:17:30.377000

1 posts

IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to read arbitrary files including the JWT signing key and forge authentication tokens for any user.

thehackerwire@mastodon.social at 2026-07-18T12:00:46.000Z ##

🟠 CVE-2026-7872 - High (7.5)

IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to read arbitrary files including the JWT signing key and forge authentication tokens for any user.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7754
(7.7 HIGH)

EPSS: 0.22%

updated 2026-07-17T20:17:29.470000

1 posts

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could allow server-side request forgery (SSRF) due to insecure default configuration and incomplete enforcement of the SSRF protection mechanism.

thehackerwire@mastodon.social at 2026-07-18T15:01:09.000Z ##

🟠 CVE-2026-7754 - High (7.7)

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could allow server-side request forgery (SSRF) due to insecure default configuration and incomplete enforcement of the SSRF protection mechanism.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58195
(8.8 HIGH)

EPSS: 0.46%

updated 2026-07-17T20:17:27.157000

1 posts

Agentic-Flow is an AI agent orchestration platform. Prior to 2.0.14, agentic-flow MCP server tools in src/mcp/standalone-stdio.ts, src/mcp/fastmcp/servers/claude-flow-sdk.ts, src/mcp/fastmcp/servers/stdio-full.ts, src/mcp/fastmcp/servers/http-streaming-updated.ts, src/mcp/fastmcp/servers/http-sse.ts, src/mcp/fastmcp/servers/poc-stdio.ts, src/mcp/fastmcp/tools/agent/{execute,list,parallel}.ts, src/

thehackerwire@mastodon.social at 2026-07-18T19:00:01.000Z ##

🟠 CVE-2026-58195 - High (8.8)

Agentic-Flow is an AI agent orchestration platform. Prior to 2.0.14, agentic-flow MCP server tools in src/mcp/standalone-stdio.ts, src/mcp/fastmcp/servers/claude-flow-sdk.ts, src/mcp/fastmcp/servers/stdio-full.ts, src/mcp/fastmcp/servers/http-stre...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-50273
(7.5 HIGH)

EPSS: 0.79%

updated 2026-07-17T20:17:24.220000

1 posts

Datadog .NET Tracer is a client library for Datadog APM for .NET applications. Prior to 3.43.0, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD_TRACE_BAGGAGE_MAX_BYTES on extraction, allowing a remote unauthenticated attacker to send a baggage header with many comma-separated key-value pairs or

thehackerwire@mastodon.social at 2026-07-19T07:00:13.000Z ##

🟠 CVE-2026-50273 - High (7.5)

Datadog .NET Tracer is a client library for Datadog APM for .NET applications. Prior to 3.43.0, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DD_TRACE_BAGGAGE_MAX_ITEMS or DD...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-15322
(7.5 HIGH)

EPSS: 0.52%

updated 2026-07-17T20:17:15.800000

1 posts

IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to obtain sensitive information due to the exposure of session tokens in URLs.

thehackerwire@mastodon.social at 2026-07-18T18:00:39.000Z ##

🟠 CVE-2026-15322 - High (7.5)

IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to obtain sensitive information due to the exposure of session tokens in URLs.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-9135
(9.9 CRITICAL)

EPSS: 0.80%

updated 2026-07-17T19:17:19.390000

1 posts

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 (commit 94981c443d4918517b9e8163d70fc598dc33a32d) contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allow_custom_components=false security control. The vulnerability exists because the validation mechanism only checks the main component source code in node_template["code"]["

thehackerwire@mastodon.social at 2026-07-17T20:00:24.000Z ##

🔴 CVE-2026-9135 - Critical (9.9)

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 (commit 94981c443d4918517b9e8163d70fc598dc33a32d) contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allow_custom_component...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-62241
(9.1 CRITICAL)

EPSS: 0.39%

updated 2026-07-17T19:17:18.647000

3 posts

clawvet self-hosted API server (apps/api) before 0.7.5 hard-codes a fallback JWT secret ('clawvet-dev-secret-change-me') in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId values without authentication, a remote unauthenticated attacker can harvest a victim's userId, forge a valid HS256 cg_session cookie offline using the known

thehackerwire@mastodon.social at 2026-07-19T15:00:01.000Z ##

🔴 CVE-2026-62241 - Critical (9.1)

clawvet self-hosted API server (apps/api) before 0.7.5 hard-codes a fallback JWT secret ('clawvet-dev-secret-change-me') in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId value...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-19T15:00:01.000Z ##

🔴 CVE-2026-62241 - Critical (9.1)

clawvet self-hosted API server (apps/api) before 0.7.5 hard-codes a fallback JWT secret ('clawvet-dev-secret-change-me') in auth.ts and ships it as the default in .env.example. Because GET /api/v1/scans returns scan records containing userId value...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-17T01:30:25.000Z ##

MohibShaikh clawvet API server <0.7.5 (CVE-2026-62241) suffers a CRITICAL flaw: hard-coded JWT secret enables unauthenticated user data access and session cookie forgery. Change secrets & limit endpoint access. radar.offseq.com/threat/cve-20 #OffSeq #CVE202662241 #vuln

##

CVE-2026-62227
(7.7 HIGH)

EPSS: 0.24%

updated 2026-07-17T19:17:18.390000

2 posts

OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in browser snapshot routes that fail to validate post-navigation destinations. Attackers with lower-trust access can bypass OpenClaw policy checks to reach network destinations that should have been blocked.

thehackerwire@mastodon.social at 2026-07-19T16:00:00.000Z ##

🟠 CVE-2026-62227 - High (7.7)

OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in browser snapshot routes that fail to validate post-navigation destinations. Attackers with lower-trust access can bypass OpenClaw policy checks to reach net...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-19T16:00:00.000Z ##

🟠 CVE-2026-62227 - High (7.7)

OpenClaw 2026.4.14 before 2026.5.26 contain a server-side request forgery vulnerability in browser snapshot routes that fail to validate post-navigation destinations. Attackers with lower-trust access can bypass OpenClaw policy checks to reach net...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55173
(8.1 HIGH)

EPSS: 3.43%

updated 2026-07-17T18:36:41.143000

1 posts

WWBN AVideo is an open source video platform. Versions 29.0 and below remain vulnerable to OS command injection because the fix for CVE-2026-33482 was incomplete and still does not neutralize a single & ( the shell background operator). CVE-2026-33482 reported that sanitizeFFmpegCommand() (plugin/API/standAlone/functions.php) failed to strip $(...) command substitution, allowing OS command injecti

thehackerwire@mastodon.social at 2026-07-16T22:01:24.000Z ##

🟠 CVE-2026-55173 - High (8.1)

WWBN AVideo is an open source video platform. Versions 29.0 and below remain vulnerable to OS command injection because the fix for CVE-2026-33482 was incomplete and still does not neutralize a single & ( the shell background operator). CVE-2026-...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44182
(0 None)

EPSS: 0.35%

updated 2026-07-17T18:35:23.877000

1 posts

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions prior to 3.3.0, the server interpolates untrusted environment variables (e.g., KERNEL_XXX) into Kubernetes manifests without YAML-aware escaping, enabling YAML injection attacks. Attackers can inject new fields, overwrite critical fields (e.g.

offseq@infosec.exchange at 2026-07-17T04:30:25.000Z ##

CVE-2026-44182: CRITICAL YAML injection in jupyter-server enterprise_gateway <3.3.0 🚨 Untrusted env vars in manifests can let attackers create/modify Kubernetes resources, incl. privileged pods. Upgrade to 3.3.0+ ASAP. radar.offseq.com/threat/cve-20 #OffSeq #CVE202644182 #Kubernetes

##

CVE-2025-60357
(8.1 HIGH)

EPSS: 0.40%

updated 2026-07-17T18:32:30

1 posts

AhnLab EPP Management v1.0.14.32-6249 was discovered to contain a NoSQL injection vulnerability via the eventlog/agentEvent/list endpoint.

1 repos

https://github.com/Nullbyte3117/CVE-2025-60357

thehackerwire@mastodon.social at 2026-07-19T12:00:15.000Z ##

🟠 CVE-2025-60357 - High (8.1)

AhnLab EPP Management v1.0.14.32-6249 was discovered to contain a NoSQL injection vulnerability via the eventlog/agentEvent/list endpoint.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13410
(8.2 HIGH)

EPSS: 0.24%

updated 2026-07-17T18:32:29

1 posts

Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled. The default user agent is initialised with SSL_verify_mode explicitly disabled. An attacker with network man-in-the-middle (MITM) capability between the Dancer application and googleapis.com can intercept the OAuth2 token exchange and userinfo fetch, return a forged access_token and user profile, and be l

thehackerwire@mastodon.social at 2026-07-19T12:59:51.000Z ##

🟠 CVE-2026-13410 - High (8.2)

Dancer::Plugin::Auth::Google versions through 0.07 for Perl have TLS verification disabled.

The default user agent is initialised with SSL_verify_mode explicitly disabled.

An attacker with network man-in-the-middle (MITM) capability between the ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-51080
(9.8 CRITICAL)

EPSS: 0.30%

updated 2026-07-17T18:32:29

1 posts

libpvestorage-perl v9.1.1 and libpve-storage-perl v8.3.7 were discovered to contain an XML External Entity (XXE) vulnerability.

thehackerwire@mastodon.social at 2026-07-19T11:00:14.000Z ##

🔴 CVE-2026-51080 - Critical (9.8)

libpvestorage-perl v9.1.1 and libpve-storage-perl v8.3.7 were discovered to contain an XML External Entity (XXE) vulnerability.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-57860
(7.8 HIGH)

EPSS: 0.13%

updated 2026-07-17T18:31:35

1 posts

ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and args values (for example, command: bash with args: ['-c', 'touch /tmp/pwned']). When a user runs the

thehackerwire@mastodon.social at 2026-07-19T08:59:52.000Z ##

🟠 CVE-2026-57860 - High (7.8)

ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json who...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-9762
(7.8 HIGH)

EPSS: 0.17%

updated 2026-07-17T18:31:35

1 posts

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control.

thehackerwire@mastodon.social at 2026-07-19T07:00:03.000Z ##

🟠 CVE-2026-9762 - High (7.8)

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-9202
(9.8 CRITICAL)

EPSS: 0.29%

updated 2026-07-17T18:31:35

2 posts

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow instance; when NEW_USER_IS_ACTIVE=true (documented deployment option), newly created accounts are immediately active and can authenticate to reach RCE endpoints, bypassing the need for AUTO_LOGIN.

thehackerwire@mastodon.social at 2026-07-19T06:59:54.000Z ##

🔴 CVE-2026-9202 - Critical (9.8)

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow instance; when NEW_USER_IS_ACTIVE=true (documented deployment option), newly created accounts are immediately active and can a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

hugovalters@mastodon.social at 2026-07-18T17:01:24.000Z ##

CVE-2026-9202 - Critical RCE in IBM Langflow. Unauthenticated account creation bypass leads to RCE. CVSS 9.8. No patch available. Mitigate by disabling NEW_USER_IS_ACTIVE. #CVE #IBM #infosec

valtersit.com/cve/CVE-2026-920

##

CVE-2026-12694
(9.1 CRITICAL)

EPSS: 0.24%

updated 2026-07-17T18:31:34

1 posts

Missing Authorization vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0.

thehackerwire@mastodon.social at 2026-07-19T10:00:42.000Z ##

🔴 CVE-2026-12694 - Critical (9.1)

Missing Authorization vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-12693
(9.4 CRITICAL)

EPSS: 0.26%

updated 2026-07-17T18:31:34

1 posts

Authorization bypass through User-Controlled key vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0.

thehackerwire@mastodon.social at 2026-07-19T10:00:31.000Z ##

🔴 CVE-2026-12693 - Critical (9.4)

Authorization bypass through User-Controlled key vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-12692
(9.8 CRITICAL)

EPSS: 0.35%

updated 2026-07-17T18:31:34

1 posts

Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0.

thehackerwire@mastodon.social at 2026-07-19T09:00:13.000Z ##

🔴 CVE-2026-12692 - Critical (9.8)

Unverified password change vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass.

This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-12691
(7.5 HIGH)

EPSS: 0.30%

updated 2026-07-17T18:31:34

1 posts

Missing authentication for critical function vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0.

thehackerwire@mastodon.social at 2026-07-19T09:00:02.000Z ##

🟠 CVE-2026-12691 - High (7.5)

Missing authentication for critical function vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass.

This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-63101
(7.5 HIGH)

EPSS: 0.30%

updated 2026-07-17T18:31:34

1 posts

Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting requests to the group followers CSV export endpoint which lacks any authentication decorator. Attackers can enumerate sequential group IDs via brute-force, tri

thehackerwire@mastodon.social at 2026-07-19T08:00:21.000Z ##

🟠 CVE-2026-63101 - High (7.5)

Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting reques...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-8297
(9.8 CRITICAL)

EPSS: 0.26%

updated 2026-07-17T17:54:18.640000

1 posts

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection. This issue affects GisLab Laboratory Management System: from 1.4.03 through 08072026.

thehackerwire@mastodon.social at 2026-07-19T08:00:32.000Z ##

🔴 CVE-2026-8297 - Critical (9.8)

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows SQL Injection.

This ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13352
(8.8 HIGH)

EPSS: 0.57%

updated 2026-07-17T16:17:13.187000

1 posts

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 4.16.18 via the allowed_mime_types function. This is due to the unconditional registration of an upload_mimes filter that adds executable file extensions (.exe, .apk, .msi) to the

thehackerwire@mastodon.social at 2026-07-19T14:00:15.000Z ##

🟠 CVE-2026-13352 - High (8.8)

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 4.16.18 via the allowed_m...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-62386
(7.5 HIGH)

EPSS: 0.27%

updated 2026-07-17T15:44:29.553000

2 posts

The Grav API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query parameter on every API route (JwtAuthenticator::extractBearerToken fallback). Because tokens are embedded in URLs, they are logged verbatim in web server access logs, leaked via the Referer header, stored in browser history, and captured by upstream proxy and CDN logs, exposing

thehackerwire@mastodon.social at 2026-07-19T15:00:12.000Z ##

🟠 CVE-2026-62386 - High (7.5)

The Grav API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query parameter on every API route (JwtAuthenticator::extractBearerToken fallback). Because tokens are embedded in URLs, they are lo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-19T15:00:12.000Z ##

🟠 CVE-2026-62386 - High (7.5)

The Grav API plugin (getgrav/grav-plugin-api) before 1.0.0-rc.16 accepts JWT access tokens through the ?token= URL query parameter on every API route (JwtAuthenticator::extractBearerToken fallback). Because tokens are embedded in URLs, they are lo...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-62234
(8.1 HIGH)

EPSS: 0.30%

updated 2026-07-17T15:44:29.553000

2 posts

Grav before 2.0.4 fails to restrict cURL protocols in webhook dispatch, allowing authenticated users with api.webhooks.write permission to create webhooks with file://, dict://, or gopher:// URLs. Attackers can trigger webhook events to read local files, access process information, or pivot to internal services via unrestricted protocol handlers.

thehackerwire@mastodon.social at 2026-07-19T14:59:51.000Z ##

🟠 CVE-2026-62234 - High (8.1)

Grav before 2.0.4 fails to restrict cURL protocols in webhook dispatch, allowing authenticated users with api.webhooks.write permission to create webhooks with file://, dict://, or gopher:// URLs. Attackers can trigger webhook events to read local...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-19T14:59:51.000Z ##

🟠 CVE-2026-62234 - High (8.1)

Grav before 2.0.4 fails to restrict cURL protocols in webhook dispatch, allowing authenticated users with api.webhooks.write permission to create webhooks with file://, dict://, or gopher:// URLs. Attackers can trigger webhook events to read local...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-62232
(7.4 HIGH)

EPSS: 0.28%

updated 2026-07-17T15:44:29.553000

1 posts

Grav before 2.0.4 contains a two-factor authentication bypass vulnerability in the login plugin where the regenerate2FASecret task checks only user existence, not authorization, during the pending TOTP challenge window. Attackers who know the victim's password can call this task without a CSRF nonce to overwrite the 2FA secret with an attacker-chosen value, compute a valid TOTP code, and complete

offseq@infosec.exchange at 2026-07-17T03:00:30.000Z ##

CVE-2026-62232 (CRITICAL): getgrav Grav <2.0.4 has a 2FA bypass flaw — attackers knowing a user's password can overwrite the 2FA secret, reducing protection to password-only. Monitor & restrict access. Patch status pending. radar.offseq.com/threat/cve-20 #OffSeq #CVE202662232 #2FA #infosec

##

CVE-2026-11575
(7.5 HIGH)

EPSS: 0.21%

updated 2026-07-17T15:33:32

1 posts

The PhonePe Payment Solutions WordPress plugin before 3.1.0 does not properly verify the authenticity of incoming payment callbacks: the secret used to validate the callback signature is empty on sites configured through the current setup flow, so the expected signature reduces to an unkeyed hash of the request body that anyone can compute. This allows unauthenticated attackers to forge a payment-

thehackerwire@mastodon.social at 2026-07-19T13:00:13.000Z ##

🟠 CVE-2026-11575 - High (7.5)

The PhonePe Payment Solutions WordPress plugin before 3.1.0 does not properly verify the authenticity of incoming payment callbacks: the secret used to validate the callback signature is empty on sites configured through the current setup flow, so...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-8396
(7.5 HIGH)

EPSS: 0.26%

updated 2026-07-17T15:32:37

1 posts

Improper restriction of XML external entity reference vulnerability in Netcad Software Inc. NetGIS allows Serialized Data External Linking. This issue affects NetGIS: from 5.0.66 before 7.2.2.

thehackerwire@mastodon.social at 2026-07-19T12:00:42.000Z ##

🟠 CVE-2026-8396 - High (7.5)

Improper restriction of XML external entity reference vulnerability in Netcad Software Inc. NetGIS allows Serialized Data External Linking.

This issue affects NetGIS: from 5.0.66 before 7.2.2.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7488
(7.5 HIGH)

EPSS: 0.24%

updated 2026-07-17T15:32:37

1 posts

Insertion of sensitive information into sent data vulnerability in IKAS Technology Inc. E-Commerce allows Retrieve Embedded Sensitive Data. This issue affects E-Commerce: through 03062026.

thehackerwire@mastodon.social at 2026-07-19T11:00:03.000Z ##

🟠 CVE-2026-7488 - High (7.5)

Insertion of sensitive information into sent data vulnerability in IKAS Technology Inc. E-Commerce allows Retrieve Embedded Sensitive Data.

This issue affects E-Commerce: through 03062026.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-63094
(8.1 HIGH)

EPSS: 0.17%

updated 2026-07-17T15:32:37

1 posts

SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with a ref parameter pointing to an attacker-controlled host, deliver the resulting crafted login URL to a

thehackerwire@mastodon.social at 2026-07-19T10:59:53.000Z ##

🟠 CVE-2026-63094 - High (8.1)

SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-63093
(8.8 HIGH)

EPSS: 0.43%

updated 2026-07-17T15:32:37

1 posts

Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves and executes the workspace-resident git.exe during IDE startup and on a recurring timed cadence without

thehackerwire@mastodon.social at 2026-07-19T10:00:51.000Z ##

🟠 CVE-2026-63093 - High (8.8)

Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a c...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-7189
(7.5 HIGH)

EPSS: 0.24%

updated 2026-07-17T15:32:29

1 posts

Insertion of sensitive information into sent data vulnerability in Proliz Software Ltd. Co. Proliz's OBS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Proliz's OBS: before v3.6.0.

thehackerwire@mastodon.social at 2026-07-19T12:00:26.000Z ##

🟠 CVE-2026-7189 - High (7.5)

Insertion of sensitive information into sent data vulnerability in Proliz Software Ltd. Co. Proliz's OBS allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Proliz's OBS: before v3.6.0.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-9810
(9.8 CRITICAL)

EPSS: 0.28%

updated 2026-07-17T15:32:28

1 posts

The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileged MCP tools as an administrator, including arbitrary user creation and role escalation.

thehackerwire@mastodon.social at 2026-07-19T13:00:01.000Z ##

🔴 CVE-2026-9810 - Critical (9.8)

The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileg...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-11961
(8.1 HIGH)

EPSS: 0.23%

updated 2026-07-17T15:32:27

2 posts

The User Registration & Membership WordPress plugin before 5.2.3 does not validate that the membership tier submitted during public registration is one of the tiers allowed by the registration form before assigning that tier's associated user role, allowing unauthenticated users to register into an arbitrary published membership tier and obtain its role — up to administrator when such a tier exis

thehackerwire@mastodon.social at 2026-07-19T13:59:52.000Z ##

🟠 CVE-2026-11961 - High (8.1)

The User Registration & Membership WordPress plugin before 5.2.3 does not validate that the membership tier submitted during public registration is one of the tiers allowed by the registration form before assigning that tier's associated user rol...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-17T09:00:29.000Z ##

CVE-2026-11961 (CRITICAL): User Registration & Membership plugin (pre-5.2.3) allows unauthenticated users to assign arbitrary membership tiers, including admin, during signup. Disable or restrict registration until fixed. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #CVE2026

##

CVE-2026-15982
(9.8 CRITICAL)

EPSS: 0.29%

updated 2026-07-17T14:59:38.667000

2 posts

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomatic_call_google_ai_function' function. This makes it possible for unauthenticated attackers to leverage the 'aimogen_wp_god_mode' tool to clear funct

thehackerwire@mastodon.social at 2026-07-17T09:59:48.000Z ##

🔴 CVE-2026-15982 - Critical (9.8)

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'a...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-17T06:00:27.000Z ##

CVE-2026-15982 | CodeRevolution Aimogen Pro (≤2.8.4) has a CRITICAL privilege escalation flaw — attackers can leverage missing capability checks to create admin accounts. Urgent patching advised. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vulnerability #Infosec

##

CVE-2026-13765
(7.5 HIGH)

EPSS: 0.39%

updated 2026-07-17T06:31:06

1 posts

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the check_answer. This makes it possible for unauthenticated attackers to extract the correct-answer markers, full option lists, explanations, and question content for any quiz question on the site — including

thehackerwire@mastodon.social at 2026-07-19T14:00:02.000Z ##

🟠 CVE-2026-13765 - High (7.5)

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the check_answer. This makes it possible for unauthenti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-50454
(7.8 HIGH)

EPSS: 0.40%

updated 2026-07-17T05:16:39.690000

1 posts

Relative path traversal in Windows User Interface Core allows an authorized attacker to elevate privileges locally.

_r_netsec@infosec.exchange at 2026-07-17T13:28:05.000Z ##

Windows AppResolver LPE: From AppContainer to SYSTEM. PoC linked to CVE-2026-50454 davidcarliez.github.io/blog/wi

##

CVE-2026-25089
(9.8 CRITICAL)

EPSS: 36.13%

updated 2026-07-17T05:16:38.687000

4 posts

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP req

2 repos

https://github.com/HORKimhab/CVE-2026-25089

https://github.com/0xBlackash/CVE-2026-25089

AAKL@infosec.exchange at 2026-07-17T15:51:07.000Z ##

Broadcom has new advisories addressing two high-severity vulnerabilities that were fist published on the 15th support.broadcom.com/web/ecx/s

Cisco:

Medium Severity: CVE-2025-20204and CVE-2025-20205 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity

And if you missed this yesterday, CISA added two Fortinet vulnerabilities to the catalogue:

CISA:

CVE-2026-39808: Fortinet FortiSandbox OS Command Injection Vulnerability cve.org/CVERecord?id=CVE-2026-

CVE-2026-25089: Fortinet FortiSandbox OS Command Injection Vulnerability cve.org/CVERecord?id=CVE-2026-

And a Microsoft vulnerability:

CISA: CVE-2026-58644: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability cve.org/CVERecord?id=CVE-2026- #Microsoft #CISA #Fortinet #infosec #vulnerability #Cisco #Broadcom

##

DailyCyberSecurity@infosec.exchange at 2026-07-17T01:41:11.000Z ##

CISA KEV catalog adds three actively exploited flaws: FortiSandbox CVE-2026-25089, CVE-2026-39808, and SharePoint CVE-2026-58644. Patch by July 19.

#CISA #KEV #Fortinet #FortiSandbox #SharePoint #CVE202658644 #ActivelyExploited #CyberSecurity

securityonline.info/cisa-kev-f

##

secdb@infosec.exchange at 2026-07-16T19:00:11.000Z ##

🚨 [CISA-2026:0716] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-25089 (secdb.nttzen.cloud/cve/detail/)
- Name: Fortinet FortiSandbox OS Command Injection Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiSandbox
- Notes: fortiguard.fortinet.com/psirt/ ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-39808 (secdb.nttzen.cloud/cve/detail/)
- Name: Fortinet FortiSandbox OS Command Injection Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiSandbox
- Notes: fortiguard.fortinet.com/psirt/ ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-58644 (secdb.nttzen.cloud/cve/detail/)
- Name: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: SharePoint
- Notes: msrc.microsoft.com/update-guid ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260716 #cisa20260716 #cve_2026_25089 #cve_2026_39808 #cve_2026_58644 #cve202625089 #cve202639808 #cve202658644

##

cisakevtracker@mastodon.social at 2026-07-16T18:01:14.000Z ##

CVE ID: CVE-2026-25089
Vendor: Fortinet
Product: FortiSandbox
Date Added: 2026-07-16
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2026-53412
(9.8 CRITICAL)

EPSS: 0.51%

updated 2026-07-17T00:32:18

5 posts

Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access.

DailyCyberSecurity@infosec.exchange at 2026-07-17T08:01:37.000Z ##

A Zoom critical vulnerability (CVE-2026-53412, CVSS 9.8) lets attackers hijack accounts on Windows with no user interaction. Update your client now.

#Zoom #CVE202653412 #Vulnerability #CyberSecurity #Windows #AccountTakeover

securityexpress.info/cve-2026-

##

oversecurity@mastodon.social at 2026-07-17T06:50:27.000Z ##

Zoom Patches Critical Windows Flaw Enabling Account Takeover

Zoom has released security updates to fix CVE-2026-53412, a critical Improper Input Validation vulnerability affecting its Windows software, which...

🔗️ [Thecyberexpress] link.is.it/17cS6R

##

teezeh@ieji.de at 2026-07-16T09:43:29.000Z ##

"Zoom is warning of a critical vulnerability in its desktop client and software development kit for Windows that could be exploited by an unauthenticated party to hijack accounts.

Discovered internally, the security issue is tracked as CVE-2026-53412 and received a severity score of 9.8 out of 10.

In an advisory this week, the messaging platform says that the flaw affects Zoom Workplace for Windows before version 7.0.0, the Windows VDI Client before versions 7.0.10, 6.6.15, and 6.5.18, and the Meeting SDK for Windows before version 7.0.0."

bleepingcomputer.com/news/secu

##

nono2357@infosec.exchange at 2026-07-16T09:11:31.000Z ##

Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug
securityaffairs.com/195454/sec

##

ottoto2017@prattohome.com at 2026-07-16T05:38:31.000Z ##

「Zoomがアカウント乗っ取りの重大な脆弱性について警告 」: #BLEEPINGCOMPUTER

「Zoomは、Windows向けデスクトップクライアントおよびソフトウェア開発キットに重大な脆弱性が存在すると警告している。この脆弱性を悪用すれば、認証されていない第三者がアカウントを乗っ取る可能性がある。

社内で発見されたこのセキュリティ問題は、CVE-2026-53412として追跡されており、深刻度スコアは10点満点中9.8点と評価されています。

今週発表された勧告によると、この脆弱性は、Windows版Zoom Workplaceのバージョン7.0.0未満、Windows VDI Clientのバージョン7.0.10未満、6.6.15未満、6.5.18未満、およびWindows版Meeting SDKのバージョン7.0.0未満に影響するとのことです。 」

bleepingcomputer.com/news/secu

#prattohome

##

CVE-2026-53409
(7.8 HIGH)

EPSS: 0.15%

updated 2026-07-16T21:30:46

1 posts

Improper Privilege Management in Zoom Rooms for Windows before version 7.1.0 may allow an authenticated user to conduct an escalation of privilege via local access.

thehackerwire@mastodon.social at 2026-07-16T22:01:13.000Z ##

🟠 CVE-2026-53409 - High (7.8)

Improper Privilege Management in Zoom Rooms for Windows before version 7.1.0 may allow an authenticated user to conduct an escalation of privilege via local access.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39808
(9.8 CRITICAL)

EPSS: 84.16%

updated 2026-07-16T18:32:24

4 posts

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here>

Nuclei template

6 repos

https://github.com/0xBlackash/CVE-2026-39808

https://github.com/samu-delucas/CVE-2026-39808

https://github.com/HORKimhab/CVE-2026-39808

https://github.com/Lechansky/CVE-2026-39808

https://github.com/error-inside/CVE-2026-39808

https://github.com/ynsmroztas/FortiSandbox-RCE-Exploit-CVE-2026-39808

AAKL@infosec.exchange at 2026-07-17T15:51:07.000Z ##

Broadcom has new advisories addressing two high-severity vulnerabilities that were fist published on the 15th support.broadcom.com/web/ecx/s

Cisco:

Medium Severity: CVE-2025-20204and CVE-2025-20205 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity

And if you missed this yesterday, CISA added two Fortinet vulnerabilities to the catalogue:

CISA:

CVE-2026-39808: Fortinet FortiSandbox OS Command Injection Vulnerability cve.org/CVERecord?id=CVE-2026-

CVE-2026-25089: Fortinet FortiSandbox OS Command Injection Vulnerability cve.org/CVERecord?id=CVE-2026-

And a Microsoft vulnerability:

CISA: CVE-2026-58644: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability cve.org/CVERecord?id=CVE-2026- #Microsoft #CISA #Fortinet #infosec #vulnerability #Cisco #Broadcom

##

DailyCyberSecurity@infosec.exchange at 2026-07-17T01:41:11.000Z ##

CISA KEV catalog adds three actively exploited flaws: FortiSandbox CVE-2026-25089, CVE-2026-39808, and SharePoint CVE-2026-58644. Patch by July 19.

#CISA #KEV #Fortinet #FortiSandbox #SharePoint #CVE202658644 #ActivelyExploited #CyberSecurity

securityonline.info/cisa-kev-f

##

secdb@infosec.exchange at 2026-07-16T19:00:11.000Z ##

🚨 [CISA-2026:0716] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-25089 (secdb.nttzen.cloud/cve/detail/)
- Name: Fortinet FortiSandbox OS Command Injection Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiSandbox
- Notes: fortiguard.fortinet.com/psirt/ ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-39808 (secdb.nttzen.cloud/cve/detail/)
- Name: Fortinet FortiSandbox OS Command Injection Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiSandbox
- Notes: fortiguard.fortinet.com/psirt/ ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-58644 (secdb.nttzen.cloud/cve/detail/)
- Name: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: SharePoint
- Notes: msrc.microsoft.com/update-guid ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260716 #cisa20260716 #cve_2026_25089 #cve_2026_39808 #cve_2026_58644 #cve202625089 #cve202639808 #cve202658644

##

cisakevtracker@mastodon.social at 2026-07-16T18:01:30.000Z ##

CVE ID: CVE-2026-39808
Vendor: Fortinet
Product: FortiSandbox
Date Added: 2026-07-16
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2026-58644
(9.8 CRITICAL)

EPSS: 1.47%

updated 2026-07-16T18:31:26

7 posts

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

threatnoir@infosec.exchange at 2026-07-19T05:05:38.000Z ##

⚠️ CRITICAL: Fresh SharePoint Vulnerability Exploited Soon After Disclosure

Microsoft SharePoint RCE vulnerability CVE-2026-58644 (CVSS 9.8) is actively exploited in the wild following July 2026 Patch Tuesday disclosure. Authenticated attackers with Site Owner privileges can execute arbitrary code via deserialization flaws. All organizations running affected SharePoint ver…

threatnoir.com/focus

#infosec #cybersecurity

##

youranonnewsirc@nerdculture.de at 2026-07-18T04:26:09.000Z ##

Latest 24-hour summary:

Geopolitical: US strikes Iran for a sixth night, escalating conflict and impacting the Strait of Hormuz.
Technology: IBM unveils a sub-1nm chip, Japan achieves 6G, and AI chip demand surges amidst a deepening tech selloff.
Cybersecurity: CISA warns of an actively exploited SharePoint RCE zero-day (CVE-2026-58644), urging immediate patching. New BL4CK SP1D3R ransomware threats are also detected.

#AnonNews_irc #Cybersecurity #News

##

AAKL@infosec.exchange at 2026-07-17T15:51:07.000Z ##

Broadcom has new advisories addressing two high-severity vulnerabilities that were fist published on the 15th support.broadcom.com/web/ecx/s

Cisco:

Medium Severity: CVE-2025-20204and CVE-2025-20205 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity

And if you missed this yesterday, CISA added two Fortinet vulnerabilities to the catalogue:

CISA:

CVE-2026-39808: Fortinet FortiSandbox OS Command Injection Vulnerability cve.org/CVERecord?id=CVE-2026-

CVE-2026-25089: Fortinet FortiSandbox OS Command Injection Vulnerability cve.org/CVERecord?id=CVE-2026-

And a Microsoft vulnerability:

CISA: CVE-2026-58644: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability cve.org/CVERecord?id=CVE-2026- #Microsoft #CISA #Fortinet #infosec #vulnerability #Cisco #Broadcom

##

offseq@infosec.exchange at 2026-07-17T07:30:26.000Z ##

CVE-2026-58644: CRITICAL RCE in Microsoft SharePoint enables remote, authenticated Site Owners to execute code via deserialization. Exploited in the wild — patch now (July 2026 updates). Details: radar.offseq.com/threat/fresh- #OffSeq #SharePoint #Vuln #KEV #Infosec

##

DailyCyberSecurity@infosec.exchange at 2026-07-17T01:41:11.000Z ##

CISA KEV catalog adds three actively exploited flaws: FortiSandbox CVE-2026-25089, CVE-2026-39808, and SharePoint CVE-2026-58644. Patch by July 19.

#CISA #KEV #Fortinet #FortiSandbox #SharePoint #CVE202658644 #ActivelyExploited #CyberSecurity

securityonline.info/cisa-kev-f

##

secdb@infosec.exchange at 2026-07-16T19:00:11.000Z ##

🚨 [CISA-2026:0716] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-25089 (secdb.nttzen.cloud/cve/detail/)
- Name: Fortinet FortiSandbox OS Command Injection Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiSandbox
- Notes: fortiguard.fortinet.com/psirt/ ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-39808 (secdb.nttzen.cloud/cve/detail/)
- Name: Fortinet FortiSandbox OS Command Injection Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiSandbox
- Notes: fortiguard.fortinet.com/psirt/ ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-58644 (secdb.nttzen.cloud/cve/detail/)
- Name: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: SharePoint
- Notes: msrc.microsoft.com/update-guid ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260716 #cisa20260716 #cve_2026_25089 #cve_2026_39808 #cve_2026_58644 #cve202625089 #cve202639808 #cve202658644

##

cisakevtracker@mastodon.social at 2026-07-16T18:00:57.000Z ##

CVE ID: CVE-2026-58644
Vendor: Microsoft
Product: SharePoint
Date Added: 2026-07-16
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2026-12525
(8.8 HIGH)

EPSS: 0.24%

updated 2026-07-16T18:16:41.633000

1 posts

The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile, on sites where the Redux Framework WordPress plugin before 4.5.13's user-profile (Users extension) fe

offseq@infosec.exchange at 2026-07-16T09:00:28.000Z ##

CVE-2026-12525: Redux Framework <4.5.13 (WordPress) allows Subscribers to escalate to Admin by abusing the user-profile extension. Severity: CRITICAL. Disable the feature or restrict editing until a patch lands. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #CVE202612525 #PrivilegeEscalation

##

CVE-2026-11386
(9.0 None)

EPSS: 0.32%

updated 2026-07-16T15:33:11

2 posts

An input validation and injection vulnerability exists in Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools). The client constructs APT source files (such as /etc/apt/sources.list.d/ubuntu-.list or their DEB822 equivalents) using data received directly from the contract server response via the directives.suites[] and directives.aptURL fields. Because the client utilizes Python's str.for

DailyCyberSecurity@infosec.exchange at 2026-07-18T08:31:41.000Z ##

Ubuntu Pro Client vulnerability CVE-2026-11386 (CVSS 9.0) lets a spoofed contract server inject APT sources and run code with root privileges.

#Ubuntu #UbuntuPro #CVE202611386 #Canonical #RCE #Linux #CyberSecurity

securityonline.info/ubuntu-pro

##

offseq@infosec.exchange at 2026-07-17T00:00:36.000Z ##

CRITICAL vuln in ubuntu-pro-client <37.2ubuntu~22.04.1: contract server manipulation can inject malicious APT config & install arbitrary packages as root. Preinstalled on Ubuntu Pro images. Patch status TBD. Details: radar.offseq.com/threat/ubuntu #OffSeq #Ubuntu #LinuxSec #Vulnerability

##

CVE-2026-63305
(8.1 HIGH)

EPSS: 1.38%

updated 2026-07-16T15:33:11

1 posts

AVideo through 29.0 contains an OS command injection vulnerability in the ffmpeg.json.php endpoint where notifyCode and callback parameters are concatenated into a shell command without escaping. Attackers who can craft a valid encrypted payload can inject arbitrary shell metacharacters into these fields to execute OS commands as the web-server user.

offseq@infosec.exchange at 2026-07-16T13:30:27.000Z ##

CRITICAL: CVE-2026-63305 impacts WWBN AVideo ≤29.0. OS command injection in ffmpeg.json.php allows arbitrary command execution as the web-server user. No patch yet — restrict access & monitor logs. Details: radar.offseq.com/threat/cve-20 #OffSeq #Vuln #WWBN #CVE202663305

##

CVE-2026-62314
(5.8 MEDIUM)

EPSS: 0.27%

updated 2026-07-16T14:16:56.427000

1 posts

Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. From 1.22.0 until 1.26.0-pre1, lib/policy/checker.go PathChecker.Check() trusted the client-controlled X-Original-URI header before matching r.URL.Path, allowing an HTTP client to match default data/common/keep-internet-working.yaml ALLOW rules such as ^/\.well-known/.*$

hrbrmstr@mastodon.social at 2026-07-16T15:48:13.000Z ##

Anubis is busted (CVE-2026-62314) and FWIW it rly doesn't stop the AI bots even when not busted — vulnerability.circl.lu/vuln/CV

##

CVE-2026-22752
(9.6 CRITICAL)

EPSS: 0.43%

updated 2026-07-16T12:32:28

1 posts

Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10.

offseq@infosec.exchange at 2026-07-16T10:30:27.000Z ##

CVE-2026-22752: CRITICAL auth bypass in Spring Authorization Server (CVSS 9.6). Low-priv attackers can fully compromise confidentiality & integrity. No patch or workaround — monitor vendor updates. radar.offseq.com/threat/cve-20 #OffSeq #SpringSecurity #CVE202622752 #infosec

##

CVE-2026-15013
(9.8 CRITICAL)

EPSS: 0.30%

updated 2026-07-16T06:31:33

1 posts

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because `Mo_SAML_Utilities::mo_saml_cast_key()` reads the `SignatureMethod` Algorithm attribute directly from the attacker-controlled `SAMLResponse` parameter rather than enforcing the locally co

offseq@infosec.exchange at 2026-07-16T06:00:26.000Z ##

CVE-2026-15013 | CRITICAL vuln in cyberlord92 SAML SSO Login (≤5.4.3): Signature verification flaw enables authentication bypass & admin account takeover. Disable plugin until patched. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #CVE202615013 #SAML #Vuln

##

CVE-2026-20298
(5.3 MEDIUM)

EPSS: 0.22%

updated 2026-07-16T05:16:19.120000

1 posts

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes when they access the `/servicesNS/-/-/storage/passwords` REST endpoint through the `|rest` Search Proc

DailyCyberSecurity@infosec.exchange at 2026-07-16T02:12:06.000Z ##

Splunk patched three Splunk Enterprise vulnerabilities: CVE-2026-20296 CSRF, CVE-2026-20297 path traversal, and CVE-2026-20298 credential exposure.

#Splunk #CVE202620296 #CSRF #Vulnerability #InfoSec

securityonline.info/splunk-ent

##

CVE-2026-50272
(7.5 HIGH)

EPSS: 0.79%

updated 2026-07-15T22:58:53

1 posts

### Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DD_TRACE_BAGGAGE_MAX_ITEMS (default 64) and DD_TRACE_BAGGAGE_MAX_BYTES (default 8192) limits were applied only to baggage injection, not extraction. A remote, unauthenticated attacker can send a request whose bagga

thehackerwire@mastodon.social at 2026-07-18T05:01:08.000Z ##

🟠 CVE-2026-50272 - High (7.5)

dd-trace is the Datadog APM client for Node.js. Prior to 5.100.0, W3C baggage propagation in packages/dd-trace/src/baggage.js and packages/dd-trace/src/opentracing/propagation/text_map.js parsed incoming baggage HTTP headers without enforcing DD_T...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54498
(8.7 HIGH)

EPSS: 0.45%

updated 2026-07-15T22:51:05

1 posts

## Summary `ViewComponent::Base#around_render` can return HTML-unsafe strings that bypass the escaping behavior applied to normal `#call` return values. This creates an XSS risk when downstream applications use `around_render` to wrap, replace, instrument, or conditionally return content that includes user-controlled data. The issue is especially dangerous in collection rendering because `ViewCo

thehackerwire@mastodon.social at 2026-07-17T22:00:10.000Z ##

🟠 CVE-2026-54498 - High (8.7)

view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4.0.0 until 4.12.0, ViewComponent::Base#around_render can return HTML-unsafe strings that bypass the escaping behavior applied t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-15895
(7.8 HIGH)

EPSS: 1.24%

updated 2026-07-15T21:31:26

1 posts

OS command injection in the npm package loading component in AWS jsii-diff before 1.131.0 might allow context-dependent attackers to execute arbitrary commands via crafted package specifiers passed to the npm: source argument. To mitigate this issue, users should upgrade to jsii-diff v1.131.0 or later.

awssecurityfeed@infosec.exchange at 2026-07-16T17:45:01.000Z ##

CVE-2026-15895: OS command injection in jsii-diff in AWS jsii

Bulletin ID: 2026-057-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 07/15/2026 12:00 PM PDT
Description:
jsii-diff is a command line tool to compare the API differences between two jsii assemblies...

aws.amazon.com/security/securi

#aws #security

##

CVE-2026-46817
(9.8 CRITICAL)

EPSS: 1.04%

updated 2026-07-15T18:32:50

4 posts

Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Con

2 repos

https://github.com/HORKimhab/CVE-2026-46817

https://github.com/0xBlackash/CVE-2026-46817

thecybermind@infosec.exchange at 2026-07-19T07:34:06.000Z ##

Critical Alert: CVE-2026-46817 is being actively exploited against Oracle E-Business Suite. An unauthenticated attacker can achieve full takeover of the Payments module via HTTP. Get the forensic detection queries and hardening protocols in our latest TSUITE brief. Protect the perimeter. thecybermind.co/g325

##

thecybermind@infosec.exchange at 2026-07-16T18:40:00.000Z ##

⚠️ CRITICAL ALERT: CVE-2026-46817 allows unauthenticated takeover of Oracle E-Business Suite. With active exploitation verified, your perimeter is at risk. Get the forensic indicators, detection queries, and hardening playbooks you need to secure your infrastructure. thecybermind.co/k8ae

#CyberSecurity #Oracle #TCM

##

offseq@infosec.exchange at 2026-07-16T12:00:26.000Z ##

Oracle E-Business Suite flaw (CVE-2026-46817, CRITICAL) enables unauthenticated takeover of Oracle Payments via HTTP. Exploited in the wild — patches available since May 2026. CISA requires federal patching by 7/18/26. Details: radar.offseq.com/threat/cisa-o #OffSeq #Oracle #Infosec #CVE202646817

##

DailyCyberSecurity@infosec.exchange at 2026-07-16T02:32:14.000Z ##

CISA KEV catalog now lists CVE-2026-46817, a critical Oracle E-Business Suite flaw, and CVE-2023-4346 in KNX devices. Both are exploited in the wild.

#CISA #KEV #CVE202646817 #Oracle #KNX

securityonline.info/cisa-kev-c

##

CVE-2023-4346
(7.5 HIGH)

EPSS: 0.85%

updated 2026-07-15T18:32:50

2 posts

KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the device, but this password can often not be reset without entering the current password. If the device is configured to in

thecybermind@infosec.exchange at 2026-07-16T23:24:59.000Z ##

🚨 ALERT: CVE-2023-4346 allows attackers to purge and lock KNX industrial control devices. If you manage building automation, your perimeter is at risk. Get the forensic indicators and hardening playbooks you need to secure your assets. thecybermind.co/m6eo

#CyberSecurity #ICS #KNX #TCM #IndustrialSecurity

##

DailyCyberSecurity@infosec.exchange at 2026-07-16T02:32:14.000Z ##

CISA KEV catalog now lists CVE-2026-46817, a critical Oracle E-Business Suite flaw, and CVE-2023-4346 in KNX devices. Both are exploited in the wild.

#CISA #KEV #CVE202646817 #Oracle #KNX

securityonline.info/cisa-kev-c

##

CVE-2026-20297
(7.2 HIGH)

EPSS: 0.38%

updated 2026-07-15T18:32:05

1 posts

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the `edit_local_apps` and `install_apps` capabilities could cause a legitimate app installation to write files outside the intended app directory, into `$SPLUNK_HOME/etc/` and its sub

DailyCyberSecurity@infosec.exchange at 2026-07-16T02:12:06.000Z ##

Splunk patched three Splunk Enterprise vulnerabilities: CVE-2026-20296 CSRF, CVE-2026-20297 path traversal, and CVE-2026-20298 credential exposure.

#Splunk #CVE202620296 #CSRF #Vulnerability #InfoSec

securityonline.info/splunk-ent

##

CVE-2026-20296
(8.3 HIGH)

EPSS: 0.17%

updated 2026-07-15T18:32:05

1 posts

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the `list_deployment_server` capability into running arbitrary Search Processing Language (SPL) searches on their behalf as `splunk-system-user`, allowing for ac

DailyCyberSecurity@infosec.exchange at 2026-07-16T02:12:06.000Z ##

Splunk patched three Splunk Enterprise vulnerabilities: CVE-2026-20296 CSRF, CVE-2026-20297 path traversal, and CVE-2026-20298 credential exposure.

#Splunk #CVE202620296 #CSRF #Vulnerability #InfoSec

securityonline.info/splunk-ent

##

CVE-2026-60005
(8.2 HIGH)

EPSS: 0.61%

updated 2026-07-15T16:23:03.437000

1 posts

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_module module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the NGINX worker process, leading to limited disclosure of memory or a restart. Impact: This vulnerability m

DailyCyberSecurity@infosec.exchange at 2026-07-16T02:05:45.000Z ##

F5 patched the NGINX code execution flaw CVE-2026-42533, along with CVE-2026-60005 and CVE-2026-56434. Update NGINX Plus and Open Source builds now.

#NGINX #CVE202642533 #CodeExecution #F5 #Vulnerability

securityonline.info/nginx-code

##

CVE-2026-42533
(8.1 HIGH)

EPSS: 0.83%

updated 2026-07-15T15:33:14

1 posts

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable in a string expression under certain conditions. An unauthenticated attacker along with conditions beyon

1 repos

https://github.com/0xCyberstan/CVE-2026-42533-Config-Scanner

DailyCyberSecurity@infosec.exchange at 2026-07-16T02:05:45.000Z ##

F5 patched the NGINX code execution flaw CVE-2026-42533, along with CVE-2026-60005 and CVE-2026-56434. Update NGINX Plus and Open Source builds now.

#NGINX #CVE202642533 #CodeExecution #F5 #Vulnerability

securityonline.info/nginx-code

##

CVE-2026-56434
(6.5 MEDIUM)

EPSS: 0.39%

updated 2026-07-15T15:33:13

1 posts

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssi_module module. This vulnerability may exist when the Server-Side Includes (SSI), proxy_pass, and proxy_buffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle (MITM) ability to control responses from an upstream server may be able to cause a heap buffer over-read i

DailyCyberSecurity@infosec.exchange at 2026-07-16T02:05:45.000Z ##

F5 patched the NGINX code execution flaw CVE-2026-42533, along with CVE-2026-60005 and CVE-2026-56434. Update NGINX Plus and Open Source builds now.

#NGINX #CVE202642533 #CodeExecution #F5 #Vulnerability

securityonline.info/nginx-code

##

CVE-2026-48309
(7.8 HIGH)

EPSS: 0.17%

updated 2026-07-15T13:51:52.543000

1 posts

Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2026-9770(CVSS UNKNOWN)

EPSS: 0.22%

updated 2026-07-15T03:33:02

1 posts

Kasa EC71 v4 and EC70 v4 firmware contains a static cryptographic private key stored in a read-only filesystem that is shared across devices.  An attacker with access to the firmware image can extract the embedded key.  Successful exploitation may allow an unauthenticated attacker on the same network to use this key in the web management service, compromising the confidentiality of encry

DailyCyberSecurity@infosec.exchange at 2026-07-17T01:53:09.000Z ##

TP-Link Kasa vulnerability CVE-2026-9770 (CVSS 8.6) lets local attackers intercept admin credentials on EC70 and EC71 cameras. Update firmware now.

#TPLink #Kasa #IoTSecurity #CVE20269770 #InfoDisclosure

securityonline.info/tp-link-ka

##

CVE-2026-13585(CVSS UNKNOWN)

EPSS: 0.11%

updated 2026-07-15T03:33:01

1 posts

Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe cases, may lead to a Denial of Service (DoS) on the system. Refer to the '  Security Update for ASUS Syste

1 repos

https://github.com/416rehman/asus-bsitf-0-day-poc

_r_netsec@infosec.exchange at 2026-07-16T06:28:05.000Z ##

ASUS bsitf.sys (CVE-2026-13585): Arbitrary Physical Memory Mapping via Unvalidated IOCTL blog.ahmadz.ai/asus_bsitf_0_da

##

CVE-2026-56155
(7.8 HIGH)

EPSS: 0.38%

updated 2026-07-14T21:32:52

2 posts

Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.

thecybermind@infosec.exchange at 2026-07-17T15:05:01.000Z ##

Active exploitation of CVE-2026-56155 in Microsoft ADFS puts your identity perimeter at risk. Our latest TSUITE brief delivers the forensic indicators, detection queries, and compensating controls needed to neutralize this privilege escalation threat. Secure your architecture today. thecybermind.co/al3f

##

GossiTheDog@cyberplace.social at 2026-07-16T13:14:20.000Z ##

Regarding CVE-2026-56155, the in-the-wild ADFS vulnerability - the July patch just released does not fix the vulnerability.

Instead it adds an audit log. The changes to harden the service and enforce protection will only apply with October 2026’s update applied.

support.microsoft.com/en-us/se

##

CVE-2026-15409
(10.0 CRITICAL)

EPSS: 1.27%

updated 2026-07-14T21:32:22

3 posts

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.

5 repos

https://github.com/remmons-r7/rapid7-CVE-2026-15409

https://github.com/MrRawBit/SonicWall-SMA1000-Zero-Day-IoC-Check

https://github.com/HORKimhab/CVE-2026-15409

https://github.com/0xBlackash/CVE-2026-15409

https://github.com/tc4dy/CVE-2026-15409-15410-Framework

threatnoir@infosec.exchange at 2026-07-17T03:06:03.000Z ##

⚠️ CRITICAL: Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

Two zero-day vulnerabilities in SonicWall SMA 1000 appliances are actively exploited in the wild. CVE-2026-15409 is an SSRF flaw, while CVE-2026-15410 allows unauthenticated attackers to execute arbitrary commands as admin. Organizations using these devices face immediate risk of full appliance com…

threatnoir.com/focus

#infosec #cybersecurity

##

DarkWebInformer@infosec.exchange at 2026-07-16T20:32:41.000Z ##

‼️ CVE-2026-15409: PoC exploit for CVE-2026-15409 that achieves non-root remote code execution on SonicWall SMA 1000 appliances.

GitHub: github.com/remmons-r7/rapid7-C

##

DailyCyberSecurity@infosec.exchange at 2026-07-16T12:50:34.000Z ##

SonicWall SMA1000 vulnerability CVE-2026-15409 (CVSS 10.0) is exploited in the wild. Public PoC enables remote code execution patch now.

#SonicWall #SMA1000 #CVE202615409 #RCE #ZeroDay #CyberSecurity

securityonline.info/sonicwall-

##

CVE-2026-15410
(7.2 HIGH)

EPSS: 1.49%

updated 2026-07-14T21:32:21

1 posts

Post-authentication improper control of generation of code ('Code Injection') vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands.

3 repos

https://github.com/MrRawBit/SonicWall-SMA1000-Zero-Day-IoC-Check

https://github.com/HORKimhab/CVE-2026-15410

https://github.com/tc4dy/CVE-2026-15409-15410-Framework

threatnoir@infosec.exchange at 2026-07-17T03:06:03.000Z ##

⚠️ CRITICAL: Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

Two zero-day vulnerabilities in SonicWall SMA 1000 appliances are actively exploited in the wild. CVE-2026-15409 is an SSRF flaw, while CVE-2026-15410 allows unauthenticated attackers to execute arbitrary commands as admin. Organizations using these devices face immediate risk of full appliance com…

threatnoir.com/focus

#infosec #cybersecurity

##

CVE-2026-13001
(9.8 CRITICAL)

EPSS: 1.08%

updated 2026-07-14T21:32:21

1 posts

The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'podlove_handle_cache_files' function in all versions up to, and including, 4.5.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

2 repos

https://github.com/shinthink/CVE-2026-13001

https://github.com/Raimu0x19/CVE-2026-13001

darkpact@brettspiel.space at 2026-07-16T15:55:30.000Z ##

@brettagoge Ich hoffe du hast brav ein Backup.

Hier war ein Stelle von letzter Woche:

podlove.org/blog/security-rele

##

CVE-2026-56164
(5.3 MEDIUM)

EPSS: 5.60%

updated 2026-07-14T21:10:41.693000

1 posts

Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network.

1 repos

https://github.com/sentinel-aidefense/CVE-2026-56164-EXP

AAKL@infosec.exchange at 2026-07-17T16:32:43.000Z ##

Symantec, posted yesterday: Spirals: New Stealthy Ransomware Deployed Against Asian IT Company security.com/threat-intelligen

Also from yesterday:

Tenable: CVE-2026-32201, CVE-2026-45659, CVE-2026-56164: Frequently Asked Questions About Active Exploitation of Microsoft SharePoint Server Vulnerabilities tenable.com/blog/cve-2026-3220 #threatresearch #Microsoft #ransomware #infosec #SharePoint

##

CVE-2026-44891
(7.5 HIGH)

EPSS: 0.69%

updated 2026-07-14T20:16:37

1 posts

### Summary The StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, allowing an attacker to cause an OutOfMemoryError, leading to a Denial of Service. ### Details `io.netty.handler.codec.stomp.StompSubframeDecoder` implements the STOMP protocol. The `maxLineLength` parameter restricts the length of individual header lines, but there is no mechanism

thehackerwire@mastodon.social at 2026-07-18T09:00:09.000Z ##

🟠 CVE-2026-44891 - High (7.5)

Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative siz...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54052
(9.9 CRITICAL)

EPSS: 0.39%

updated 2026-07-14T19:07:15

2 posts

## Impact In multi-tenant HTTP deployments — where a single n8n-mcp server serves several tenants — the locally stored workflow version history (the automatic backups taken before workflow updates) was not isolated per tenant. An authenticated tenant could read workflow version snapshots belonging to other tenants, and could delete or destroy other tenants' stored backups. A stored snapshot incl

offseq@infosec.exchange at 2026-07-16T04:30:26.000Z ##

CVE-2026-54052: CRITICAL auth bypass in czlonkowski n8n-mcp <2.56.1. Multi-tenant HTTP mode allows tenants to access/delete others’ sensitive workflow backups. Patch to 2.56.1 ASAP. radar.offseq.com/threat/cve-20 #OffSeq #CVE #infosec #vuln

##

thehackerwire@mastodon.social at 2026-07-15T22:00:21.000Z ##

🔴 CVE-2026-54052 - Critical (9.9)

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.56.1, in HTTP mode with multi-tenancy enabled through ENABLE_MULTI_TENANT=true, n8n-mcp's local workflow version history ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58635
(7.8 HIGH)

EPSS: 0.22%

updated 2026-07-14T18:32:12

1 posts

Improper neutralization of special elements used in a command ('command injection') in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.

1 repos

https://github.com/DavidCarliez/CVE-2026-58635-PoC

DarkWebInformer@infosec.exchange at 2026-07-16T22:27:13.000Z ##

‼️ CVE-2026-58635: Windows Narrator Braille Local Privilege Escalation

PoC: github.com/DavidCarliez/CVE-20

##

CVE-2026-50663
(8.8 HIGH)

EPSS: 0.65%

updated 2026-07-14T18:32:06

1 posts

Relative path traversal in Age of Empires II: Definitive Edition Game allows an unauthorized attacker to execute code over a network.

CVE-2026-53565(CVSS UNKNOWN)

EPSS: 0.10%

updated 2026-07-14T15:32:25

1 posts

Improper Privilege Management vulnerability in Citrix Secure Access Client for Windows, Citrix Citrix Endpoint Analysis Client for Windows. This issue affects Secure Access Client for Windows: before 26.6.1.20; Citrix Endpoint Analysis Client for Windows: before 26. 5.1.7.

DailyCyberSecurity@infosec.exchange at 2026-07-17T13:02:49.000Z ##

Citrix patched CVE-2026-53565, a Citrix Secure Access vulnerability letting local users gain SYSTEM, plus the CVE-2026-53566 out-of-bounds read bug.

#Citrix #CVE202653565 #PrivilegeEscalation #Vulnerability #Windows

securityonline.info/citrix-sec

##

CVE-2026-53566(CVSS UNKNOWN)

EPSS: 0.11%

updated 2026-07-14T15:32:24

1 posts

Out-of-bounds read vulnerability in Citrix Citrix Secure Access Client for Windows. This issue affects Citrix Secure Access Client for Windows: before 26.6.1.20.

DailyCyberSecurity@infosec.exchange at 2026-07-17T13:02:49.000Z ##

Citrix patched CVE-2026-53565, a Citrix Secure Access vulnerability letting local users gain SYSTEM, plus the CVE-2026-53566 out-of-bounds read bug.

#Citrix #CVE202653565 #PrivilegeEscalation #Vulnerability #Windows

securityonline.info/citrix-sec

##

CVE-2026-6875(CVSS UNKNOWN)

EPSS: 0.51%

updated 2026-07-13T21:31:30

1 posts

ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow platform. ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates have also been provided to ServiceN

DailyCyberSecurity@infosec.exchange at 2026-07-18T11:03:37.000Z ##

Active Exploitation and Public PoC Disclosed for CVE-2026-6875 ServiceNow Sandbox Escape Remote Code Execution

securityonline.info/cve-2026-6

##

CVE-2026-45260
(8.1 HIGH)

EPSS: 0.43%

updated 2026-07-10T19:08:23

1 posts

### Summary Pimcore's WebDAV asset endpoint exposes a `MOVE` operation through `/asset/webdav{path}` without adding an authentication plugin in the WebDAV controller. The `Tree::move()` implementation then performs asset mutation and deletion before checking a current Pimcore user or any asset permissions. An unauthenticated remote attacker who knows two existing asset paths in the same directory

thehackerwire@mastodon.social at 2026-07-18T17:00:49.000Z ##

🟠 CVE-2026-45260 - High (8.1)

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.7, Pimcore's WebDAV asset endpoint exposes a MOVE operation through /asset/webdav{path} without an authentication plugin in bundles/CoreBundle/src/Con...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-45162
(8.0 HIGH)

EPSS: 0.57%

updated 2026-07-10T19:07:30

1 posts

# GitHub Security Advisory Draft — GM-374 ## Summary Multiple locations in Pimcore v11 call PHP's `unserialize()` on data from database columns and filesystem files without the `allowed_classes` restriction, enabling object injection if an attacker can control the serialized data source. ## Severity CVSS 3.1: 8.0 (High) — AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H ## Affected Component - **Package:**

thehackerwire@mastodon.social at 2026-07-18T19:59:48.000Z ##

🟠 CVE-2026-45162 - High (8)

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.7, multiple Pimcore locations call PHP's unserialize() on data from database columns and filesystem files without the allowed_classes restriction, inc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56688
(9.1 CRITICAL)

EPSS: 1.29%

updated 2026-07-10T12:31:56

1 posts

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achieve arbitrary command execution as root, potentially leading to full appliance compromise and latera

DailyCyberSecurity@infosec.exchange at 2026-07-16T12:39:39.000Z ##

Dell patched CVE-2026-56688, a PowerFlex command execution bug. This OS command injection flaw lets a privileged attacker run code as root.

#DellPowerFlex #CVE202656688 #OSCommandInjection #RCE #Dell

securityonline.info/dell-power

##

CVE-2026-15378
(9.3 CRITICAL)

EPSS: 0.42%

updated 2026-07-10T12:31:55

1 posts

A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unauthorized access to sensitive information, including credentials from cloud metadata services, Kubernetes API, internal MinIO, and other internal network

DailyCyberSecurity@infosec.exchange at 2026-07-16T15:01:36.000Z ##

CVE-2026-15378 is a blind SSRF in Red Hat OpenShift AI. The guardrails-detectors flaw exposes cloud credentials and Kubernetes secrets.

#OpenShiftAI #CVE202615378 #SSRF #RedHat #Kubernetes

securityonline.info/openshift-

##

CVE-2026-59826
(9.1 CRITICAL)

EPSS: 0.39%

updated 2026-07-10T05:16:38.427000

1 posts

Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on one database-creation code path, allowing an authenticated administrator to register a crafted H2 database connection and execute arbitrary Java code on the Metabase server. This issue is fixed in vers

DailyCyberSecurity@infosec.exchange at 2026-07-16T14:04:39.000Z ##

Metabase patched CVE-2026-59827 (CVSS 9.9) and CVE-2026-59826 (CVSS 9.1). These flaws enable remote code execution via unsafe H2 deserialization.

#Metabase #RCE #CVE202659827 #Deserialization #H2Database

securityonline.info/metabase-h

##

CVE-2026-49485
(7.5 HIGH)

EPSS: 0.68%

updated 2026-07-09T13:43:04

1 posts

# Summary All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The utility intended to secure this evaluation did so incorrectly, and did not fully cover all places in which evaluation was being done. An attacker can send a resource containing an evil regex pattern that causes catastrophic backtracking, exhausting system resources,

thehackerwire@mastodon.social at 2026-07-18T05:00:33.000Z ##

🟠 CVE-2026-49485 - High (7.5)

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.9 and 6.9.4.2, all implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input valida...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54496
(9.3 CRITICAL)

EPSS: 0.32%

updated 2026-07-06T21:23:42

1 posts

### Summary A soundness vulnerability in the variable-base scalar multiplication gadget of `halo2_gadgets` allowed a malicious prover to produce a valid proof for an Orchard Action with an *under-constrained* base point. Because this gadget enforces the diversified-address-integrity condition of the Orchard Action statement, the flaw let a prover satisfy that condition for an arbitrary (pk<sub>d<

thehackerwire@mastodon.social at 2026-07-19T08:00:42.000Z ##

🔴 CVE-2026-54496 - Critical (9.3)

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad 5.0.0, halo2_gadgets 0.5.0, orchard 0.14.0, zcash_primitives 0.28.0, and zcashd 6.20.0, the variable-base scalar multiplication gadget in halo2_gadgets/src/ecc/chip/mul/incomplete.rs ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-52746
(7.5 HIGH)

EPSS: 0.68%

updated 2026-07-02T20:13:56

1 posts

### Impact In JSONata `<v2.2.0`, it is possible to craft non-matching inputs to the [$toMillis](https://docs.jsonata.org/date-time-functions#tomillis) function that cause superlinear backtracking in the ISO-8601 validation regex. This may lead to denial of service in applications that evaluate user-provided JSONata expressions. ### Patches This issue has been addressed in JSONata version >= 2.2.0

thehackerwire@mastodon.social at 2026-07-18T19:00:12.000Z ##

🟠 CVE-2026-52746 - High (7.5)

JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that eva...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-45659
(8.8 HIGH)

EPSS: 3.22%

updated 2026-07-01T21:35:53

1 posts

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

1 repos

https://github.com/HORKimhab/CVE-2026-45659

AAKL@infosec.exchange at 2026-07-17T16:32:43.000Z ##

Symantec, posted yesterday: Spirals: New Stealthy Ransomware Deployed Against Asian IT Company security.com/threat-intelligen

Also from yesterday:

Tenable: CVE-2026-32201, CVE-2026-45659, CVE-2026-56164: Frequently Asked Questions About Active Exploitation of Microsoft SharePoint Server Vulnerabilities tenable.com/blog/cve-2026-3220 #threatresearch #Microsoft #ransomware #infosec #SharePoint

##

CVE-2026-50151
(7.5 HIGH)

EPSS: 0.48%

updated 2026-07-01T21:35:48

1 posts

## Summary oras-go follows a registry-controlled `Location` header during the monolithic blob upload flow and reuses the `Authorization` header from the initial `POST` request for the subsequent `PUT` request. If a malicious registry returns a cross-host `Location`, oras-go can send the caller's credentials to an attacker-controlled endpoint. ## Affected Versions tested: v2.6.0 (commit 03243809

thehackerwire@mastodon.social at 2026-07-18T16:00:03.000Z ##

🟠 CVE-2026-50151 - High (7.5)

oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, registry/remote/repository.go in blobStore.completePushAfterInitialPost follows a registry-controlled Location header during monolithic blob upload and reuses the Authorization he...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54458
(9.6 CRITICAL)

EPSS: 0.30%

updated 2026-06-22T14:36:04

2 posts

# Unauthenticated Stored DOM XSS via `page_title` Broadcast in AVideo YPTSocket Plugin ## Summary A stored DOM Cross-Site Scripting vulnerability (CWE-79) in the AVideo YPTSocket plugin lets any unauthenticated remote attacker execute arbitrary JavaScript in the authenticated origin of every administrator currently viewing a page that renders the YPTSocket online-users debug panel. `plugin/YPTSo

offseq@infosec.exchange at 2026-07-16T00:00:41.000Z ##

CVE-2026-54458 (CRITICAL, CVSS 9.6): WWBN AVideo (<29.0) suffers stored DOM XSS in YPTSocket plugin. Unauthenticated attackers can hijack admin sessions. Patch now — upgrade to v29.0. radar.offseq.com/threat/cve-20 #OffSeq #XSS #WWBNA Video #infosec

##

thehackerwire@mastodon.social at 2026-07-15T23:00:39.000Z ##

🔴 CVE-2026-54458 - Critical (9.6)

WWBN AVideo is an open source video platform. Versions prior to 29.0 contain a stored DOM Cross-Site Scripting vulnerability in the YPTSocket plugin. Any unauthenticated remote attacker can execute arbitrary JavaScript in the authenticated origin ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-43088
(5.5 MEDIUM)

EPSS: 0.12%

updated 2026-06-19T15:34:14

1 posts

In the Linux kernel, the following vulnerability has been resolved: net: af_key: zero aligned sockaddr tail in PF_KEY exports PF_KEY export paths use `pfkey_sockaddr_size()` when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, `pfkey_sockaddr_fill()` initializes only the first 28 bytes of `struct sockaddr_in6`, leaving the final 4 aligned bytes uninitial

bms48@mastodon.social at 2026-07-17T22:13:21.000Z ##

@kevin L4? Apple would like a word. About secure enclaves. Now, Mr Torvalds, about that PF_KEY CVE... dailycve.com/linux-kernel-unin

##

CVE-2026-3891
(9.8 CRITICAL)

EPSS: 2.77%

updated 2026-06-17T10:44:23.283000

1 posts

The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution

Nuclei template

7 repos

https://github.com/joshuavanderpoll/CVE-2026-3891

https://github.com/m4sh-wacker/CVE-2026-3891-Pix-for-WooCommerce-Plugin-Exploit

https://github.com/Nxploited/CVE-2026-3891

https://github.com/AnggaTechI/Mass-Scanner-CVE-2026-3891

https://github.com/willygailo/CVE-2026-3891-Linux

https://github.com/VeronnX666/CVE-2026-3891

https://github.com/shinthink/CVE-2026-3891

DarkWebInformer@infosec.exchange at 2026-07-16T20:26:40.000Z ##

‼️ CVE-2026-3891: A critical Unauthenticated Arbitrary File Upload vulnerability found in the Pix for WooCommerce WordPress plugin in versions up to and including 1.5.0.

PoC: github.com/m4sh-wacker/CVE-202

##

CVE-2026-32201
(6.5 MEDIUM)

EPSS: 21.48%

updated 2026-06-17T10:35:20.103000

1 posts

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

1 repos

https://github.com/B1tBit/CVE-2026-32201-exploit

AAKL@infosec.exchange at 2026-07-17T16:32:43.000Z ##

Symantec, posted yesterday: Spirals: New Stealthy Ransomware Deployed Against Asian IT Company security.com/threat-intelligen

Also from yesterday:

Tenable: CVE-2026-32201, CVE-2026-45659, CVE-2026-56164: Frequently Asked Questions About Active Exploitation of Microsoft SharePoint Server Vulnerabilities tenable.com/blog/cve-2026-3220 #threatresearch #Microsoft #ransomware #infosec #SharePoint

##

CVE-2026-2699
(9.8 CRITICAL)

EPSS: 49.42%

updated 2026-06-17T10:31:33.870000

1 posts

Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

Nuclei template

2 repos

https://github.com/watchtowrlabs/watchTowr-vs-Progress-ShareFile-CVE-2026-2699

https://github.com/0xBlackash/CVE-2026-2699

security_crawler_carl@infosec.exchange at 2026-07-16T05:50:28.000Z ##

🏆 New Achievement! Storage Zone, No Ozone!

Tonight's broadcast is brought to you by Deferred Patch Tuesdays — "Why upgrade today when v5.11 is running just fine?" Progress Software discovered two critical zero-days, CVE-2026-2699 and CVE-2026-2701, lurking in ShareFile Storage Zones Controller v5.x. Unauthenticated. Remote. Full system compromise. So catastrophic that customer-managed Storage Zone Controllers had to be emergency-shutdown entirely. (1/2)

##

CVE-2026-48062
(9.8 CRITICAL)

EPSS: 0.44%

updated 2026-06-11T17:16:09

1 posts

### Impact The `ext_in` upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named `shell.php` containing GIF-like content could pass validation such as: ``` uploaded[avatar]|is_image[avatar]|mime_in[avatar,image/gif]|ext_in[avatar,gif] ``` because the detected MIME type maps to `gif`, even though the upl

thehackerwire@mastodon.social at 2026-07-18T09:00:20.000Z ##

🔴 CVE-2026-48062 - Critical (9.8)

CodeIgniter is a PHP full-stack web framework. Prior to 4.7.3, the ext_in upload validation rule in system/Validation/StrictRules/FileRules.php checked the MIME-derived guessed extension instead of the client-provided filename extension. As a resu...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-44023
(8.6 HIGH)

EPSS: 0.29%

updated 2026-06-03T21:16:26

1 posts

### Impact In versions `>= 1.5.0, < 2.74.1`, `docling-core` did not sufficiently restrict remote request destinations and could resolve a server-provided `Content-Disposition` to a local path in an unsafe manner. In applications that accept untrusted URLs, this could allow SSRF attacks targeting local files outside the user-defined cache directory. ### Patches Patched in `docling-core` `2.74.1`.

thehackerwire@mastodon.social at 2026-07-16T22:01:01.000Z ##

🟠 CVE-2026-44023 - High (8.6)

Docling Core defines core data types and transformations for the document processing application Docling. In versions 1.5.0 and above, prior to 2.74.1, docling-core did not sufficiently restrict remote request destinations and could resolve a serv...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-45799
(7.5 HIGH)

EPSS: 0.50%

updated 2026-05-19T19:54:51

1 posts

# CVE-2026-45799 ## Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of the documented `IOException` / `ProtocolException` failure path. This can crash services that decode untrusted protobuf p

thehackerwire@mastodon.social at 2026-07-18T16:00:23.000Z ##

🟠 CVE-2026-45799 - High (7.5)

Wire provides gRPC and protocol buffers for Android, Kotlin, Swift, and Java. Prior to 6.3.0 and 7.0.0-alpha03, ByteArrayProtoReader32.skipGroup() and ProtoReader.skipGroup() in wire-runtime do not validate that a LENGTH_DELIMITED field length is ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-46339
(10.0 CRITICAL)

EPSS: 4.57%

updated 2026-05-19T19:22:06

1 posts

## Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with **zero prerequisites** and **no credentials required**. The vulnerability exists because the Next.js middleware that enforces authentication (`src/proxy.js`) only guards 8 explicitly listed ro

Nuclei template

offseq@infosec.exchange at 2026-07-16T03:00:24.000Z ##

CRITICAL: CVE-2026-46339 impacts decolua 9Router (<0.4.37). OS command injection via exposed API lets unauth attackers gain full control. Patch to 0.4.37 now! radar.offseq.com/threat/cve-20 #OffSeq #CVE202646339 #infosec #security

##

CVE-2026-3220
(8.8 HIGH)

EPSS: 0.32%

updated 2026-05-18T15:30:37

1 posts

The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the final HTML

4 repos

https://github.com/cloud2783/CVE-2026-32202

https://github.com/B1tBit/CVE-2026-32201-exploit

https://github.com/virus-or-not/CVE-2026-32202

https://github.com/solarlynxsqueeze/CVE-2026-32202

AAKL@infosec.exchange at 2026-07-17T16:32:43.000Z ##

Symantec, posted yesterday: Spirals: New Stealthy Ransomware Deployed Against Asian IT Company security.com/threat-intelligen

Also from yesterday:

Tenable: CVE-2026-32201, CVE-2026-45659, CVE-2026-56164: Frequently Asked Questions About Active Exploitation of Microsoft SharePoint Server Vulnerabilities tenable.com/blog/cve-2026-3220 #threatresearch #Microsoft #ransomware #infosec #SharePoint

##

CVE-2025-69443
(6.3 MEDIUM)

EPSS: 0.31%

updated 2026-05-15T15:31:41

1 posts

Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, when accessed by a victim, can execute commands, run prompts on behalf of the user, control the Archon UI features, and steal all Archon information available on the UI including API keys.

beyondmachines1@infosec.exchange at 2026-07-19T12:01:42.000Z ##

Archon OS Vulnerability Exposes AI API Keys to Web-To-Client Attacks

Archon OS versions up to 0.3.11 are vulnerable to a web-to-client attack (CVE-2025-69443) that allows malicious websites to steal AI API keys and run commands on local systems. The flaw exists because the backend port lacks authentication and CORS protections. There is no patch as of reporting.

**If you use Archon OS, know that any website you visit can silently steal your AI API keys and data from it, and there's no patch yet. Remove your API keys from Archon now. Bind port 8181 to localhost only, block outside access with your firewall, and don't run Archon when browsing untrusted websites.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2025-40949
(9.1 CRITICAL)

EPSS: 0.67%

updated 2026-05-12T12:32:14

1 posts

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All vers

security_crawler_carl@infosec.exchange at 2026-07-17T23:55:23.000Z ##

🏆 New Achievement! Rooted in Operational Technology!

PATCH NOTES v0.0.0 — KNOWN ISSUES: Siemens ROX II OT switches ship with a three-vulnerability zero-day chain, including CVE-2025-40949, that grants attackers persistent root access. This feature was not intentional. Unit 42 and Siemens have jointly confirmed it exists anyway.

ADDED: Full root on your industrial network by people who are not you. FIXED: Nothing, until you manually update to firmware V2.17.1. (1/2)

##

CVE-2026-2701
(9.1 CRITICAL)

EPSS: 48.81%

updated 2026-04-21T00:33:18

1 posts

Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.

security_crawler_carl@infosec.exchange at 2026-07-16T05:50:28.000Z ##

🏆 New Achievement! Storage Zone, No Ozone!

Tonight's broadcast is brought to you by Deferred Patch Tuesdays — "Why upgrade today when v5.11 is running just fine?" Progress Software discovered two critical zero-days, CVE-2026-2699 and CVE-2026-2701, lurking in ShareFile Storage Zones Controller v5.x. Unauthenticated. Remote. Full system compromise. So catastrophic that customer-managed Storage Zone Controllers had to be emergency-shutdown entirely. (1/2)

##

CVE-2026-3300
(9.8 CRITICAL)

EPSS: 40.99%

updated 2026-03-31T03:31:35

1 posts

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's process_filter() function concatenating user-submitted form field values into a PHP code string without proper escaping before passing it to eval(). The sanitize_text_field() function applied to input does not

Nuclei template

2 repos

https://github.com/HORKimhab/CVE-2026-3300

https://github.com/adamshaikhma/CVE-2026-3300

sekurakbot@mastodon.com.pl at 2026-07-17T11:22:00.000Z ##

Krytyczna podatność RCE we wtyczce Everest Forms Pro (WordPress)

Badacze bezpieczeństwa z Wordfence ujawnili krytyczną podatność Remote Code Execution we wtyczce Everest Forms Pro przeznaczonej dla WordPressa. Luka ma być wciąż wykorzystywana do ataków na strony korzystające z tego rozszerzenia. Podatność dotyczy wszystkich wersji przed 1.9.13 i otrzymała ocenę 9.8 (krytyczna) w skali CVSS. TLDR: Podatność (CVE-2026-3300) pozwala nieuwierzytelnionemu...

#WBiegu #Podatność #Rce #Wordpress #Wtyczki

sekurak.pl/krytyczna-podatnosc

##

CVE-2026-33482
(8.1 HIGH)

EPSS: 2.06%

updated 2026-03-25T18:50:03

1 posts

## Summary The `sanitizeFFmpegCommand()` function in `plugin/API/standAlone/functions.php` is designed to prevent OS command injection in ffmpeg commands by stripping dangerous shell metacharacters (`&&`, `;`, `|`, `` ` ``, `<`, `>`). However, it fails to strip `$()` (bash command substitution syntax). Since the sanitized command is executed inside a double-quoted `sh -c` context in `execAsync()`

thehackerwire@mastodon.social at 2026-07-16T22:01:24.000Z ##

🟠 CVE-2026-55173 - High (8.1)

WWBN AVideo is an open source video platform. Versions 29.0 and below remain vulnerable to OS command injection because the fix for CVE-2026-33482 was incomplete and still does not neutralize a single & ( the shell background operator). CVE-2026-...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-3248(CVSS UNKNOWN)

EPSS: 99.99%

updated 2025-11-05T20:12:46

1 posts

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Nuclei template

28 repos

https://github.com/vigilante-1337/CVE-2025-3248

https://github.com/imbas007/CVE-2025-3248

https://github.com/b0ySie7e/CVE-2025-3248-POC

https://github.com/0xgh057r3c0n/CVE-2025-3248

https://github.com/r0otk3r/CVE-2025-3248

https://github.com/wand3rlust/CVE-2025-3248

https://github.com/xuemian168/CVE-2025-3248

https://github.com/zapstiko/CVE-2025-3248

https://github.com/tiemio/RCE-CVE-2025-3248

https://github.com/EQSTLab/CVE-2025-3248

https://github.com/dennisec/CVE-2025-3248

https://github.com/Kiraly07/Demo_CVE-2025-3248

https://github.com/nebari-playground/langflow-cve-2025-3248

https://github.com/verylazytech/CVE-2025-3248

https://github.com/12-test-12/CVE-2025-3248

https://github.com/drackyjr/cve-2025-3248-exploit

https://github.com/PuddinCat/CVE-2025-3248-POC

https://github.com/ynsmroztas/CVE-2025-3248-Langflow-RCE

https://github.com/ill-deed/Langflow-CVE-2025-3248-Multi-target

https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance

https://github.com/get-xor/coreweave-demo-2026-05

https://github.com/0-d3y/langflow-rce-exploit

https://github.com/bambooqj/cve-2025-3248

https://github.com/Praison001/CVE-2025-3248

https://github.com/dennisec/Mass-CVE-2025-3248

https://github.com/min8282/CVE-2025-3248

https://github.com/Vip3rLi0n/CVE-2025-3248

https://github.com/Atomics-hub/exposecheck

relayshieldadmin@infosec.exchange at 2026-07-17T19:41:04.000Z ##

New from RelayShield: four #AIsecurity checks for agents built with smolagents, published as an MCP server on @huggingface.

- MCP server reputation check before your agent connects
- Prompt-injection pattern detection on ingested content
- Tech-stack CVE monitoring (covers agent frameworks themselves — Langflow's CVE-2025-3248 was the initial-access vector in the first documented autonomous-agent ransomware op)
- Bulk identity-risk scoring

Self-serve, pay-per-call, no subscription.

huggingface.co/blog/relayshiel

#InfoSec #MCP #AgentSecurity #ThreatIntel

##

CVE-2025-20204
(4.8 MEDIUM)

EPSS: 0.31%

updated 2025-02-05T18:34:46

1 posts

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.&nbsp; This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulner

AAKL@infosec.exchange at 2026-07-17T15:51:07.000Z ##

Broadcom has new advisories addressing two high-severity vulnerabilities that were fist published on the 15th support.broadcom.com/web/ecx/s

Cisco:

Medium Severity: CVE-2025-20204and CVE-2025-20205 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity

And if you missed this yesterday, CISA added two Fortinet vulnerabilities to the catalogue:

CISA:

CVE-2026-39808: Fortinet FortiSandbox OS Command Injection Vulnerability cve.org/CVERecord?id=CVE-2026-

CVE-2026-25089: Fortinet FortiSandbox OS Command Injection Vulnerability cve.org/CVERecord?id=CVE-2026-

And a Microsoft vulnerability:

CISA: CVE-2026-58644: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability cve.org/CVERecord?id=CVE-2026- #Microsoft #CISA #Fortinet #infosec #vulnerability #Cisco #Broadcom

##

CVE-2025-20205
(4.8 MEDIUM)

EPSS: 0.31%

updated 2025-02-05T18:34:46

1 posts

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.&nbsp; This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulner

AAKL@infosec.exchange at 2026-07-17T15:51:07.000Z ##

Broadcom has new advisories addressing two high-severity vulnerabilities that were fist published on the 15th support.broadcom.com/web/ecx/s

Cisco:

Medium Severity: CVE-2025-20204and CVE-2025-20205 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity

And if you missed this yesterday, CISA added two Fortinet vulnerabilities to the catalogue:

CISA:

CVE-2026-39808: Fortinet FortiSandbox OS Command Injection Vulnerability cve.org/CVERecord?id=CVE-2026-

CVE-2026-25089: Fortinet FortiSandbox OS Command Injection Vulnerability cve.org/CVERecord?id=CVE-2026-

And a Microsoft vulnerability:

CISA: CVE-2026-58644: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability cve.org/CVERecord?id=CVE-2026- #Microsoft #CISA #Fortinet #infosec #vulnerability #Cisco #Broadcom

##

CVE-2026-14266
(0 None)

EPSS: 0.00%

3 posts

N/A

1 repos

https://github.com/hg0434hongzh0/CVE-2026-14266

news@wakoka.com at 2026-07-19T15:24:14.000Z ##

wacoca.com/news/2887343/ 7-Zip 26.01以下にリモートコード実行の脆弱性『CVE-2026-14266』。26.02以降へアップデートを | ニッチなPCゲーマーの環境構築Z #Science&Technology #ScienceNews #TechnologyNews #テクノロジー #科学 #科学&テクノロジー

##

beyondmachines1@infosec.exchange at 2026-07-19T11:01:41.000Z ##

7-Zip Patches Remote Code Execution Vulnerability in XZ Decompression Logic

7-Zip version 26.02 patched a high-severity remote code execution vulnerability (CVE-2026-14266) caused by a heap-based buffer overflow in its XZ decompression logic. Attackers can exploit this flaw via malicious archives to take control of user systems. Manual updates are required as the software lacks auto-update features.

**Update 7-Zip manually to version 26.02 ASAP by downloading it from the official website (7-zip.org), since 7-Zip cannot update itself. Until you've updated, don't open archive files from emails or unknown sources, as one malicious file is enough to let attackers take over your session.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

DailyCyberSecurity@infosec.exchange at 2026-07-16T16:33:52.000Z ##

7-Zip vulnerability CVE-2026-14266 (CVSS 7.0) allows remote code execution via crafted XZ data. Update to 7-Zip 26.02. No exploitation confirmed.

#7Zip #CVE202614266 #RCE #BufferOverflow #ZDI #CyberSecurity

securityonline.info/7-zip-vuln

##

CVE-2026-63030
(0 None)

EPSS: 8.95%

15 posts

N/A

Nuclei template

40 repos

https://github.com/tcyph3r/wp2shell-cve-2026-63030-root-cause

https://github.com/own2pwn-fr/wp2shell-detect

https://github.com/mhtsec/CVE-2026-63030

https://github.com/gbrsh/CVE-2026-63030

https://github.com/InstaWP/wp2shell-scan

https://github.com/0xh7ml/CVE-2026-63030

https://github.com/ikow/wp2shell

https://github.com/HackingLZ/wp2shell_stock_chain

https://github.com/codeb0ssx/Ultimate-wp2shell

https://github.com/mverschu/CVE-2026-63030

https://github.com/bahartanir/wp2shell-scanner

https://github.com/c0gnit00/Wp2Shell

https://github.com/0xsha/wp2shell

https://github.com/4B3R4M4-607D/CVE-2026-63030-POC

https://github.com/eyesecurity/wp2shell-compromise-scanner-plugin

https://github.com/JohenLastGen-JLG/wp2shell

https://github.com/Icex0/wp2shell-poc

https://github.com/ebrasha/abdal-cve-2026-63030

https://github.com/h4cd0c/wp2shell

https://github.com/J4ck3LSyN-Gen2/CVE-2026-63030-wp2r00t

https://github.com/mrx-arafat/CVE-2026-63030-POC

https://github.com/ChiefYoru/CVE-2026-63030_PoC

https://github.com/attackercan/wp2shell-poc2

https://github.com/dinosn/wp2shell-lab

https://github.com/securelayer7/WordPresShell

https://github.com/Senanfurkan/wordpress-cve-2026-63030

https://github.com/yoerivegt/wp2shell-poc

https://github.com/Lutfifakee-Project/wp2shell

https://github.com/47Cid/wp2shell-lab

https://github.com/0xWhoknows/wp2shell

https://github.com/ZephrFish/wp2shell-scanner

https://github.com/kulichr/wp2shell

https://github.com/ekomsSavior/wp2shell

https://github.com/0xBlackash/CVE-2026-63030

https://github.com/zi3lak/wp2shell_scanner

https://github.com/CybersecSpirit/CVE-2026-63030

https://github.com/zeroc00I/CVE-2026-63030

https://github.com/fullhunt/wp2shell-scan

https://github.com/NULL200OK/WP2Shell

https://github.com/4minx/CVE-2026-63030

_r_netsec@infosec.exchange at 2026-07-19T08:28:05.000Z ##

wp2shell (CVE-2026-63030) update: public working exploit now available for the WordPress core pre-auth RCE ransomnews.com/wp2shell-wordpr

##

raptor@infosec.exchange at 2026-07-19T06:22:20.000Z ##

🤯 wp2shell (CVE-2026-63030): Pre-Auth #RCE Chain in #WordPress Core

“WordPress patched it in 6.9.5 and 7.0.2, touching three files and sixteen lines. This post covers what broke, why the bugs connect, and what teams running WordPress need to do.”

fullhunt.io/blog/2026/07/17/wp

##

threatnoir@infosec.exchange at 2026-07-19T04:06:03.000Z ##

⚠️ CRITICAL: WordPress Core "wp2shell" RCE flaws get public exploits, patch now

Critical unauthenticated RCE vulnerabilities in WordPress Core (CVE-2026-63030, CVE-2026-60137) are actively exploited via public PoCs. The wp2shell attack chains REST API and SQL injection flaws to achieve code execution on default installations of WordPress 6.9.x and 7.0.x. All affected WordPress…

threatnoir.com/focus

#infosec #cybersecurity

##

DarkWebInformer@infosec.exchange at 2026-07-19T00:02:23.000Z ##

‼️ CVE-2026-63030: wp2shell, a critical remote code execution vulnerability in WordPress core

Credit: @hash_kitten // @assetnote

PoC: x.com/DarkWebInformer/status/2

##

_r_netsec@infosec.exchange at 2026-07-18T21:28:05.000Z ##

wp2shell (CVE-2026-63030): Pre-Auth RCE Chain in WordPress Core - Analysis and Open-Source Scanner fullhunt.io/blog/2026/07/17/wp

##

offseq@infosec.exchange at 2026-07-18T18:00:28.000Z ##

WordPress Core "wp2shell" CRITICAL RCE chain (CVE-2026-63030 & CVE-2026-60137) actively exploited. Affects 6.9.0 – 6.9.4 & 7.0.0 – 7.0.1. Public PoCs out. Patch to 6.9.5/7.0.2 ASAP. Block REST API endpoints as temp mitigation. radar.offseq.com/threat/wordpr #OffSeq #WordPress #RCE #Vuln

##

davidgerard@circumstances.run at 2026-07-18T16:17:54.000Z ##

Update your WordPress to 7.0.2/6.9.5, it's important

discourse.ifin.network/t/cve-2

ETA: the above text is not a call for CMS evangelists, just fucking don't thanks

##

secdb@infosec.exchange at 2026-07-18T15:42:16.000Z ##

🚨 wp2shell affects multiple vulnerabilities (CVE-2026-63030, CVE-2026-60137).

- CVE-2026-63030 (HIGH) - WordPress < 7.0.2 - REST API batch-route confusion and SQL injection issue leading to Remote Code Execution
- CVE-2026-60137 (CRITICAL) - WordPress < 7.0.2 - Facilitated SQL Injection via author__not_in in WP_Query

Running WordPress? Check your versions and patch to 6.8.6 / 6.9.5 / 7.0.2. If you can't patch immediately, apply the mitigations in the meantime.

ℹ️ Additional information on ZEN SecDB
secdb.nttzen.cloud/updates/a5a

#infosec #wordpress #rce #sqlinjection #cve202663030 #cve202660137
#nttdata #zen #secdb #vulnerability_intelligence

##

thehackerwire@mastodon.social at 2026-07-18T15:01:19.000Z ##

🔴 CVE-2026-63030 - Critical (9.8)

WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, combined with the author__not_in WP_Query SQL Injection (CVE-2026-60137), could allow an attacker to perform SQL Injection an...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

pentesttools@infosec.exchange at 2026-07-18T13:34:36.000Z ##

#WordPress admins - we got you covered! 🫡 → We've just shipped detection for #wp2shell through our Network Scanner. ⚡️ The fastest way to use it is to:

◉ run a single-CVE scan for CVE-2026-63030 - which also covers CVE-2026-60137 - the SQL injection flaw that chains to give attackers RCE
◉ Based on your scan results, either patch or confirm you're already on 6.8.6, 6.9.5, or 7.0.2.
◉ Re-scan to confirm remediation and rule out residual exposure across your other assets.

Remember: updating your main install doesn't cover *every* WP instance you own. Using Pentest-Tools.com means you can expand visibility across your wider attack surface, not just the site you remember exists.

Technical CVE details below. ↘︎↘︎↘︎

See why an estimated 500+ million websites running WP are vulnerable to this critical vulnerability: pentest-tools.com/vulnerabilit

#vulnerabilityassessment #ethicalhacking #offensivesecurity

##

security_crawler_carl@infosec.exchange at 2026-07-18T13:05:54.000Z ##

🏆 New Achievement! wp2Shell We Have A Problem!

QUEST UPDATE — PREREQUISITE FAILED: "Have A Website That Isn't On Fire." WordPress Core carries CVE-2026-63030, a critical unauthenticated remote code execution flaw haunting versions 6.9.0 through 6.9.4 and 7.0.0 through 7.0.1. No login required. No credentials to steal. The attacker just knocks and your site answers. A companion SQL injection, CVE-2026-60137, is also along for the ride, because one cursed artifact is never enough. (1/2)

##

obivan@infosec.exchange at 2026-07-18T10:46:00.000Z ##

wp2shell (CVE-2026-63030 + CVE-2026-60137): Independent Root Cause Analysis github.com/tcyph3r/wp2shell-cv

##

DailyCyberSecurity@infosec.exchange at 2026-07-18T01:56:15.000Z ##

WordPress pre-auth RCE CVE-2026-63030 chains a REST batch bug with SQL injection. Details and a public PoC are out. Update to WordPress 7.0.2 now.

#WordPress #PreAuthRCE #CVE202663030 #SQLInjection #wp2shell #WebSecurity #InfoSec

securityonline.info/wordpress-

##

DarkWebInformer@infosec.exchange at 2026-07-17T22:53:05.000Z ##

‼️🚨 CVE-2026-63030 // wp2shell-poc: Proof-of-concept for an unauthenticated SQL injection in WordPress core that chains to remote code execution, via REST batch route confusion.

PoC: github.com/Icex0/wp2shell-poc

##

christopherkunz@chaos.social at 2026-07-17T21:19:55.000Z ##

@shellsharks New fodder for vulnerability.garden: wp2shell is CVE-2026-63030 / github.com/WordPress/wordpress

##

threatnoir@infosec.exchange at 2026-07-19T04:06:03.000Z ##

⚠️ CRITICAL: WordPress Core "wp2shell" RCE flaws get public exploits, patch now

Critical unauthenticated RCE vulnerabilities in WordPress Core (CVE-2026-63030, CVE-2026-60137) are actively exploited via public PoCs. The wp2shell attack chains REST API and SQL injection flaws to achieve code execution on default installations of WordPress 6.9.x and 7.0.x. All affected WordPress…

threatnoir.com/focus

#infosec #cybersecurity

##

offseq@infosec.exchange at 2026-07-18T18:00:28.000Z ##

WordPress Core "wp2shell" CRITICAL RCE chain (CVE-2026-63030 & CVE-2026-60137) actively exploited. Affects 6.9.0 – 6.9.4 & 7.0.0 – 7.0.1. Public PoCs out. Patch to 6.9.5/7.0.2 ASAP. Block REST API endpoints as temp mitigation. radar.offseq.com/threat/wordpr #OffSeq #WordPress #RCE #Vuln

##

davidgerard@circumstances.run at 2026-07-18T16:17:54.000Z ##

Update your WordPress to 7.0.2/6.9.5, it's important

discourse.ifin.network/t/cve-2

ETA: the above text is not a call for CMS evangelists, just fucking don't thanks

##

secdb@infosec.exchange at 2026-07-18T15:42:16.000Z ##

🚨 wp2shell affects multiple vulnerabilities (CVE-2026-63030, CVE-2026-60137).

- CVE-2026-63030 (HIGH) - WordPress < 7.0.2 - REST API batch-route confusion and SQL injection issue leading to Remote Code Execution
- CVE-2026-60137 (CRITICAL) - WordPress < 7.0.2 - Facilitated SQL Injection via author__not_in in WP_Query

Running WordPress? Check your versions and patch to 6.8.6 / 6.9.5 / 7.0.2. If you can't patch immediately, apply the mitigations in the meantime.

ℹ️ Additional information on ZEN SecDB
secdb.nttzen.cloud/updates/a5a

#infosec #wordpress #rce #sqlinjection #cve202663030 #cve202660137
#nttdata #zen #secdb #vulnerability_intelligence

##

thehackerwire@mastodon.social at 2026-07-18T15:01:19.000Z ##

🔴 CVE-2026-63030 - Critical (9.8)

WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, combined with the author__not_in WP_Query SQL Injection (CVE-2026-60137), could allow an attacker to perform SQL Injection an...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

pentesttools@infosec.exchange at 2026-07-18T13:34:36.000Z ##

#WordPress admins - we got you covered! 🫡 → We've just shipped detection for #wp2shell through our Network Scanner. ⚡️ The fastest way to use it is to:

◉ run a single-CVE scan for CVE-2026-63030 - which also covers CVE-2026-60137 - the SQL injection flaw that chains to give attackers RCE
◉ Based on your scan results, either patch or confirm you're already on 6.8.6, 6.9.5, or 7.0.2.
◉ Re-scan to confirm remediation and rule out residual exposure across your other assets.

Remember: updating your main install doesn't cover *every* WP instance you own. Using Pentest-Tools.com means you can expand visibility across your wider attack surface, not just the site you remember exists.

Technical CVE details below. ↘︎↘︎↘︎

See why an estimated 500+ million websites running WP are vulnerable to this critical vulnerability: pentest-tools.com/vulnerabilit

#vulnerabilityassessment #ethicalhacking #offensivesecurity

##

security_crawler_carl@infosec.exchange at 2026-07-18T13:05:54.000Z ##

🏆 New Achievement! wp2Shell We Have A Problem!

QUEST UPDATE — PREREQUISITE FAILED: "Have A Website That Isn't On Fire." WordPress Core carries CVE-2026-63030, a critical unauthenticated remote code execution flaw haunting versions 6.9.0 through 6.9.4 and 7.0.0 through 7.0.1. No login required. No credentials to steal. The attacker just knocks and your site answers. A companion SQL injection, CVE-2026-60137, is also along for the ride, because one cursed artifact is never enough. (1/2)

##

obivan@infosec.exchange at 2026-07-18T10:46:00.000Z ##

wp2shell (CVE-2026-63030 + CVE-2026-60137): Independent Root Cause Analysis github.com/tcyph3r/wp2shell-cv

##

ottoto2017@prattohome.com at 2026-07-18T05:33:26.000Z ##

「WordPressコアに新たなwp2shellの脆弱性が発見され、認証されていない攻撃者がコードを実行できるようになった。 」: #TheHackerNews

「匿名HTTPリクエストによって、WordPressサイト上でコードを実行できる脆弱性が発見されました。このバグはコア部分に存在するため、プラグインを一切インストールしていない状態でも悪用可能です。WordPressが6.9.5と7.0.2をリリースし、自動更新システムによる強制更新機能を有効にした金曜日までは、6.9および7.0バージョンのすべてのサイトが影響を受けていました。

wp2shell は1つのバグではなく、2つのバグから成り立っており、どちらにもCVE IDが付与されています。CVE -2026-63030 はREST APIのバッチルーティングの混同に関する脆弱性、 CVE-2026-60137 はWordPressコアにおけるSQLインジェクションの脆弱性です。 」

thehackernews.com/2026/07/new-

#prattohome

##

CVE-2026-15631
(0 None)

EPSS: 0.30%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-18T14:00:23.000Z ##

🟠 CVE-2026-15631 - High (8.7)

Impact: @fastify/http-proxy versions from 9.4.0 up to and including 11.5.0 fail to validate the resolved WebSocket destination path against the configured rewrite prefix. The WebSocket routing path in WebSocketProxy.findUpstream resolves the desti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-16158
(0 None)

EPSS: 0.23%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-18T14:00:01.000Z ##

🟠 CVE-2026-16158 - High (8.7)

Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenating the destination and source path without a delimiter. Different destination and source pairs can therefore produce the ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-56741
(0 None)

EPSS: 0.52%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-18T05:00:21.000Z ##

🟠 CVE-2026-56741 - High (7.5)

JLine is a Java library for handling console input. Prior to 3.30.14, 4.0.16, and 4.2.1, the JLine3 Telnet server remote-telnet module does not apply an upper bound to terminal dimensions received via the Telnet NAWS option, and TelnetIO.handleNAW...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54523
(0 None)

EPSS: 0.00%

2 posts

N/A

DarkWebInformer@infosec.exchange at 2026-07-17T18:03:25.000Z ##

‼️ New Dark Web Informer Blog Post!

Title: One Namespace String to kube-system: Cross-Namespace Privilege Escalation in Kyverno (CVE-2026-54523)

Link: darkwebinformer.com/one-namesp

💥 Get early visibility into underground claims, including unblurred screenshots, before they turn into headlines: darkwebinformer.com/pricing

##

DailyCyberSecurity@infosec.exchange at 2026-07-17T13:11:39.000Z ##

Kyverno vulnerability CVE-2026-54523 (CVSS 9.6) is public with PoC exploit code. It lets a tenant gain admin in any namespace. Update to v1.18.2.

#Kyverno #CVE202654523 #PrivilegeEscalation #Kubernetes #CyberSecurity

securityonline.info/kyverno-cv

##

CVE-2026-44436
(0 None)

EPSS: 0.28%

1 posts

N/A

hugovalters@mastodon.social at 2026-07-17T14:05:09.000Z ##

CVE-2026-44436 - High-severity DoS in Quicly (H2O HTTP server). Connection ID handling flaw can corrupt state. CVSS 7.5. No patch available yet. Monitor for updates. #CVE #infosec #cybersecurity

valtersit.com/cve/CVE-2026-444

##

CVE-2026-39359
(0 None)

EPSS: 0.24%

1 posts

N/A

CVE-2026-15899
(0 None)

EPSS: 0.00%

1 posts

N/A

CVE-2026-59827
(0 None)

EPSS: 0.46%

1 posts

N/A

1 repos

https://github.com/c0gnit00/CVE-2026-59827

DailyCyberSecurity@infosec.exchange at 2026-07-16T14:04:39.000Z ##

Metabase patched CVE-2026-59827 (CVSS 9.9) and CVE-2026-59826 (CVSS 9.1). These flaws enable remote code execution via unsafe H2 deserialization.

#Metabase #RCE #CVE202659827 #Deserialization #H2Database

securityonline.info/metabase-h

##

CVE-2026-55445
(0 None)

EPSS: 0.40%

1 posts

N/A

offseq@infosec.exchange at 2026-07-16T01:30:25.000Z ##

CVE-2026-55445: Qinglong <2.20.1 has a CRITICAL improper authentication bug (CVSS 9.3). Attackers can reset admin credentials on initialized systems via /open/user/init. Upgrade to 2.20.1 ASAP. radar.offseq.com/threat/cve-20 #OffSeq #CVE202655445 #Vuln #Qinglong

##

CVE-2026-55234
(0 None)

EPSS: 0.24%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-15T23:00:28.000Z ##

🟠 CVE-2026-55234 - High (8.5)

Wekan is open source kanban built with Meteor. Prior to 9.37, Wekan DDP update allow rules in server/permissions/cards.js, server/permissions/lists.js, and server/permissions/swimlanes.js authorize against the stored source boardId and do not vali...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55652
(0 None)

EPSS: 0.36%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-15T23:00:17.000Z ##

🔴 CVE-2026-55652 - Critical (9.8)

Wekan is open source kanban built with Meteor. Prior to 9.46, header-login with HEADER_LOGIN_TRUSTED_IPS uses getRequestIp() in server/lib/headerLoginAuth.js to trust the client-supplied X-Forwarded-For header before the real socket address, allow...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

Visit counter For Websites