| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40313 | 9.1 | 0.00% | 4 | 0 | 2026-04-14T04:17:13.890000 | PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitH | |
| CVE-2026-40289 | 9.1 | 0.00% | 4 | 0 | 2026-04-14T04:17:12.710000 | PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI | |
| CVE-2026-40288 | 9.8 | 0.00% | 4 | 0 | 2026-04-14T04:17:12.210000 | PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI | |
| CVE-2026-40287 | 8.4 | 0.00% | 2 | 0 | 2026-04-14T04:17:11.977000 | PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerab | |
| CVE-2026-6264 | 9.8 | 0.00% | 4 | 0 | 2026-04-14T03:16:09.050000 | A critical vulnerability in the Talend JobServer and Talend Runtime allows unaut | |
| CVE-2026-4365 | 9.1 | 0.00% | 2 | 0 | 2026-04-14T02:16:05.767000 | The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion | |
| CVE-2026-4352 | 7.5 | 0.00% | 2 | 0 | 2026-04-14T02:16:05.613000 | The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom | |
| CVE-2026-22564 | 9.8 | 0.00% | 2 | 0 | 2026-04-14T00:31:19 | An Improper Access Control vulnerability could allow a malicious actor with acce | |
| CVE-2026-22566 | 7.5 | 0.00% | 2 | 0 | 2026-04-14T00:31:12 | An Improper Access Control vulnerability could allow a malicious actor with acce | |
| CVE-2026-40164 | 7.5 | 0.00% | 2 | 0 | 2026-04-14T00:16:07.360000 | jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02 | |
| CVE-2026-27681 | 9.9 | 0.00% | 4 | 0 | 2026-04-14T00:16:06.560000 | Due to insufficient authorization checks in SAP Business Planning and Consolidat | |
| CVE-2026-33901 | 7.5 | 0.00% | 2 | 0 | 2026-04-14T00:07:45 | A heap buffer overflow occurs in the MVG decoder that could result in an out of | |
| CVE-2026-33908 | 7.5 | 0.00% | 2 | 0 | 2026-04-14T00:06:45 | Magick frees the memory of the XML tree via the `DestroyXMLTree` function; howev | |
| CVE-2026-22563 | 9.8 | 0.00% | 4 | 0 | 2026-04-13T22:16:28.050000 | A series of Improper Input Validation vulnerabilities could allow a Command Inje | |
| CVE-2026-22562 | 9.8 | 0.00% | 2 | 0 | 2026-04-13T22:16:27.870000 | A malicious actor with access to the UniFi Play network could exploit a Path Tra | |
| CVE-2026-30999 | 7.5 | 0.00% | 2 | 0 | 2026-04-13T21:31:47 | A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 all | |
| CVE-2026-30997 | 7.5 | 0.00% | 2 | 0 | 2026-04-13T21:31:47 | An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) | |
| CVE-2025-66769 | 7.5 | 0.00% | 2 | 0 | 2026-04-13T21:31:47 | A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attack | |
| CVE-2026-40044 | 9.8 | 0.00% | 2 | 0 | 2026-04-13T21:30:51 | Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticate | |
| CVE-2026-6198 | 8.8 | 0.00% | 2 | 0 | 2026-04-13T21:30:51 | A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the fun | |
| CVE-2026-6197 | 8.8 | 0.00% | 2 | 0 | 2026-04-13T21:30:51 | A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the func | |
| CVE-2026-34621 | 8.6 | 0.04% | 23 | 2 | 2026-04-13T21:23:27 | Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by a | |
| CVE-2026-35650 | 7.5 | 0.06% | 1 | 0 | 2026-04-13T20:46:42.373000 | OpenClaw before 2026.3.22 contains an environment variable override handling vul | |
| CVE-2026-35668 | 7.7 | 0.05% | 2 | 0 | 2026-04-13T20:43:10.547000 | OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enf | |
| CVE-2026-35663 | 8.8 | 0.04% | 1 | 0 | 2026-04-13T20:39:05.993000 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing | |
| CVE-2026-30998 | 7.5 | 0.00% | 2 | 0 | 2026-04-13T20:16:33.003000 | An improper resource deallocation and closure vulnerability in the tools/zmqsend | |
| CVE-2025-69624 | 7.5 | 0.00% | 2 | 0 | 2026-04-13T20:16:26.437000 | Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerab | |
| CVE-2026-35641 | 7.8 | 0.01% | 1 | 0 | 2026-04-13T20:14:11.753000 | OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in | |
| CVE-2026-34197 | 8.8 | 6.22% | 1 | 6 | template | 2026-04-13T19:21:56 | Improper Input Validation, Improper Control of Generation of Code ('Code Injecti |
| CVE-2026-6200 | 8.8 | 0.00% | 2 | 0 | 2026-04-13T19:16:58.240000 | A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is th | |
| CVE-2026-6199 | 8.8 | 0.00% | 2 | 0 | 2026-04-13T19:16:58.033000 | A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqo | |
| CVE-2026-40042 | 9.8 | 0.00% | 2 | 0 | 2026-04-13T19:16:51.960000 | Pachno 1.0.6 contains an XML external entity injection vulnerability that allows | |
| CVE-2026-40040 | 8.8 | 0.00% | 2 | 0 | 2026-04-13T19:16:51.617000 | Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows auth | |
| CVE-2023-21529 | 8.8 | 36.68% | 9 | 0 | 2026-04-13T19:00:02.583000 | Microsoft Exchange Server Remote Code Execution Vulnerability | |
| CVE-2026-21643 | 9.8 | 13.70% | 7 | 2 | template | 2026-04-13T19:00:02.583000 | An improper neutralization of special elements used in an sql command ('sql inje |
| CVE-2025-60710 | 7.8 | 0.19% | 7 | 1 | 2026-04-13T18:31:39 | Improper link resolution before file access ('link following') in Host Process f | |
| CVE-2026-6196 | 8.8 | 0.00% | 2 | 0 | 2026-04-13T18:30:49 | A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fr | |
| CVE-2026-6194 | 8.8 | 0.00% | 2 | 0 | 2026-04-13T18:30:48 | A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by t | |
| CVE-2026-6186 | 8.8 | 0.00% | 2 | 0 | 2026-04-13T18:30:48 | A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-17030 | |
| CVE-2026-5085 | 9.1 | 0.02% | 2 | 0 | 2026-04-13T18:30:40 | Solstice::Session versions through 1440 for Perl generates session ids insecurel | |
| CVE-2023-36424 | 7.8 | 10.30% | 7 | 1 | 2026-04-13T18:30:35 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | |
| CVE-2020-9715 | 7.8 | 50.44% | 7 | 2 | 2026-04-13T18:30:34 | Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 20 | |
| CVE-2012-1854 | 7.8 | 1.36% | 7 | 0 | 2026-04-13T18:30:34 | Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 20 | |
| CVE-2026-6195 | 9.8 | 0.00% | 2 | 0 | 2026-04-13T18:16:32.353000 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191 | |
| CVE-2026-32316 | 8.2 | 0.00% | 2 | 0 | 2026-04-13T18:16:29.420000 | jq is a command-line JSON processor. An integer overflow vulnerability exists th | |
| CVE-2026-28291 | 8.1 | 0.00% | 2 | 0 | 2026-04-13T18:16:28.760000 | simple-git enables running native Git commands from JavaScript. Versions up to a | |
| CVE-2026-33858 | 8.8 | 0.00% | 2 | 0 | 2026-04-13T17:16:28.600000 | Dag Authors, who normally should not be able to execute code in the webserver co | |
| CVE-2026-32252 | 7.7 | 0.02% | 1 | 0 | 2026-04-13T16:16:26.590000 | Chartbrew is an open-source web application that can connect directly to databas | |
| CVE-2026-35337 | 8.8 | 0.30% | 3 | 0 | 2026-04-13T15:32:45 | Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affec | |
| CVE-2026-1462 | 8.8 | 0.00% | 2 | 0 | 2026-04-13T15:31:50 | A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, | |
| CVE-2026-40198 | 7.5 | 0.03% | 2 | 0 | 2026-04-13T15:31:37 | Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count | |
| CVE-2026-34578 | 8.2 | 0.20% | 1 | 0 | 2026-04-13T15:02:47.353000 | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNs | |
| CVE-2026-33266 | 7.5 | 0.02% | 1 | 0 | 2026-04-13T15:02:47.353000 | Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The r | |
| CVE-2026-39853 | 7.8 | 0.01% | 1 | 0 | 2026-04-13T15:02:47.353000 | osslsigncode is a tool that implements Authenticode signing and timestamping. Pr | |
| CVE-2026-39843 | 7.7 | 0.03% | 1 | 0 | 2026-04-13T15:02:47.353000 | Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, | |
| CVE-2026-39974 | 8.5 | 0.03% | 1 | 0 | 2026-04-13T15:02:27.760000 | n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants wit | |
| CVE-2026-1584 | 7.5 | 0.08% | 1 | 0 | 2026-04-13T15:02:27.760000 | A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this | |
| CVE-2026-30478 | 8.8 | 0.01% | 1 | 0 | 2026-04-13T15:02:27.760000 | A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windo | |
| CVE-2026-39983 | 8.6 | 1.56% | 1 | 1 | 2026-04-13T15:02:27.760000 | basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP com | |
| CVE-2026-39981 | 8.8 | 0.48% | 1 | 0 | 2026-04-13T15:02:27.760000 | AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() | |
| CVE-2026-40069 | 7.5 | 0.03% | 1 | 0 | 2026-04-13T15:02:27.760000 | BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, | |
| CVE-2025-13926 | 9.8 | 0.07% | 1 | 0 | 2026-04-13T15:02:27.760000 | An attacker could use data obtained by sniffing the network traffic to forge pa | |
| CVE-2026-29146 | 7.5 | 0.03% | 2 | 0 | 2026-04-13T15:02:27.760000 | Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default | |
| CVE-2026-29129 | 7.5 | 0.02% | 1 | 0 | 2026-04-13T15:02:27.760000 | Configured cipher preference order not preserved vulnerability in Apache Tomcat. | |
| CVE-2026-24880 | 7.5 | 0.03% | 1 | 0 | 2026-04-13T15:02:27.760000 | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') | |
| CVE-2026-34486 | 7.5 | 0.01% | 1 | 0 | 2026-04-13T15:02:27.760000 | Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to theΒ f | |
| CVE-2026-40175 | 10.0 | 0.24% | 2 | 3 | 2026-04-13T15:02:06.187000 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15. | |
| CVE-2026-1115 | 9.6 | 0.04% | 1 | 0 | 2026-04-13T15:02:06.187000 | A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social f | |
| CVE-2026-6028 | 9.8 | 0.89% | 1 | 0 | 2026-04-13T15:02:06.187000 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191 | |
| CVE-2026-6027 | 9.8 | 0.89% | 1 | 0 | 2026-04-13T15:02:06.187000 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This is | |
| CVE-2026-6029 | 9.8 | 0.89% | 1 | 0 | 2026-04-13T15:02:06.187000 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affec | |
| CVE-2026-22750 | 7.5 | 0.03% | 1 | 0 | 2026-04-13T15:02:06.187000 | When configuring SSL bundles in Spring Cloud Gateway by using the configuration | |
| CVE-2026-39304 | 7.5 | 0.04% | 1 | 0 | 2026-04-13T15:02:06.187000 | Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apa | |
| CVE-2026-33707 | 9.4 | 0.07% | 2 | 0 | 2026-04-13T15:02:06.187000 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, th | |
| CVE-2026-40157 | 0 | 0.07% | 1 | 0 | 2026-04-13T15:02:06.187000 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the rec | |
| CVE-2026-40217 | 8.8 | 0.19% | 1 | 0 | 2026-04-13T15:02:06.187000 | LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via | |
| CVE-2026-6067 | 7.5 | 0.06% | 1 | 0 | 2026-04-13T15:02:06.187000 | A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due | |
| CVE-2026-35595 | 8.3 | 0.03% | 1 | 0 | 2026-04-13T15:02:06.187000 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, | |
| CVE-2026-40158 | 8.6 | 0.03% | 2 | 0 | 2026-04-13T15:02:06.187000 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based | |
| CVE-2026-32892 | 9.1 | 0.19% | 2 | 0 | 2026-04-13T15:02:06.187000 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Ch | |
| CVE-2026-40200 | 8.1 | 0.01% | 1 | 0 | 2026-04-13T15:02:06.187000 | An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory co | |
| CVE-2026-31941 | 7.7 | 0.03% | 1 | 0 | 2026-04-13T15:02:06.187000 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Ch | |
| CVE-2026-31940 | 7.5 | 0.04% | 1 | 0 | 2026-04-13T15:02:06.187000 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in | |
| CVE-2026-5483 | 8.5 | 0.06% | 1 | 0 | 2026-04-13T15:02:06.187000 | A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in | |
| CVE-2026-33618 | 8.8 | 0.05% | 1 | 0 | 2026-04-13T15:02:06.187000 | Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformCon | |
| CVE-2026-33710 | 7.5 | 0.03% | 1 | 0 | 2026-04-13T15:02:06.187000 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, RE | |
| CVE-2026-1116 | 8.2 | 0.01% | 3 | 0 | 2026-04-13T15:01:43.663000 | A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` met | |
| CVE-2026-3830 | 8.6 | 0.04% | 1 | 0 | 2026-04-13T15:01:43.663000 | The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not | |
| CVE-2026-5936 | 8.5 | 0.03% | 1 | 0 | 2026-04-13T15:01:43.663000 | An attacker can control a server-side HTTP request by supplying a crafted URL, c | |
| CVE-2026-25208 | 8.1 | 0.04% | 1 | 0 | 2026-04-13T15:01:43.663000 | Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow B | |
| CVE-2026-25205 | 7.4 | 0.01% | 1 | 0 | 2026-04-13T15:01:43.663000 | Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows | |
| CVE-2026-6156 | 9.8 | 0.89% | 2 | 0 | 2026-04-13T15:01:43.663000 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191 | |
| CVE-2026-40393 | 8.1 | 0.04% | 1 | 0 | 2026-04-13T15:01:43.663000 | In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occu | |
| CVE-2026-6131 | 9.8 | 0.89% | 1 | 0 | 2026-04-13T15:01:43.663000 | A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by | |
| CVE-2026-34853 | 7.7 | 0.01% | 1 | 0 | 2026-04-13T15:01:43.663000 | Permission bypass vulnerability in the LBS module. Impact: Successful exploitati | |
| CVE-2026-6133 | 8.8 | 0.05% | 1 | 0 | 2026-04-13T15:01:43.663000 | A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects th | |
| CVE-2026-6135 | 8.8 | 0.05% | 1 | 0 | 2026-04-13T15:01:43.663000 | A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affe | |
| CVE-2026-6140 | 9.8 | 0.89% | 2 | 0 | 2026-04-13T15:01:43.663000 | A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts | |
| CVE-2026-6113 | 9.8 | 0.89% | 2 | 0 | 2026-04-13T15:01:43.663000 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191 | |
| CVE-2026-6121 | 8.8 | 0.05% | 1 | 0 | 2026-04-13T15:01:43.663000 | A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is t | |
| CVE-2026-6115 | 9.8 | 0.89% | 2 | 0 | 2026-04-13T15:01:43.663000 | A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the | |
| CVE-2026-6120 | 8.8 | 0.05% | 1 | 0 | 2026-04-13T15:01:43.663000 | A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fro | |
| CVE-2026-6116 | 9.8 | 0.89% | 2 | 0 | 2026-04-13T15:01:43.663000 | A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vu | |
| CVE-2026-6114 | 9.8 | 0.89% | 2 | 0 | 2026-04-13T15:01:43.663000 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected | |
| CVE-2026-6106 | 3.5 | 0.03% | 1 | 0 | 2026-04-13T15:01:43.663000 | A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability | |
| CVE-2026-5144 | 8.8 | 0.05% | 1 | 0 | 2026-04-13T15:01:43.663000 | The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalat | |
| CVE-2026-5809 | 7.1 | 0.03% | 2 | 0 | 2026-04-13T15:01:43.663000 | The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion i | |
| CVE-2026-4149 | 10.0 | 1.27% | 2 | 0 | 2026-04-13T15:01:43.663000 | Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerabil | |
| CVE-2026-4153 | 7.8 | 0.06% | 1 | 0 | 2026-04-13T15:01:43.663000 | GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi | |
| CVE-2026-4152 | 7.8 | 0.06% | 1 | 0 | 2026-04-13T15:01:43.663000 | GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi | |
| CVE-2026-4151 | 7.8 | 0.06% | 1 | 0 | 2026-04-13T15:01:43.663000 | GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This | |
| CVE-2026-6168 | 8.8 | 0.08% | 1 | 0 | 2026-04-13T09:31:39 | A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element | |
| CVE-2026-6154 | 9.8 | 0.89% | 2 | 0 | 2026-04-13T06:30:37 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th | |
| CVE-2026-6155 | 9.8 | 0.89% | 2 | 0 | 2026-04-13T06:30:37 | A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted elem | |
| CVE-2026-6157 | 8.8 | 0.08% | 1 | 0 | 2026-04-13T06:30:37 | A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impa | |
| CVE-2026-6152 | 7.3 | 0.03% | 1 | 0 | 2026-04-13T03:30:35 | A vulnerability was determined in code-projects Vehicle Showroom Management Syst | |
| CVE-2026-6139 | 9.8 | 0.89% | 2 | 0 | 2026-04-13T03:30:29 | A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This af | |
| CVE-2026-6138 | 9.8 | 0.89% | 2 | 0 | 2026-04-13T00:30:34 | A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted ele | |
| CVE-2026-6132 | 9.8 | 0.89% | 2 | 0 | 2026-04-13T00:30:34 | A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affecte | |
| CVE-2026-6134 | 8.8 | 0.02% | 1 | 0 | 2026-04-13T00:30:34 | A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulne | |
| CVE-2026-6137 | 8.8 | 0.05% | 1 | 0 | 2026-04-13T00:30:34 | A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected elem | |
| CVE-2026-6136 | 8.8 | 0.05% | 1 | 0 | 2026-04-13T00:30:34 | A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Imp | |
| CVE-2026-6124 | 8.8 | 0.05% | 1 | 0 | 2026-04-12T09:31:45 | A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects | |
| CVE-2026-6122 | 8.8 | 0.05% | 1 | 0 | 2026-04-12T09:31:45 | A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is | |
| CVE-2026-6123 | 8.8 | 0.09% | 1 | 0 | 2026-04-12T09:31:44 | A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromA | |
| CVE-2026-6112 | 9.8 | 0.89% | 2 | 0 | 2026-04-12T06:30:33 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affecte | |
| CVE-2026-31845 | 9.3 | 0.02% | 2 | 0 | 2026-04-11T21:30:24 | A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM v | |
| CVE-2026-5217 | 7.2 | 0.08% | 1 | 0 | 2026-04-11T03:30:41 | The Optimole β Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image O | |
| CVE-2026-4150 | 7.8 | 0.06% | 1 | 0 | 2026-04-11T03:30:41 | GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This | |
| CVE-2026-29145 | 9.1 | 0.06% | 1 | 1 | 2026-04-10T22:07:26 | CLIENT_CERT authentication does not fail as expected for some scenarios when sof | |
| CVE-2026-34487 | 7.5 | 0.03% | 1 | 0 | 2026-04-10T21:38:44 | Insertion of Sensitive Information into Log File vulnerability in the cloud memb | |
| CVE-2026-34483 | 7.5 | 0.03% | 1 | 0 | 2026-04-10T21:38:24 | Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve | |
| CVE-2026-40189 | None | 0.10% | 1 | 0 | 2026-04-10T21:37:33 | ### Summary goshs enforces the documented per-folder `.goshs` ACL/basic-auth mec | |
| CVE-2026-40188 | 7.7 | 0.03% | 1 | 0 | 2026-04-10T21:37:28 | ### Summary The SFTP command rename sanitizes only the source path and not the d | |
| CVE-2026-40046 | 5.4 | 0.04% | 1 | 0 | 2026-04-10T21:35:58 | Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ | |
| CVE-2026-34020 | 7.5 | 0.03% | 1 | 0 | 2026-04-10T21:35:18 | Use of GET Request Method With Sensitive Query Strings vulnerability in Apache O | |
| CVE-2026-6057 | 9.8 | 0.11% | 1 | 0 | 2026-04-10T21:32:22 | FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability | |
| CVE-2026-5412 | 10.0 | 0.04% | 1 | 0 | 2026-04-10T21:00:18 | ### Impact If a user has login permission to a controller and knows the control | |
| CVE-2026-35643 | 8.8 | 0.04% | 2 | 0 | 2026-04-10T19:38:05 | ## Summary Android Canvas WebView pages from untrusted origins could invoke the | |
| CVE-2026-35666 | 8.8 | 0.04% | 1 | 0 | 2026-04-10T19:37:45 | ## Summary Allow-always exec approvals did not unwrap /usr/bin/time, so an unreg | |
| CVE-2026-40163 | 8.2 | 0.08% | 1 | 0 | 2026-04-10T19:30:28 | ### Summary Two unauthenticated path traversal vulnerabilities exist in Saltcor | |
| CVE-2026-40156 | 7.8 | 0.02% | 1 | 0 | 2026-04-10T19:26:45 | PraisonAI automatically loads a file named `tools.py` from the current working d | |
| CVE-2026-35669 | None | 0.04% | 1 | 0 | 2026-04-10T17:29:55 | ## Summary Gateway Plugin HTTP auth: "gateway" Mints operator.admin Runtime Sco | |
| CVE-2026-35660 | None | 0.04% | 1 | 0 | 2026-04-10T17:27:04 | ## Summary Before `v2026.3.23`, the Gateway `agent` RPC accepted `/reset` and `/ | |
| CVE-2026-35653 | 8.1 | 0.04% | 1 | 0 | 2026-04-10T17:24:51 | > Fixed in OpenClaw 2026.3.24, the current shipping release. # Title `browser. | |
| CVE-2025-5804 | 7.5 | 0.07% | 1 | 0 | 2026-04-10T15:32:07 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2025-58913 | 8.1 | 0.11% | 1 | 0 | 2026-04-10T15:32:07 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-33092 | 7.8 | 0.01% | 1 | 0 | 2026-04-10T15:32:05 | Local privilege escalation due to improper handling of environment variables. Th | |
| CVE-2025-66168 | 5.4 | 0.07% | 1 | 0 | 2026-04-10T14:59:48 | Apache ActiveMQ does not properly validate the remaining length field which may | |
| CVE-2026-6026 | 9.8 | 0.89% | 1 | 0 | 2026-04-10T09:31:20 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Th | |
| CVE-2026-28704 | 7.8 | 0.01% | 1 | 0 | 2026-04-10T09:31:16 | Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file i | |
| CVE-2026-39912 | 9.1 | 0.06% | 1 | 1 | 2026-04-09T21:31:36 | V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication token | |
| CVE-2026-4436 | 8.6 | 0.05% | 1 | 0 | 2026-04-09T21:31:36 | A low-privileged remote attacker can send Modbus packets to manipulate register | |
| CVE-2026-40070 | 8.1 | 0.01% | 1 | 0 | 2026-04-09T20:28:11 | # Unverified certifier signatures persisted by `acquire_certificate` ## Affecte | |
| CVE-2026-39987 | None | 2.70% | 7 | 3 | template | 2026-04-09T19:06:18 | ## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal |
| CVE-2026-39942 | 8.5 | 0.03% | 1 | 0 | 2026-04-09T19:05:28 | ## Summary A broken access control vulnerability was identified in the Directus | |
| CVE-2026-39911 | 8.8 | 0.12% | 1 | 0 | 2026-04-09T18:31:34 | Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript exec | |
| CVE-2026-5329 | 8.6 | 0.20% | 1 | 0 | 2026-04-09T18:31:34 | Rapid7 Velociraptor versions prior to 0.76.2Β contain an improper input validatio | |
| CVE-2026-4837 | 6.6 | 0.23% | 2 | 0 | 2026-04-08T21:26:13.410000 | An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic fo | |
| CVE-2026-39365 | None | 4.05% | 1 | 0 | template | 2026-04-07T22:16:29 | ### Summary Any files ending with `.map` even out side the project can be retur |
| CVE-2026-4519 | 0 | 0.03% | 1 | 0 | 2026-04-07T18:16:47.223000 | The webbrowser.open() API would accept leading dashes in the URL which could be | |
| CVE-2026-34885 | 8.5 | 5.71% | 1 | 0 | template | 2026-04-07T13:20:35.010000 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti |
| CVE-2026-22666 | 7.2 | 0.15% | 1 | 1 | 2026-04-07T13:20:11.643000 | Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code e | |
| CVE-2026-5690 | 7.3 | 4.86% | 1 | 0 | 2026-04-07T13:20:11.643000 | A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted ele | |
| CVE-2026-5689 | 7.3 | 4.86% | 1 | 0 | 2026-04-07T13:20:11.643000 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affec | |
| CVE-2026-5677 | 7.3 | 4.86% | 1 | 0 | 2026-04-07T13:20:11.643000 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Im | |
| CVE-2026-5691 | 7.3 | 4.86% | 1 | 0 | 2026-04-07T00:30:28 | A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This af | |
| CVE-2026-5692 | 7.3 | 4.86% | 1 | 0 | 2026-04-07T00:30:28 | A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts | |
| CVE-2026-5688 | 7.3 | 4.86% | 1 | 0 | 2026-04-07T00:30:28 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191 | |
| CVE-2026-5678 | 7.3 | 4.86% | 1 | 0 | 2026-04-06T21:31:41 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The aff | |
| CVE-2026-33613 | 7.2 | 0.15% | 1 | 0 | 2026-04-03T16:10:52.680000 | Due to the improper neutralisation of special elements used in an OS command, a | |
| CVE-2026-33614 | 7.5 | 0.06% | 1 | 0 | 2026-04-03T16:10:52.680000 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection | |
| CVE-2026-33616 | 7.5 | 0.06% | 1 | 0 | 2026-04-03T16:10:52.680000 | An unauthenticated remote attacker can exploit an unauthenticated blind SQL Inje | |
| CVE-2026-33615 | 9.1 | 0.10% | 1 | 0 | 2026-04-02T12:31:13 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection | |
| CVE-2026-33617 | 5.3 | 0.04% | 1 | 0 | 2026-04-02T12:31:13 | An unauthenticated remote attacker can access a configuration file containing da | |
| CVE-2026-3584 | 9.8 | 17.09% | 1 | 1 | template | 2026-03-21T00:32:48 | The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in al |
| CVE-2026-25253 | 8.8 | 0.09% | 2 | 9 | 2026-02-13T17:41:02.987000 | OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value f | |
| CVE-2025-0520 | 0 | 1.61% | 3 | 0 | 2025-11-04T23:15:33.920000 | An unrestricted file upload vulnerability in ShowDoc caused by improper validati | |
| CVE-2025-4802 | 7.8 | 0.04% | 2 | 1 | 2025-11-03T20:19:11.153000 | Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Librar | |
| CVE-2019-1367 | 7.5 | 89.25% | 1 | 1 | 2025-10-29T14:34:22.990000 | A remote code execution vulnerability exists in the way that the scripting engin | |
| CVE-2025-59528 | 10.0 | 82.39% | 2 | 10 | template | 2025-09-23T16:45:09.443000 | Flowise is a drag & drop user interface to build a customized large language mod |
| CVE-2025-59145 | 0 | 0.10% | 2 | 0 | 2025-09-16T12:49:16.060000 | color-name is a JSON with CSS color names. On 8 September 2025, an npm publishin | |
| CVE-2025-8061 | 7.0 | 0.01% | 1 | 3 | 2025-09-11T21:32:01 | A potential insufficient access control vulnerability was reported in the Lenovo | |
| CVE-2025-53928 | 0 | 0.78% | 1 | 0 | N/A | ||
| CVE-2026-32605 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-34079 | 0 | 0.13% | 1 | 0 | N/A | ||
| CVE-2026-39980 | 0 | 0.07% | 1 | 0 | N/A | ||
| CVE-2026-34734 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-33698 | 0 | 0.05% | 2 | 0 | N/A | ||
| CVE-2026-31939 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-32931 | 0 | 0.16% | 1 | 0 | N/A | ||
| CVE-2026-40168 | 0 | 0.04% | 1 | 0 | N/A |
updated 2026-04-14T04:17:13.890000
4 posts
π© CRITICAL CVE-2026-40313: PraisonAI β€ 4.5.139 exposes GITHUB_TOKEN in workflow artifacts. Attackers can push malicious code & steal secrets. Upgrade to 4.5.140+ & set persist-credentials: false. https://radar.offseq.com/threat/cve-2026-40313-cwe-829-inclusion-of-functionality--2d33a73b #OffSeq #SupplyChain #CVE202640313
##π΄ CVE-2026-40313 - Critical (9.1)
PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π© CRITICAL CVE-2026-40313: PraisonAI β€ 4.5.139 exposes GITHUB_TOKEN in workflow artifacts. Attackers can push malicious code & steal secrets. Upgrade to 4.5.140+ & set persist-credentials: false. https://radar.offseq.com/threat/cve-2026-40313-cwe-829-inclusion-of-functionality--2d33a73b #OffSeq #SupplyChain #CVE202640313
##π΄ CVE-2026-40313 - Critical (9.1)
PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-14T04:17:12.710000
4 posts
β οΈ CVE-2026-40289: PraisonAI <4.5.139 & praisonaiagents <1.5.140 have a critical missing auth vuln on /ws. Remote attackers can hijack browser automation sessions. Patch ASAP or restrict access! https://radar.offseq.com/threat/cve-2026-40289-cwe-306-missing-authentication-for--874e515b #OffSeq #Infosec #Vulnerability #PraisonAI
##π΄ CVE-2026-40289 - Critical (9.1)
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote session hijacking due to missing authentication an...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##β οΈ CVE-2026-40289: PraisonAI <4.5.139 & praisonaiagents <1.5.140 have a critical missing auth vuln on /ws. Remote attackers can hijack browser automation sessions. Patch ASAP or restrict access! https://radar.offseq.com/threat/cve-2026-40289-cwe-306-missing-authentication-for--874e515b #OffSeq #Infosec #Vulnerability #PraisonAI
##π΄ CVE-2026-40289 - Critical (9.1)
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote session hijacking due to missing authentication an...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40289/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-14T04:17:12.210000
4 posts
π¨ CVE-2026-40288 (CRITICAL, CVSS 9.8): PraisonAI <4.5.139 vulnerable to OS command injection via untrusted YAML files. Attackers can achieve full system compromise. Upgrade ASAP! More: https://radar.offseq.com/threat/cve-2026-40288-cwe-78-improper-neutralization-of-s-06bb92e7 #OffSeq #PraisonAI #InfoSec
##π΄ CVE-2026-40288 - Critical (9.8)
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run lo...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40288/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π¨ CVE-2026-40288 (CRITICAL, CVSS 9.8): PraisonAI <4.5.139 vulnerable to OS command injection via untrusted YAML files. Attackers can achieve full system compromise. Upgrade ASAP! More: https://radar.offseq.com/threat/cve-2026-40288-cwe-78-improper-neutralization-of-s-06bb92e7 #OffSeq #PraisonAI #InfoSec
##π΄ CVE-2026-40288 - Critical (9.8)
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run lo...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40288/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-14T04:17:11.977000
2 posts
π CVE-2026-40287 - High (8.4)
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py (import_tools_...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40287/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-40287 - High (8.4)
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py (import_tools_...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40287/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-14T03:16:09.050000
4 posts
π΄ CVE-2026-6264 - Critical (9.8)
A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6264/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CRITICAL: CVE-2026-6264 affects Talend JobServer 8.0 & 7.3. Unauthenticated RCE via JMX port β patch immediately or require TLS client auth for mitigation. Disable JMX in Runtime if possible. Details: https://radar.offseq.com/threat/cve-2026-6264-cwe-306-missing-authentication-for-c-26a424cb #OffSeq #Talend #Vuln #RCE #Infosec
##π΄ CVE-2026-6264 - Critical (9.8)
A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6264/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CRITICAL: CVE-2026-6264 affects Talend JobServer 8.0 & 7.3. Unauthenticated RCE via JMX port β patch immediately or require TLS client auth for mitigation. Disable JMX in Runtime if possible. Details: https://radar.offseq.com/threat/cve-2026-6264-cwe-306-missing-authentication-for-c-26a424cb #OffSeq #Talend #Vuln #RCE #Infosec
##updated 2026-04-14T02:16:05.767000
2 posts
π΄ CVE-2026-4365 - Critical (9.1)
The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function in all versions up to, and including, 4.3.2.8. The plugin exposes a `wp_rest` nonce in pub...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4365/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-4365 - Critical (9.1)
The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function in all versions up to, and including, 4.3.2.8. The plugin exposes a `wp_rest` nonce in pub...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4365/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-14T02:16:05.613000
2 posts
π CVE-2026-4352 - High (7.5)
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the `_cct_search` parameter being interpolated directly into...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4352/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4352 - High (7.5)
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the `_cct_search` parameter being interpolated directly into...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4352/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-14T00:31:19
2 posts
π΄ CVE-2026-22564 - Critical (9.8)
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.β¨
Affected Products:
UniFi Play PowerAmp (Version 1.0.35 and earlier)β¨
UniF...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22564/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-22564 - Critical (9.8)
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.β¨
Affected Products:
UniFi Play PowerAmp (Version 1.0.35 and earlier)β¨
UniF...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22564/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-14T00:31:12
2 posts
π CVE-2026-22566 - High (7.5)
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials.β¨
Affected Products:
UniFi Play PowerAmp (Version 1.0.35 and earlier)β¨
UniFi Play Audio Port ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22566/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-22566 - High (7.5)
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials.β¨
Affected Products:
UniFi Play PowerAmp (Version 1.0.35 and earlier)β¨
UniFi Play Audio Port ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22566/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-14T00:16:07.360000
2 posts
π CVE-2026-40164 - High (7.5)
jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table operations, which allowed an attacker to precomput...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40164/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-40164 - High (7.5)
jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table operations, which allowed an attacker to precomput...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40164/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-14T00:16:06.560000
4 posts
π΄ CVE-2026-27681 - Critical (9.9)
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27681/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π¨ CRITICAL: CVE-2026-27681 in SAP BPC & BW (CVSS 9.9). Authenticated users can inject SQL, risking data integrity & availability. No patch yet β restrict access & monitor DB activity. https://radar.offseq.com/threat/cve-2026-27681-cwe-89-improper-neutralization-of-s-a7704991 #OffSeq #SAP #Vuln #SQLi
##π΄ CVE-2026-27681 - Critical (9.9)
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27681/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π¨ CRITICAL: CVE-2026-27681 in SAP BPC & BW (CVSS 9.9). Authenticated users can inject SQL, risking data integrity & availability. No patch yet β restrict access & monitor DB activity. https://radar.offseq.com/threat/cve-2026-27681-cwe-89-improper-neutralization-of-s-a7704991 #OffSeq #SAP #Vuln #SQLi
##updated 2026-04-14T00:07:45
2 posts
π CVE-2026-33901 - High (7.5)
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when process...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33901/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33901 - High (7.5)
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when process...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33901/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-14T00:06:45
2 posts
π CVE-2026-33908 - High (7.5)
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyXMLTree()` function; however, this process is exe...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33908/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33908 - High (7.5)
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyXMLTree()` function; however, this process is exe...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33908/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T22:16:28.050000
4 posts
CVE-2026-22563: Ubiquiti UniFi Play PowerAmp (β€1.0.35) & Audio Port (β€1.0.24) have a critical command injection flaw (CVSS 9.8). Network access = full compromise. Update to 1.0.38+/1.1.9+ ASAP! π‘οΈ https://radar.offseq.com/threat/cve-2026-22563-cwe-20-improper-input-validation-in-4175b900 #OffSeq #CVE202622563 #infosec #patch
##π΄ CVE-2026-22563 - Critical (9.8)
A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network.
Affected Products:
UniFi Play PowerAmp (Version 1.0.35 and earlier)β¨
UniFi Play Audio Port (Ver...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22563/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-22563: Ubiquiti UniFi Play PowerAmp (β€1.0.35) & Audio Port (β€1.0.24) have a critical command injection flaw (CVSS 9.8). Network access = full compromise. Update to 1.0.38+/1.1.9+ ASAP! π‘οΈ https://radar.offseq.com/threat/cve-2026-22563-cwe-20-improper-input-validation-in-4175b900 #OffSeq #CVE202622563 #infosec #patch
##π΄ CVE-2026-22563 - Critical (9.8)
A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network.
Affected Products:
UniFi Play PowerAmp (Version 1.0.35 and earlier)β¨
UniFi Play Audio Port (Ver...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22563/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T22:16:27.870000
2 posts
π΄ CVE-2026-22562 - Critical (9.8)
A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE).
Affected Products:
UniFi Play Po...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22562/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-22562 - Critical (9.8)
A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE).
Affected Products:
UniFi Play Po...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22562/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T21:31:47
2 posts
π CVE-2026-30999 - High (7.5)
A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
π https://www.thehackerwire.com/vulnerability/CVE-2026-30999/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30999 - High (7.5)
A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
π https://www.thehackerwire.com/vulnerability/CVE-2026-30999/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T21:31:47
2 posts
π CVE-2026-30997 - High (7.5)
An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
π https://www.thehackerwire.com/vulnerability/CVE-2026-30997/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30997 - High (7.5)
An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
π https://www.thehackerwire.com/vulnerability/CVE-2026-30997/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T21:31:47
2 posts
π CVE-2025-66769 - High (7.5)
A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service (DoS) via a crafted XFA packet.
π https://www.thehackerwire.com/vulnerability/CVE-2025-66769/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2025-66769 - High (7.5)
A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service (DoS) via a crafted XFA packet.
π https://www.thehackerwire.com/vulnerability/CVE-2025-66769/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T21:30:51
2 posts
π΄ CVE-2026-40044 - Critical (9.8)
Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40044/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-40044 - Critical (9.8)
Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40044/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T21:30:51
2 posts
π CVE-2026-6198 - High (8.8)
A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6198/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-6198 - High (8.8)
A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6198/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T21:30:51
2 posts
π CVE-2026-6197 - High (8.8)
A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulation of the argument mit_ssid can lead to stack-based buffer overflow. The attack may be ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6197/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-6197 - High (8.8)
A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulation of the argument mit_ssid can lead to stack-based buffer overflow. The attack may be ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6197/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T21:23:27
23 posts
2 repos
The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the flaw could allow an attacker to run malicious code on affected installations.
##Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 thehackernews.com/2026/04/adob...
Adobe Patches Actively Exploit...
The U.S. initiated a naval blockade on all Iranian ports today, following failed peace talks, escalating tensions and causing oil prices to surge. The UK stated it would not support this action. In cybersecurity, Adobe released emergency patches for a critical, actively exploited zero-day in Acrobat and Reader (CVE-2026-34621). Additionally, a critical vulnerability in the Marimo open-source Python notebook platform (CVE-2026-39987) is now under active exploitation, allowing remote code execution. A U.S. DOT report also revealed significant cybersecurity gaps in 45 critical FAA air traffic systems.
##CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CVE-2012-1854 Visual Basic for Applications Insecure Library Loading
CVE-2020-9715 Adobe Acrobat Use-After-Free
CVE-2023-21529 Microsoft Exchange Deserialization of Untrusted
CVE-2023-36424 Microsoft Windows Out-of-Bounds Read
CVE-2025-60710 Microsoft Windows Link Following
CVE-2026-21643 Fortinet SQL Injection
CVE-2026-34621 Adobe Acrobat Reader Prototype
##π¨ [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854)
- Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Visual Basic for Applications (VBA)
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854
β οΈ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715)
- Name: Adobe Acrobat Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715
β οΈ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529)
- Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Exchange Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529
β οΈ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424)
- Name: Microsoft Windows Out-of-Bounds Read Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424
β οΈ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710)
- Name: Microsoft Windows Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710
β οΈ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643)
- Name: Fortinet SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643
β οΈ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621)
- Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621
##CISA has updated the KEV catalogue:
- CVE-2026-34621: Adobe Acrobat and Reader Prototype Pollution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34621
- CVE-2026-21643: Fortinet SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21643
- CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-9715
- CVE-2023-36424: Microsoft Windows Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-36424
- CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-21529
- CVE-2025-60710: Microsoft Windows Link Following Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-60710
- CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability https://www.cve.org/CVERecord?id=CVE-2012-1854 #CISA #Microsoft #Windows #Adobe #Fortinet #infosec #vulnerability
##CVE ID: CVE-2026-34621
Vendor: Adobe
Product: Acrobat and Reader
Date Added: 2026-04-13
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-34621
Adobe Emergency Patch Fixes Actively Exploited Acrobat Zero-Day (CVE-2026-34621)
Introduction Adobe has released an urgent security update addressing a high-risk vulnerability in Acrobat Reader and Acrobat products that has already been exploited in real-world attacks. The flaw, tracked as CVE-2026-34621, is particularly dangerous because it enables attackers to bypass sandbox protections and execute malicious code simply by convincing a user to open a crafted PDFβ¦
##Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in...
ποΈ [Bleepingcomputer] https://link.is.it/1HWevZ
##Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 thehackernews.com/2026/04/adob...
Adobe Patches Actively Exploit...
The U.S. initiated a naval blockade on all Iranian ports today, following failed peace talks, escalating tensions and causing oil prices to surge. The UK stated it would not support this action. In cybersecurity, Adobe released emergency patches for a critical, actively exploited zero-day in Acrobat and Reader (CVE-2026-34621). Additionally, a critical vulnerability in the Marimo open-source Python notebook platform (CVE-2026-39987) is now under active exploitation, allowing remote code execution. A U.S. DOT report also revealed significant cybersecurity gaps in 45 critical FAA air traffic systems.
##π¨ [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854)
- Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Visual Basic for Applications (VBA)
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854
β οΈ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715)
- Name: Adobe Acrobat Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715
β οΈ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529)
- Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Exchange Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529
β οΈ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424)
- Name: Microsoft Windows Out-of-Bounds Read Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424
β οΈ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710)
- Name: Microsoft Windows Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710
β οΈ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643)
- Name: Fortinet SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643
β οΈ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621)
- Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621
##CISA has updated the KEV catalogue:
- CVE-2026-34621: Adobe Acrobat and Reader Prototype Pollution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34621
- CVE-2026-21643: Fortinet SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21643
- CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-9715
- CVE-2023-36424: Microsoft Windows Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-36424
- CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-21529
- CVE-2025-60710: Microsoft Windows Link Following Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-60710
- CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability https://www.cve.org/CVERecord?id=CVE-2012-1854 #CISA #Microsoft #Windows #Adobe #Fortinet #infosec #vulnerability
##CVE ID: CVE-2026-34621
Vendor: Adobe
Product: Acrobat and Reader
Date Added: 2026-04-13
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-34621
Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in...
ποΈ [Bleepingcomputer] https://link.is.it/1HWevZ
##Recent global developments include a major cybersecurity breach, ongoing geopolitical tensions, and critical advancements in AI. A hacker leveraged AI platforms (Claude Code, GPT-4.1) to compromise nine Mexican government agencies, exfiltrating millions of records (Apr 12). Rockstar Games faces a ransom threat from ShinyHunters following a supply-chain cyberattack (Apr 12). Adobe also issued an emergency patch for a critical Acrobat Reader zero-day (CVE-2026-34621) actively exploited since December (Apr 12). Geopolitically, US-Iran talks in Pakistan to end their six-week conflict concluded without agreement, impacting oil markets and the Strait of Hormuz (Apr 12-13). In technology, Anthropic has withheld its new AI model, "Claude Mythos Preview," due to its advanced capability in discovering software vulnerabilities, deeming it too risky for public release (Apr 12).
##Le patch est dΓ©sormais dispo:
"*Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary code execution.
β―Adobe is aware of CVE-2026-34621 being exploited in the wild.*"
π
https://helpx.adobe.com/security/products/acrobat/apsb26-43.html
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
Adobe has issued emergency security updates addressing a severe Acrobat Reader flaw tracked as CVE-2026-34621, a high-impact Adobe vulnerability...
ποΈ [Thecyberexpress] https://link.is.it/pTL1zP
##Geopolitical: US-Iran peace talks failed, raising Strait of Hormuz blockade threat and soaring oil prices (April 12-13).
Tech: Japan allocates $4B for Rapidus to accelerate 2nm AI chip production by 2027 (April 12). Harvard unveils "Cascade" AI for faster quantum error correction (April 12).
Cybersecurity: Adobe issued emergency patch for actively exploited Acrobat zero-day (CVE-2026-34621) (April 12). Iran-linked groups persist in targeting US industrial control systems (April 11-12).
##Adobe Issues Emergency Patch for Actively Exploited Acrobat Reader Zero-Day
Adobe released emergency patches for CVE-2026-34621, a critical prototype pollution vulnerability in Acrobat and Reader that is being actively exploited to run arbitrary code via malicious PDF files.
**Update your Adobe Acrobat and Reader immediately because attackers are already using this flaw to take over computers through simple PDF files. If you cannot patch right away, use a browser-based PDF viewer as a temporary safety measure and disable Javascript in your Adobe Acrobat and Reader.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/adobe-issues-emergency-patch-for-actively-exploited-acrobat-reader-zero-day-r-s-c-8-v/gD2P6Ple2L
π΄ CVE-2026-34621 - Critical (9.6)
Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-34621/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π¨ CRITICAL: CVE-2026-34621 in Adobe Acrobat Reader (β€26.001.21367) enables arbitrary code execution via prototype pollution if a user opens a malicious file. No patch yet β exercise caution! https://radar.offseq.com/threat/cve-2026-34621-improperly-controlled-modification--1b9951d5 #OffSeq #Adobe #Security
##π¨ CRITICAL: CVE-2026-34621 in Adobe Acrobat Reader (β€26.001.21367) enables prototype pollution & arbitrary code execution via malicious files. No patch yet β avoid opening untrusted PDFs. Monitor advisories. https://radar.offseq.com/threat/cve-2026-34621-improperly-controlled-modification--1b9951d5 #OffSeq #Adobe #Vuln #Infosec
##updated 2026-04-13T20:46:42.373000
1 posts
π CVE-2026-35650 - High (7.5)
OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypass the shared host environment policy through inconsistent sanitization paths. Attackers can supply blocked or malformed overri...
π https://www.thehackerwire.com/vulnerability/CVE-2026-35650/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T20:43:10.547000
2 posts
π CVE-2026-35668 - High (7.7)
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit inc...
π https://www.thehackerwire.com/vulnerability/CVE-2026-35668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-35668 - High (7.7)
OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to read arbitrary files from other agents' workspaces via unnormalized mediaUrl or fileUrl parameter keys. Attackers can exploit inc...
π https://www.thehackerwire.com/vulnerability/CVE-2026-35668/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T20:39:05.993000
1 posts
π CVE-2026-35663 - High (8.8)
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unautho...
π https://www.thehackerwire.com/vulnerability/CVE-2026-35663/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T20:16:33.003000
2 posts
π CVE-2026-30998 - High (7.5)
An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file.
π https://www.thehackerwire.com/vulnerability/CVE-2026-30998/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-30998 - High (7.5)
An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file.
π https://www.thehackerwire.com/vulnerability/CVE-2026-30998/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T20:16:26.437000
2 posts
π CVE-2025-69624 - High (7.5)
Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, ap...
π https://www.thehackerwire.com/vulnerability/CVE-2025-69624/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2025-69624 - High (7.5)
Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, ap...
π https://www.thehackerwire.com/vulnerability/CVE-2025-69624/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T20:14:11.753000
1 posts
π CVE-2026-35641 - High (7.8)
OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install executi...
π https://www.thehackerwire.com/vulnerability/CVE-2026-35641/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T19:21:56
1 posts
6 repos
https://github.com/DEVSECURITYSPRO/CVE-2026-34197
https://github.com/0xBlackash/CVE-2026-34197
https://github.com/AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE
https://github.com/hg0434hongzh0/CVE-2026-34197
π CVE Published in last 7 days (2026-04-06 - 2026-04-13)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1590
Severity:
- Critical: 126
- High: 530
- Medium: 671
- Low: 50
- None: 213
Status:
- : 7
- Analyzed: 175
- Awaiting Analysis: 513
- Modified: 12
- Received: 645
- Rejected: 14
- Undergoing Analysis: 224
Top CNAs:
- GitHub, Inc.: 462
- VulDB: 202
- Patchstack: 175
- MITRE: 115
- Wordfence: 95
- VulnCheck: 92
- Chrome: 60
- Apache Software Foundation: 31
- Juniper Networks, Inc.: 27
- wolfSSL Inc.: 22
Top Affected Products:
- UNKNOWN: 1354
- Dlink Di-8003 Firmware: 27
- Openclaw: 27
- Churchcrm: 24
- Qualcomm Fastconnect 7800 Firmware: 16
- Qualcomm Wsa8840 Firmware: 16
- Qualcomm Wcd9385 Firmware: 16
- Qualcomm Fastconnect 6900 Firmware: 16
- Qualcomm Wsa8845h Firmware: 16
- Qualcomm Wcd9380 Firmware: 16
Top EPSS Score:
- CVE-2026-34197 - 5.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34197)
- CVE-2026-34885 - 5.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34885)
- CVE-2026-39365 - 3.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-39365)
- CVE-2026-5677 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5677)
- CVE-2026-5678 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5678)
- CVE-2026-5688 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5688)
- CVE-2026-5689 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5689)
- CVE-2026-5690 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5690)
- CVE-2026-5691 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5691)
- CVE-2026-5692 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5692)
updated 2026-04-13T19:16:58.240000
2 posts
π CVE-2026-6200 - High (8.8)
A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go causes stack-based buffer overflow. The attack can ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6200/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-6200 - High (8.8)
A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go causes stack-based buffer overflow. The attack can ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6200/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T19:16:58.033000
2 posts
π CVE-2026-6199 - High (8.8)
A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. Th...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6199/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-6199 - High (8.8)
A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. Th...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6199/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T19:16:51.960000
2 posts
π΄ CVE-2026-40042 - Critical (9.8)
Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40042/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-40042 - Critical (9.8)
Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40042/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T19:16:51.617000
2 posts
π CVE-2026-40040 - High (8.8)
Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files .php5 sc...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40040/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-40040 - High (8.8)
Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files .php5 sc...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40040/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T19:00:02.583000
9 posts
CISA Reports Active Exploitation of Four Microsoft Vulnerabilities, Including a 14-Year-Old Flaw
CISA flagged four actively exploited Microsoft vulnerabilities, spanning from 2012 to 2025 covering privilege escalation, remote code execution in Exchange Server, and insecure library loading, with at least one (CVE-2023-21529) tied to Storm-1175's Medusa ransomware campaigns. US Federal agencies must patch all four by April 27, 2026.
**Most of these flaws are old. So if you haven't patched your systems for over a year - let alone 14 years, it's high time to do it today. Because hackers don't care how old a vulnerability is. It's still usable. If you're still running Exchange Server 2013, 2016, or 2019 on-premises, prioritize patching or migrating those immediately.**
#cybersecurity #infosec #advisory #ransomware
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-four-microsoft-vulnerabilities-including-a-14-year-old-flaw-f-v-f-p-4/gD2P6Ple2L
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CVE-2012-1854 Visual Basic for Applications Insecure Library Loading
CVE-2020-9715 Adobe Acrobat Use-After-Free
CVE-2023-21529 Microsoft Exchange Deserialization of Untrusted
CVE-2023-36424 Microsoft Windows Out-of-Bounds Read
CVE-2025-60710 Microsoft Windows Link Following
CVE-2026-21643 Fortinet SQL Injection
CVE-2026-34621 Adobe Acrobat Reader Prototype
##π¨ [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854)
- Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Visual Basic for Applications (VBA)
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854
β οΈ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715)
- Name: Adobe Acrobat Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715
β οΈ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529)
- Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Exchange Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529
β οΈ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424)
- Name: Microsoft Windows Out-of-Bounds Read Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424
β οΈ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710)
- Name: Microsoft Windows Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710
β οΈ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643)
- Name: Fortinet SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643
β οΈ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621)
- Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621
##CISA has updated the KEV catalogue:
- CVE-2026-34621: Adobe Acrobat and Reader Prototype Pollution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34621
- CVE-2026-21643: Fortinet SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21643
- CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-9715
- CVE-2023-36424: Microsoft Windows Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-36424
- CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-21529
- CVE-2025-60710: Microsoft Windows Link Following Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-60710
- CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability https://www.cve.org/CVERecord?id=CVE-2012-1854 #CISA #Microsoft #Windows #Adobe #Fortinet #infosec #vulnerability
##CVE ID: CVE-2023-21529
Vendor: Microsoft
Product: Exchange Server
Date Added: 2026-04-13
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2023-21529
CISA Reports Active Exploitation of Four Microsoft Vulnerabilities, Including a 14-Year-Old Flaw
CISA flagged four actively exploited Microsoft vulnerabilities, spanning from 2012 to 2025 covering privilege escalation, remote code execution in Exchange Server, and insecure library loading, with at least one (CVE-2023-21529) tied to Storm-1175's Medusa ransomware campaigns. US Federal agencies must patch all four by April 27, 2026.
**Most of these flaws are old. So if you haven't patched your systems for over a year - let alone 14 years, it's high time to do it today. Because hackers don't care how old a vulnerability is. It's still usable. If you're still running Exchange Server 2013, 2016, or 2019 on-premises, prioritize patching or migrating those immediately.**
#cybersecurity #infosec #advisory #ransomware
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-four-microsoft-vulnerabilities-including-a-14-year-old-flaw-f-v-f-p-4/gD2P6Ple2L
π¨ [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854)
- Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Visual Basic for Applications (VBA)
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854
β οΈ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715)
- Name: Adobe Acrobat Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715
β οΈ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529)
- Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Exchange Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529
β οΈ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424)
- Name: Microsoft Windows Out-of-Bounds Read Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424
β οΈ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710)
- Name: Microsoft Windows Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710
β οΈ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643)
- Name: Fortinet SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643
β οΈ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621)
- Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621
##CISA has updated the KEV catalogue:
- CVE-2026-34621: Adobe Acrobat and Reader Prototype Pollution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34621
- CVE-2026-21643: Fortinet SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21643
- CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-9715
- CVE-2023-36424: Microsoft Windows Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-36424
- CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-21529
- CVE-2025-60710: Microsoft Windows Link Following Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-60710
- CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability https://www.cve.org/CVERecord?id=CVE-2012-1854 #CISA #Microsoft #Windows #Adobe #Fortinet #infosec #vulnerability
##CVE ID: CVE-2023-21529
Vendor: Microsoft
Product: Exchange Server
Date Added: 2026-04-13
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2023-21529
updated 2026-04-13T19:00:02.583000
7 posts
2 repos
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CVE-2012-1854 Visual Basic for Applications Insecure Library Loading
CVE-2020-9715 Adobe Acrobat Use-After-Free
CVE-2023-21529 Microsoft Exchange Deserialization of Untrusted
CVE-2023-36424 Microsoft Windows Out-of-Bounds Read
CVE-2025-60710 Microsoft Windows Link Following
CVE-2026-21643 Fortinet SQL Injection
CVE-2026-34621 Adobe Acrobat Reader Prototype
##π¨ [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854)
- Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Visual Basic for Applications (VBA)
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854
β οΈ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715)
- Name: Adobe Acrobat Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715
β οΈ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529)
- Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Exchange Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529
β οΈ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424)
- Name: Microsoft Windows Out-of-Bounds Read Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424
β οΈ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710)
- Name: Microsoft Windows Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710
β οΈ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643)
- Name: Fortinet SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643
β οΈ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621)
- Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621
##CISA has updated the KEV catalogue:
- CVE-2026-34621: Adobe Acrobat and Reader Prototype Pollution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34621
- CVE-2026-21643: Fortinet SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21643
- CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-9715
- CVE-2023-36424: Microsoft Windows Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-36424
- CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-21529
- CVE-2025-60710: Microsoft Windows Link Following Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-60710
- CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability https://www.cve.org/CVERecord?id=CVE-2012-1854 #CISA #Microsoft #Windows #Adobe #Fortinet #infosec #vulnerability
##CVE ID: CVE-2026-21643
Vendor: Fortinet
Product: FortiClient EMS
Date Added: 2026-04-13
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21643
π¨ [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854)
- Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Visual Basic for Applications (VBA)
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854
β οΈ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715)
- Name: Adobe Acrobat Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715
β οΈ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529)
- Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Exchange Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529
β οΈ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424)
- Name: Microsoft Windows Out-of-Bounds Read Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424
β οΈ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710)
- Name: Microsoft Windows Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710
β οΈ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643)
- Name: Fortinet SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643
β οΈ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621)
- Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621
##CISA has updated the KEV catalogue:
- CVE-2026-34621: Adobe Acrobat and Reader Prototype Pollution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34621
- CVE-2026-21643: Fortinet SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21643
- CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-9715
- CVE-2023-36424: Microsoft Windows Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-36424
- CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-21529
- CVE-2025-60710: Microsoft Windows Link Following Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-60710
- CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability https://www.cve.org/CVERecord?id=CVE-2012-1854 #CISA #Microsoft #Windows #Adobe #Fortinet #infosec #vulnerability
##CVE ID: CVE-2026-21643
Vendor: Fortinet
Product: FortiClient EMS
Date Added: 2026-04-13
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21643
updated 2026-04-13T18:31:39
7 posts
1 repos
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CVE-2012-1854 Visual Basic for Applications Insecure Library Loading
CVE-2020-9715 Adobe Acrobat Use-After-Free
CVE-2023-21529 Microsoft Exchange Deserialization of Untrusted
CVE-2023-36424 Microsoft Windows Out-of-Bounds Read
CVE-2025-60710 Microsoft Windows Link Following
CVE-2026-21643 Fortinet SQL Injection
CVE-2026-34621 Adobe Acrobat Reader Prototype
##π¨ [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854)
- Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Visual Basic for Applications (VBA)
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854
β οΈ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715)
- Name: Adobe Acrobat Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715
β οΈ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529)
- Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Exchange Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529
β οΈ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424)
- Name: Microsoft Windows Out-of-Bounds Read Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424
β οΈ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710)
- Name: Microsoft Windows Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710
β οΈ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643)
- Name: Fortinet SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643
β οΈ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621)
- Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621
##CISA has updated the KEV catalogue:
- CVE-2026-34621: Adobe Acrobat and Reader Prototype Pollution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34621
- CVE-2026-21643: Fortinet SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21643
- CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-9715
- CVE-2023-36424: Microsoft Windows Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-36424
- CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-21529
- CVE-2025-60710: Microsoft Windows Link Following Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-60710
- CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability https://www.cve.org/CVERecord?id=CVE-2012-1854 #CISA #Microsoft #Windows #Adobe #Fortinet #infosec #vulnerability
##CVE ID: CVE-2025-60710
Vendor: Microsoft
Product: Windows
Date Added: 2026-04-13
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-60710
π¨ [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854)
- Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Visual Basic for Applications (VBA)
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854
β οΈ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715)
- Name: Adobe Acrobat Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715
β οΈ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529)
- Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Exchange Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529
β οΈ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424)
- Name: Microsoft Windows Out-of-Bounds Read Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424
β οΈ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710)
- Name: Microsoft Windows Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710
β οΈ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643)
- Name: Fortinet SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643
β οΈ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621)
- Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621
##CISA has updated the KEV catalogue:
- CVE-2026-34621: Adobe Acrobat and Reader Prototype Pollution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34621
- CVE-2026-21643: Fortinet SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21643
- CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-9715
- CVE-2023-36424: Microsoft Windows Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-36424
- CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-21529
- CVE-2025-60710: Microsoft Windows Link Following Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-60710
- CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability https://www.cve.org/CVERecord?id=CVE-2012-1854 #CISA #Microsoft #Windows #Adobe #Fortinet #infosec #vulnerability
##CVE ID: CVE-2025-60710
Vendor: Microsoft
Product: Windows
Date Added: 2026-04-13
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-60710
updated 2026-04-13T18:30:49
2 posts
π CVE-2026-6196 - High (8.8)
A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be ca...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6196/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-6196 - High (8.8)
A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be ca...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6196/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T18:30:48
2 posts
π CVE-2026-6194 - High (8.8)
A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6194/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-6194 - High (8.8)
A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6194/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T18:30:48
2 posts
π CVE-2026-6186 - High (8.8)
A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack i...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6186/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-6186 - High (8.8)
A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack i...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6186/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T18:30:40
2 posts
π΄ CVE-2026-5085 - Critical (9.1)
Solstice::Session versions through 1440 for Perl generates session ids insecurely.
The _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand() function and the process id.
...
π https://www.thehackerwire.com/vulnerability/CVE-2026-5085/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-5085 - Critical (9.1)
Solstice::Session versions through 1440 for Perl generates session ids insecurely.
The _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand() function and the process id.
...
π https://www.thehackerwire.com/vulnerability/CVE-2026-5085/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T18:30:35
7 posts
1 repos
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CVE-2012-1854 Visual Basic for Applications Insecure Library Loading
CVE-2020-9715 Adobe Acrobat Use-After-Free
CVE-2023-21529 Microsoft Exchange Deserialization of Untrusted
CVE-2023-36424 Microsoft Windows Out-of-Bounds Read
CVE-2025-60710 Microsoft Windows Link Following
CVE-2026-21643 Fortinet SQL Injection
CVE-2026-34621 Adobe Acrobat Reader Prototype
##π¨ [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854)
- Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Visual Basic for Applications (VBA)
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854
β οΈ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715)
- Name: Adobe Acrobat Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715
β οΈ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529)
- Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Exchange Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529
β οΈ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424)
- Name: Microsoft Windows Out-of-Bounds Read Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424
β οΈ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710)
- Name: Microsoft Windows Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710
β οΈ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643)
- Name: Fortinet SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643
β οΈ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621)
- Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621
##CISA has updated the KEV catalogue:
- CVE-2026-34621: Adobe Acrobat and Reader Prototype Pollution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34621
- CVE-2026-21643: Fortinet SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21643
- CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-9715
- CVE-2023-36424: Microsoft Windows Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-36424
- CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-21529
- CVE-2025-60710: Microsoft Windows Link Following Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-60710
- CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability https://www.cve.org/CVERecord?id=CVE-2012-1854 #CISA #Microsoft #Windows #Adobe #Fortinet #infosec #vulnerability
##CVE ID: CVE-2023-36424
Vendor: Microsoft
Product: Windows
Date Added: 2026-04-13
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2023-36424
π¨ [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854)
- Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Visual Basic for Applications (VBA)
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854
β οΈ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715)
- Name: Adobe Acrobat Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715
β οΈ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529)
- Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Exchange Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529
β οΈ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424)
- Name: Microsoft Windows Out-of-Bounds Read Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424
β οΈ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710)
- Name: Microsoft Windows Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710
β οΈ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643)
- Name: Fortinet SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643
β οΈ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621)
- Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621
##CISA has updated the KEV catalogue:
- CVE-2026-34621: Adobe Acrobat and Reader Prototype Pollution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34621
- CVE-2026-21643: Fortinet SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21643
- CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-9715
- CVE-2023-36424: Microsoft Windows Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-36424
- CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-21529
- CVE-2025-60710: Microsoft Windows Link Following Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-60710
- CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability https://www.cve.org/CVERecord?id=CVE-2012-1854 #CISA #Microsoft #Windows #Adobe #Fortinet #infosec #vulnerability
##CVE ID: CVE-2023-36424
Vendor: Microsoft
Product: Windows
Date Added: 2026-04-13
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2023-36424
updated 2026-04-13T18:30:34
7 posts
2 repos
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CVE-2012-1854 Visual Basic for Applications Insecure Library Loading
CVE-2020-9715 Adobe Acrobat Use-After-Free
CVE-2023-21529 Microsoft Exchange Deserialization of Untrusted
CVE-2023-36424 Microsoft Windows Out-of-Bounds Read
CVE-2025-60710 Microsoft Windows Link Following
CVE-2026-21643 Fortinet SQL Injection
CVE-2026-34621 Adobe Acrobat Reader Prototype
##π¨ [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854)
- Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Visual Basic for Applications (VBA)
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854
β οΈ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715)
- Name: Adobe Acrobat Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715
β οΈ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529)
- Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Exchange Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529
β οΈ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424)
- Name: Microsoft Windows Out-of-Bounds Read Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424
β οΈ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710)
- Name: Microsoft Windows Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710
β οΈ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643)
- Name: Fortinet SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643
β οΈ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621)
- Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621
##CISA has updated the KEV catalogue:
- CVE-2026-34621: Adobe Acrobat and Reader Prototype Pollution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34621
- CVE-2026-21643: Fortinet SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21643
- CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-9715
- CVE-2023-36424: Microsoft Windows Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-36424
- CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-21529
- CVE-2025-60710: Microsoft Windows Link Following Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-60710
- CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability https://www.cve.org/CVERecord?id=CVE-2012-1854 #CISA #Microsoft #Windows #Adobe #Fortinet #infosec #vulnerability
##CVE ID: CVE-2020-9715
Vendor: Adobe
Product: Acrobat
Date Added: 2026-04-13
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-9715
π¨ [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854)
- Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Visual Basic for Applications (VBA)
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854
β οΈ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715)
- Name: Adobe Acrobat Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715
β οΈ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529)
- Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Exchange Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529
β οΈ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424)
- Name: Microsoft Windows Out-of-Bounds Read Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424
β οΈ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710)
- Name: Microsoft Windows Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710
β οΈ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643)
- Name: Fortinet SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643
β οΈ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621)
- Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621
##CISA has updated the KEV catalogue:
- CVE-2026-34621: Adobe Acrobat and Reader Prototype Pollution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34621
- CVE-2026-21643: Fortinet SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21643
- CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-9715
- CVE-2023-36424: Microsoft Windows Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-36424
- CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-21529
- CVE-2025-60710: Microsoft Windows Link Following Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-60710
- CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability https://www.cve.org/CVERecord?id=CVE-2012-1854 #CISA #Microsoft #Windows #Adobe #Fortinet #infosec #vulnerability
##CVE ID: CVE-2020-9715
Vendor: Adobe
Product: Acrobat
Date Added: 2026-04-13
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2020-9715
updated 2026-04-13T18:30:34
7 posts
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CVE-2012-1854 Visual Basic for Applications Insecure Library Loading
CVE-2020-9715 Adobe Acrobat Use-After-Free
CVE-2023-21529 Microsoft Exchange Deserialization of Untrusted
CVE-2023-36424 Microsoft Windows Out-of-Bounds Read
CVE-2025-60710 Microsoft Windows Link Following
CVE-2026-21643 Fortinet SQL Injection
CVE-2026-34621 Adobe Acrobat Reader Prototype
##π¨ [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854)
- Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Visual Basic for Applications (VBA)
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854
β οΈ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715)
- Name: Adobe Acrobat Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715
β οΈ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529)
- Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Exchange Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529
β οΈ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424)
- Name: Microsoft Windows Out-of-Bounds Read Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424
β οΈ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710)
- Name: Microsoft Windows Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710
β οΈ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643)
- Name: Fortinet SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643
β οΈ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621)
- Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621
##CISA has updated the KEV catalogue:
- CVE-2026-34621: Adobe Acrobat and Reader Prototype Pollution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34621
- CVE-2026-21643: Fortinet SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21643
- CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-9715
- CVE-2023-36424: Microsoft Windows Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-36424
- CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-21529
- CVE-2025-60710: Microsoft Windows Link Following Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-60710
- CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability https://www.cve.org/CVERecord?id=CVE-2012-1854 #CISA #Microsoft #Windows #Adobe #Fortinet #infosec #vulnerability
##CVE ID: CVE-2012-1854
Vendor: Microsoft
Product: Visual Basic for Applications (VBA)
Date Added: 2026-04-13
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2012-1854
π¨ [CISA-2026:0413] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0413)
CISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2012-1854 (https://secdb.nttzen.cloud/cve/detail/CVE-2012-1854)
- Name: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Visual Basic for Applications (VBA)
- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 ; https://nvd.nist.gov/vuln/detail/CVE-2012-1854
β οΈ CVE-2020-9715 (https://secdb.nttzen.cloud/cve/detail/CVE-2020-9715)
- Name: Adobe Acrobat Use-After-Free Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb20-48.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-9715
β οΈ CVE-2023-21529 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-21529)
- Name: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Exchange Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 ; https://nvd.nist.gov/vuln/detail/CVE-2023-21529
β οΈ CVE-2023-36424 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-36424)
- Name: Microsoft Windows Out-of-Bounds Read Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36424 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36424
β οΈ CVE-2025-60710 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-60710)
- Name: Microsoft Windows Link Following Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: Windows
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60710 ; https://nvd.nist.gov/vuln/detail/CVE-2025-60710
β οΈ CVE-2026-21643 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21643)
- Name: Fortinet SQL Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Fortinet
- Product: FortiClient EMS
- Notes: https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21643
β οΈ CVE-2026-34621 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34621)
- Name: Adobe Acrobat and Reader Prototype Pollution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Adobe
- Product: Acrobat and Reader
- Notes: https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-34621
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260413 #cisa20260413 #cve_2012_1854 #cve_2020_9715 #cve_2023_21529 #cve_2023_36424 #cve_2025_60710 #cve_2026_21643 #cve_2026_34621 #cve20121854 #cve20209715 #cve202321529 #cve202336424 #cve202560710 #cve202621643 #cve202634621
##CISA has updated the KEV catalogue:
- CVE-2026-34621: Adobe Acrobat and Reader Prototype Pollution Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-34621
- CVE-2026-21643: Fortinet SQL Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2026-21643
- CVE-2020-9715: Adobe Acrobat Use-After-Free Vulnerability https://www.cve.org/CVERecord?id=CVE-2020-9715
- CVE-2023-36424: Microsoft Windows Out-of-Bounds Read Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-36424
- CVE-2023-21529: Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability https://www.cve.org/CVERecord?id=CVE-2023-21529
- CVE-2025-60710: Microsoft Windows Link Following Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-60710
- CVE-2012-1854: Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability https://www.cve.org/CVERecord?id=CVE-2012-1854 #CISA #Microsoft #Windows #Adobe #Fortinet #infosec #vulnerability
##CVE ID: CVE-2012-1854
Vendor: Microsoft
Product: Visual Basic for Applications (VBA)
Date Added: 2026-04-13
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2012-1854
updated 2026-04-13T18:16:32.353000
2 posts
π΄ CVE-2026-6195 - Critical (9.8)
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass lea...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6195/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-6195 - Critical (9.8)
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass lea...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6195/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T18:16:29.420000
2 posts
π CVE-2026-32316 - High (8.2)
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a combined length exceeding 2^31 bytes c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32316/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-32316 - High (8.2)
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a combined length exceeding 2^31 bytes c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32316/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T18:16:28.760000
2 posts
π CVE-2026-28291 - High (8.1)
simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --uploa...
π https://www.thehackerwire.com/vulnerability/CVE-2026-28291/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-28291 - High (8.1)
simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --uploa...
π https://www.thehackerwire.com/vulnerability/CVE-2026-28291/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T17:16:28.600000
2 posts
π CVE-2026-33858 - High (8.8)
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.
Users ar...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33858/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33858 - High (8.8)
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.
Users ar...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33858/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T16:16:26.590000
1 posts
π CVE-2026-32252 - High (7.7)
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:team_id/template/generate/:project...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32252/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:32:45
3 posts
π CVE-2026-35337 - High (8.8)
Deserialization of Untrusted Data vulnerability in Apache Storm.
Versions Affected:
before 2.8.6.
Description:
When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using Object...
π https://www.thehackerwire.com/vulnerability/CVE-2026-35337/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-35337 - High (8.8)
Deserialization of Untrusted Data vulnerability in Apache Storm.
Versions Affected:
before 2.8.6.
Description:
When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using Object...
π https://www.thehackerwire.com/vulnerability/CVE-2026-35337/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CRITICAL: CVE-2026-35337 in Apache Storm Client (<2.8.6) allows authenticated users to achieve RCE via unsafe deserialization in Nimbus/Worker JVMs. Upgrade to 2.8.6 or restrict deserialization classes now! Details: https://radar.offseq.com/threat/cve-2026-35337-cwe-502-deserialization-of-untruste-675b4697 #OffSeq #ApacheStorm #Vuln
##updated 2026-04-13T15:31:50
2 posts
π CVE-2026-1462 - High (8.8)
A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of `.keras` models, even when `safe_mode=True`. This bypasses the security guara...
π https://www.thehackerwire.com/vulnerability/CVE-2026-1462/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-1462 - High (8.8)
A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of `.keras` models, even when `safe_mode=True`. This bypasses the security guara...
π https://www.thehackerwire.com/vulnerability/CVE-2026-1462/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:31:37
2 posts
π CVE-2026-40198 - High (7.5)
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass.
_pack_ipv6() does not check that uncompressed IPv6 addresses (without ::) have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40198/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-40198 - High (7.5)
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass.
_pack_ipv6() does not check that uncompressed IPv6 addresses (without ::) have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40198/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:47.353000
1 posts
π CVE-2026-34578 - High (8.2)
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldap_escape(). An unauthenticated attacker can injec...
π https://www.thehackerwire.com/vulnerability/CVE-2026-34578/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:47.353000
1 posts
π CVE-2026-33266 - High (7.5)
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings.
The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33266/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:47.353000
1 posts
π CVE-2026-39853 - High (7.8)
osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS#7 signature, the code ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-39853/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:47.353000
1 posts
π CVE-2026-39843 - High (7.7)
Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw is incomplete which could lead to the same full read Server-Side Request Forgery when a normal html page contains a link tag wi...
π https://www.thehackerwire.com/vulnerability/CVE-2026-39843/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:27.760000
1 posts
π CVE-2026-39974 - High (8.5)
n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node documentation, properties, and operations. Prior to 2.47.4, an authenticated Server-Side Request Forgery in n8n-mcp allows a caller ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-39974/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:27.760000
1 posts
π CVE-2026-1584 - High (7.5)
A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL po...
π https://www.thehackerwire.com/vulnerability/CVE-2026-1584/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:27.760000
1 posts
π CVE-2026-30478 - High (8.8)
A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable.
π https://www.thehackerwire.com/vulnerability/CVE-2026-30478/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:27.760000
1 posts
1 repos
π CVE-2026-39983 - High (8.6)
basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level path APIs such as cd(), remove(), rename(), uploadFrom(), downloadTo(), list(), a...
π https://www.thehackerwire.com/vulnerability/CVE-2026-39983/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:27.760000
1 posts
π CVE-2026-39981 - High (8.8)
AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can u...
π https://www.thehackerwire.com/vulnerability/CVE-2026-39981/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:27.760000
1 posts
π CVE-2026-40069 - High (7.5)
BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLE_SPEND_ATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINED_IN_STALE_BL...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40069/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:27.760000
1 posts
π΄ CVE-2025-13926 - Critical (9.8)
An attacker could use data obtained by sniffing the network traffic to
forge packets in order to make arbitrary requests to Contemporary
Controls BASC 20T.
π https://www.thehackerwire.com/vulnerability/CVE-2025-13926/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:27.760000
2 posts
π CVE-2026-29146 - High (7.5)
Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.1...
π https://www.thehackerwire.com/vulnerability/CVE-2026-29146/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-34486 - High (7.5)
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.
This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.
Users are recommended to upgrade t...
π https://www.thehackerwire.com/vulnerability/CVE-2026-34486/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:27.760000
1 posts
π CVE-2026-29129 - High (7.5)
Configured cipher preference order not preserved vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115.
Users are recommended to upgrade to vers...
π https://www.thehackerwire.com/vulnerability/CVE-2026-29129/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:27.760000
1 posts
π CVE-2026-24880 - High (7.5)
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9....
π https://www.thehackerwire.com/vulnerability/CVE-2026-24880/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:27.760000
1 posts
π CVE-2026-34486 - High (7.5)
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.
This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.
Users are recommended to upgrade t...
π https://www.thehackerwire.com/vulnerability/CVE-2026-34486/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
2 posts
3 repos
https://github.com/surri/audit-axios
"Critical Axios Vulnerability Allows Remote Code Execution"
At this point, people probably just point $AI_AGENT to a package.json file and let it rip instead of specific targets. Less actual work for hundreds of thousands more vulnerable hosts.
##π΄ CVE-2026-40175 - Critical (10)
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code E...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40175/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
1 posts
π΄ CVE-2026-1115 - Critical (9.6)
A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the `create_post` function within `backend/routers/social/__init__....
π https://www.thehackerwire.com/vulnerability/CVE-2026-1115/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
1 posts
π΄ CVE-2026-6028 - Critical (9.8)
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable leads to os comma...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6028/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
1 posts
π΄ CVE-2026-6027 - Critical (9.8)
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to o...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6027/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
1 posts
π΄ CVE-2026-6029 - Critical (9.8)
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6029/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
1 posts
π CVE-2026-22750 - High (7.5)
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead.
Note: The 4.2.x branch is no longer under ope...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22750/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
1 posts
π CVE-2026-39304 - High (7.5)
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ.
ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible fo...
π https://www.thehackerwire.com/vulnerability/CVE-2026-39304/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
2 posts
CVE-2026-33707: Chamilo LMS (CRITICAL) password reset flaw β reset tokens are sha1(email), no randomness or expiry. Attackers with an email can hijack accounts. Affected: <1.11.38, 2.0.0-alpha.1 β <2.0.0-RC.3. Patch now! https://radar.offseq.com/threat/cve-2026-33707-cwe-640-weak-password-recovery-mech-2af5871d #OffSeq #infosec #CVE #LMS
##π΄ CVE-2026-33707 - Critical (9.4)
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no rate limiting. An attacker who knows a user's em...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33707/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
1 posts
π¨ CRITICAL: CVE-2026-40157 in PraisonAI (<4.5.128) enables path traversal via malicious .praison bundles β risk: file overwrite & code execution. Patch to 4.5.128+ & avoid untrusted archives. Full details: https://radar.offseq.com/threat/cve-2026-40157-cwe-22-improper-limitation-of-a-pat-3d24639a #OffSeq #PraisonAI #infosec #vuln
##updated 2026-04-13T15:02:06.187000
1 posts
π CVE-2026-40217 - High (8.8)
LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.
π https://www.thehackerwire.com/vulnerability/CVE-2026-40217/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
1 posts
π CVE-2026-6067 - High (7.5)
A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to he...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6067/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
1 posts
π CVE-2026-35595 - High (8.3)
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/project_permissions.go:139-148 only requires CanWrite on the new parent project when changing parent_project_id. However, Vikunja's p...
π https://www.thehackerwire.com/vulnerability/CVE-2026-35595/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
2 posts
π CVE-2026-40158 - High (8.6)
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getattribute__ trampoline, allowing arbitrary code execution when running untrusted agent code. The _execute_code_direct f...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40158/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-40158 - High (8.6)
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getattribute__ trampoline, allowing arbitrary code execution when running untrusted agent code. The _execute_code_direct f...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40158/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
2 posts
Chamilo LMS CRITICAL vuln (CVE-2026-32892): OS Command Injection via move_to POST param in fileManage.lib.php. Auth'd teachers can run arbitrary commands as www-data. Patch: 1.11.38/2.0.0-RC.3. Details: https://radar.offseq.com/threat/cve-2026-32892-cwe-78-improper-neutralization-of-s-5b2019d4 #OffSeq #Chamilo #CVE202632892 #infosec
##π΄ CVE-2026-32892 - Critical (9.1)
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move() function in fileManage.lib.php passes user-controlled path values direct...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32892/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
1 posts
π CVE-2026-40200 - High (8.1)
An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i....
π https://www.thehackerwire.com/vulnerability/CVE-2026-40200/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
1 posts
π CVE-2026-31941 - High (7.7)
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall feature. The endpoint read_url_with_open_graph accepts a URL from the user via...
π https://www.thehackerwire.com/vulnerability/CVE-2026-31941/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
1 posts
π CVE-2026-31940 - High (7.5)
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading global bootstrap. This leads to session fixation....
π https://www.thehackerwire.com/vulnerability/CVE-2026-31940/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
1 posts
π CVE-2026-5483 - High (8.5)
A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could ena...
π https://www.thehackerwire.com/vulnerability/CVE-2026-5483/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
1 posts
π CVE-2026-33618 - High (8.8)
Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An attacker with admin access (obtainable via Advisor...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33618/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:02:06.187000
1 posts
π CVE-2026-33710 - High (7.5)
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + (user_id * 5) - rand(10000, 10000)). The rand(10000, 10000) call always returns exactly 10000 (min == max), making the for...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33710/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
3 posts
π New security advisory:
CVE-2026-1116 affects multiple systems.
β’ Impact: Significant security breach potential
β’ Risk: Unauthorized access or data exposure
β’ Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-1116-lollms-xss
π CVE-2026-1116 - High (8.2)
A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the `content`...
π https://www.thehackerwire.com/vulnerability/CVE-2026-1116/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π¨ HIGH severity XSS (CVE-2026-1116) in parisneo/lollms pre-2.2.0: Improper input sanitization in from_dict allows attackers to inject malicious scripts. Update ASAP! https://radar.offseq.com/threat/cve-2026-1116-cwe-79-improper-neutralization-of-in-c711f067 #OffSeq #XSS #Vuln #InfoSec
##updated 2026-04-13T15:01:43.663000
1 posts
π CVE-2026-3830 - High (8.6)
The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
π https://www.thehackerwire.com/vulnerability/CVE-2026-3830/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
1 posts
π CVE-2026-5936 - High (8.5)
An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpo...
π https://www.thehackerwire.com/vulnerability/CVE-2026-5936/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
1 posts
π CVE-2026-25208 - High (8.1)
Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
π https://www.thehackerwire.com/vulnerability/CVE-2026-25208/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
1 posts
π CVE-2026-25205 - High (8.1)
Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash
97e8115ab1110bc502b4b5e4a0c689a71520d335
.
π https://www.thehackerwire.com/vulnerability/CVE-2026-25205/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
2 posts
π CRITICAL: CVE-2026-6156 in Totolink A7100RU (7.4cu.2313_b20191024) enables unauthenticated OS command injection via setIpQosRules. No patch yet β restrict access & monitor updates. Exploit is public. Details: https://radar.offseq.com/threat/cve-2026-6156-os-command-injection-in-totolink-a71-061dc469 #OffSeq #IoTSecurity #Vuln
##π΄ CVE-2026-6156 - Critical (9.8)
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os comman...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6156/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
1 posts
π CVE-2026-40393 - High (8.1)
In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.
π https://www.thehackerwire.com/vulnerability/CVE-2026-40393/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
1 posts
π΄ CVE-2026-6131 - Critical (9.8)
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6131/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
1 posts
π CVE-2026-34853 - High (7.7)
Permission bypass vulnerability in the LBS module.
Impact: Successful exploitation of this vulnerability may affect availability.
π https://www.thehackerwire.com/vulnerability/CVE-2026-34853/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
1 posts
π CVE-2026-6133 - High (8.8)
A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be executed...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6133/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
1 posts
π CVE-2026-6135 - High (8.8)
A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6135/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
2 posts
π΄ CVE-2026-6140 - Critical (9.8)
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os comman...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6140/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π¨ CRITICAL: Totolink A7100RU 7.4cu.2313_b20191024 exposed to OS command injection via UploadFirmwareFile in /cgi-bin/cstecgi.cgi. Public exploit available β restrict access & monitor now. CVE-2026-6140 https://radar.offseq.com/threat/cve-2026-6140-os-command-injection-in-totolink-a71-8e1c7584 #OffSeq #Vulnerability #IoTSecurity
##updated 2026-04-13T15:01:43.663000
2 posts
Totolink A7100RU (7.4cu.2313_b20191024) hit by CRITICAL OS command injection (CVE-2026-6113) β remote, unauthenticated attackers could execute commands. No patch yet; restrict access & monitor for updates. https://radar.offseq.com/threat/cve-2026-6113-os-command-injection-in-totolink-a71-16ad03cb #OffSeq #Vulnerability #RouterSecurity
##π΄ CVE-2026-6113 - Critical (9.8)
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument t...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6113/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
1 posts
π CVE-2026-6121 - High (8.8)
A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack m...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
2 posts
π¨ CRITICAL: CVE-2026-6115 in Totolink A7100RU (7.4cu.2313_b20191024) allows unauth'd remote OS command injection via /cgi-bin/cstecgi.cgi. No patch yet. Restrict access & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-6115-os-command-injection-in-totolink-a71-2eb78416 #OffSeq #Vulnerability #Router #Infosec
##π΄ CVE-2026-6115 - Critical (9.8)
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. Th...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6115/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
1 posts
π CVE-2026-6120 - High (8.8)
A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page results in stack-based buffer overflow. The attack can...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6120/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
2 posts
Totolink A7100RU (fw 7.4cu.2313_b20191024) suffers CRITICAL OS command injection (CVE-2026-6116, CVSS 9.3). Remote, unauthenticated RCE is possible. No patch yet β disable remote access or isolate device! https://radar.offseq.com/threat/cve-2026-6116-os-command-injection-in-totolink-a71-15ee14e2 #OffSeq #Vulnerability #RouterSecurity
##π΄ CVE-2026-6116 - Critical (9.8)
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6116/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
2 posts
π΄ CVE-2026-6114 - Critical (9.8)
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in o...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6114/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Totolink A7100RU (7.4cu.2313_b20191024) faces a CRITICAL OS command injection (CVE-2026-6114, CVSS 9.3). Remote, unauthenticated code execution possible. No patch yet β disable remote mgmt & watch for updates. https://radar.offseq.com/threat/cve-2026-6114-os-command-injection-in-totolink-a71-384165a1 #OffSeq #CVE20266114 #Vuln #RouterSecurity
##updated 2026-04-13T15:01:43.663000
1 posts
π CVE-2026-6106: 1Panel-dev MaxKB v2.2.0/2.2.1 impacted by MEDIUM XSS via Public Chat Interface (Name arg). Patch to v2.8.0 to mitigate. No in-the-wild exploits yet. Full details: https://radar.offseq.com/threat/cve-2026-6106-cross-site-scripting-in-1panel-dev-m-cd592a06 #OffSeq #XSS #Vuln
##updated 2026-04-13T15:01:43.663000
1 posts
π© HIGH severity: CVE-2026-5144 impacts BuddyPress Groupblog β€1.9.3. Authenticated users (even Subscribers) can escalate to Admin on WordPress Multisite. No patch yet β disable or restrict plugin for now. https://radar.offseq.com/threat/cve-2026-5144-cwe-269-improper-privilege-managemen-f1535bf6 #OffSeq #WordPress #CVE20265144 #infosec
##updated 2026-04-13T15:01:43.663000
2 posts
π’ CVE-2026-5809 (HIGH): wpForo Forum β€3.0.2 lets authenticated users delete arbitrary files like wp-config.php, risking site availability. Restrict permissions & monitor edits until a fix. Details: https://radar.offseq.com/threat/cve-2026-5809-cwe-73-external-control-of-file-name-7d1ff4ec #OffSeq #WordPress #Vuln #WebSec
##π‘οΈ CVE-2026-5809: HIGH severity vuln in wpForo Forum plugin β€3.0.2 lets subscriber+ users delete arbitrary files (e.g., wp-config.php). No patch yet β restrict permissions & monitor topic edits for abuse. https://radar.offseq.com/threat/cve-2026-5809-cwe-73-external-control-of-file-name-7d1ff4ec #OffSeq #WordPress #Vuln #InfoSec
##updated 2026-04-13T15:01:43.663000
2 posts
β οΈ CVE-2026-4149: Sonos Era 300 (v17.5) has a CRITICAL remote code execution vulnerability via SMB, allowing kernel-level compromise without auth. No patch yet β restrict SMB access! https://radar.offseq.com/threat/cve-2026-4149-cwe-119-improper-restriction-of-oper-dcf90312 #OffSeq #Sonos #Infosec #RCE
##π΄ CVE-2026-4149 - Critical (10)
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4149/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
1 posts
π CVE-2026-4153 - High (7.8)
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4153/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
1 posts
π CVE-2026-4152 - High (7.8)
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerabilit...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4152/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T15:01:43.663000
1 posts
π CVE-2026-4151 - High (7.8)
GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4151/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T09:31:39
1 posts
π CVE-2026-6168 - High (8.8)
A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6168/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T06:30:37
2 posts
π CRITICAL: Totolink A7100RU (v7.4cu.2313_b20191024) suffers from unauthenticated OS command injection (CVE-2026-6154). Public exploit out, no patch yet. Isolate devices & check vendor updates. https://radar.offseq.com/threat/cve-2026-6154-os-command-injection-in-totolink-a71-87e9e42c #OffSeq #CVE20266154 #router #infosec
##π΄ CVE-2026-6154 - Critical (9.8)
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wizard results...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6154/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T06:30:37
2 posts
CRITICAL: CVE-2026-6155 in Totolink A7100RU (fw 7.4cu.2313) allows unauthenticated OS command injection via pppoeServiceName in CGI handler. No patch yet β restrict remote access & monitor activity. Details: https://radar.offseq.com/threat/cve-2026-6155-os-command-injection-in-totolink-a71-7391e9c3 #OffSeq #CVE20266155 #Infosec
##π΄ CVE-2026-6155 - Critical (9.8)
A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument pppoeServiceName can lead to os c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6155/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T06:30:37
1 posts
π CVE-2026-6157 - High (8.8)
A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6157/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T03:30:35
1 posts
π New security advisory:
CVE-2026-6152 affects multiple systems.
β’ Impact: Significant security breach potential
β’ Risk: Unauthorized access or data exposure
β’ Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-6152-vehicle-showroom-management-system-sqli-poc-available
updated 2026-04-13T03:30:29
2 posts
π΄ CVE-2026-6139 - Critical (9.8)
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command inje...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6139/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Totolink A7100RU (7.4cu.2313_b20191024) faces CRITICAL OS command injection (CVE-2026-6139, CVSS 9.3). Remote, unauthenticated exploit possible. No patch yet β isolate & monitor! https://radar.offseq.com/threat/cve-2026-6139-os-command-injection-in-totolink-a71-92890d24 #OffSeq #infosec #vuln #IoTSecurity
##updated 2026-04-13T00:30:34
2 posts
β οΈ CRITICAL: Totolink A7100RU (7.4cu.2313_b20191024) suffers from unauthenticated OS command injection (CVE-2026-6138, CVSS 9.3). No patch yet. Limit remote access & watch for vendor updates. https://radar.offseq.com/threat/cve-2026-6138-os-command-injection-in-totolink-a71-a4d695c6 #OffSeq #Vulnerability #Infosec #RouterSecurity
##π΄ CVE-2026-6138 - Critical (9.8)
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injectio...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6138/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T00:30:34
2 posts
π΄ CVE-2026-6132 - Critical (9.8)
A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command inj...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6132/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##β οΈ CRITICAL OS command injection (CVE-2026-6132) in Totolink A7100RU routers (7.4cu.2313_b20191024). Unauthenticated remote code execution possible. No patch yet β restrict access & monitor closely. Details: https://radar.offseq.com/threat/cve-2026-6132-os-command-injection-in-totolink-a71-401747c5 #OffSeq #CVE20266132 #IoTSecurity
##updated 2026-04-13T00:30:34
1 posts
π CVE-2026-6134 - High (8.8)
A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6134/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T00:30:34
1 posts
π CVE-2026-6137 - High (8.8)
A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument wanmode/PPPOEPassword results in stack-based buffer overflow. It is p...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6137/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-13T00:30:34
1 posts
π CVE-2026-6136 - High (8.8)
A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6136/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-12T09:31:45
1 posts
π CVE-2026-6124 - High (8.8)
A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of the argument page/menufacturer can lead to stack-...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6124/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-12T09:31:45
1 posts
π CVE-2026-6122 - High (8.8)
A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack m...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6122/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-12T09:31:44
1 posts
π CVE-2026-6123 - High (8.8)
A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys results in stack-based buffer overflow. Remote exploi...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6123/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-12T06:30:33
2 posts
π¨ CVE-2026-6112 (CRITICAL, CVSS 9.3): Totolink A7100RU (fw 7.4cu.2313_b20191024) is vulnerable to unauthenticated OS command injection via /cgi-bin/cstecgi.cgi. No patch yet β restrict access & monitor activity. https://radar.offseq.com/threat/cve-2026-6112-os-command-injection-in-totolink-a71-83c5f182 #OffSeq #Vuln #Infosec #CVE20266112
##π΄ CVE-2026-6112 - Critical (9.8)
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command inje...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-11T21:30:24
2 posts
π΄ CVE-2026-31845 - Critical (9.3)
A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects user-supplied input from the 'zd_echo' GET par...
π https://www.thehackerwire.com/vulnerability/CVE-2026-31845/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π¨ CRITICAL XSS in Rukovoditel CRM 3.6.4 (CVE-2026-31845): Pre-auth reflected XSS in the Zadarma API (/api/tel/zadarma.php) lets attackers inject JS via 'zd_echo'. Patch or restrict access! https://radar.offseq.com/threat/cve-2026-31845-cwe-79-improper-neutralization-of-i-5f1f2c55 #OffSeq #XSS #Rukovoditel #Infosec
##updated 2026-04-11T03:30:41
1 posts
π¨ HIGH risk: Optimole WordPress plugin (β€4.2.2) vulnerable to unauthenticated stored XSS via /wp-json/optimole/v1/optimizations. HMAC bypassed. Disable plugin until patch. CVE-2026-5217 https://radar.offseq.com/threat/cve-2026-5217-cwe-79-improper-neutralization-of-in-49825cdd #OffSeq #WordPress #XSS #infosec
##updated 2026-04-11T03:30:41
1 posts
π CVE-2026-4150 - High (7.8)
GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4150/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T22:07:26
1 posts
1 repos
π΄ CVE-2026-29145 - Critical (9.1)
CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1...
π https://www.thehackerwire.com/vulnerability/CVE-2026-29145/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T21:38:44
1 posts
π CVE-2026-34487 - High (7.5)
Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1...
π https://www.thehackerwire.com/vulnerability/CVE-2026-34487/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T21:38:24
1 posts
π CVE-2026-34483 - High (7.5)
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116.
Users are ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-34483/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T21:37:33
1 posts
CVE-2026-40189 (CRITICAL): patrickhener goshs <2.0.0-beta.4 has a missing auth bug β attackers can upload, delete, or remove auth files, exposing protected dirs. Upgrade to 2.0.0-beta.4 ASAP. https://radar.offseq.com/threat/cve-2026-40189-cwe-862-missing-authorization-in-pa-3a1ae9b4 #OffSeq #CVE202640189 #GoLang #infosec
##updated 2026-04-10T21:37:28
1 posts
π CVE-2026-40188 - High (7.7)
goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40188/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T21:35:58
1 posts
π CVE-2026-40046 - High (7.5)
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT.
The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 (and future ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40046/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T21:35:18
1 posts
π CVE-2026-34020 - High (7.5)
Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.
The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact
...
π https://www.thehackerwire.com/vulnerability/CVE-2026-34020/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T21:32:22
1 posts
π΄ CVE-2026-6057 - Critical (9.8)
FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.
π https://www.thehackerwire.com/vulnerability/CVE-2026-6057/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T21:00:18
1 posts
π΄ CVE-2026-5412 - Critical (9.9)
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privi...
π https://www.thehackerwire.com/vulnerability/CVE-2026-5412/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T19:38:05
2 posts
π CVE-2026-35643 - High (8.8)
OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-35643/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-35643 - High (8.8)
OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-35643/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T19:37:45
1 posts
π CVE-2026-35666 - High (8.8)
OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/bin/time wrappers. Attackers can bypass executable binding restrictions by using an unregistered time wrapper to reuse approval ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-35666/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T19:30:28
1 posts
π CVE-2026-40163 - High (8.2)
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.j...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40163/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T19:26:45
1 posts
π CVE-2026-40156 - High (7.8)
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.spec_from_file_...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40156/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T17:29:55
1 posts
π CVE-2026-35669 - High (8.8)
OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary b...
π https://www.thehackerwire.com/vulnerability/CVE-2026-35669/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T17:27:04
1 posts
π CVE-2026-35660 - High (8.1)
OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /r...
π https://www.thehackerwire.com/vulnerability/CVE-2026-35660/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T17:24:51
1 posts
π CVE-2026-35653 - High (8.1)
OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-35653/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T15:32:07
1 posts
π CVE-2025-5804 - High (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a before 1.0.4.
π https://www.thehackerwire.com/vulnerability/CVE-2025-5804/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T15:32:07
1 posts
π CVE-2025-58913 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro allows PHP Local File Inclusion.This issue affects VideoPro: from n/a through 2.3.8.1.
π https://www.thehackerwire.com/vulnerability/CVE-2025-58913/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T15:32:05
1 posts
π CVE-2026-33092 - High (7.8)
Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.
π https://www.thehackerwire.com/vulnerability/CVE-2026-33092/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T14:59:48
1 posts
π CVE-2026-40046 - High (7.5)
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT.
The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 (and future ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40046/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T09:31:20
1 posts
π΄ CVE-2026-6026 - Critical (9.8)
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument enab...
π https://www.thehackerwire.com/vulnerability/CVE-2026-6026/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-10T09:31:16
1 posts
π CVE-2026-28704 - High (7.8)
Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with the privilege of the user invoking EmoCheck.
π https://www.thehackerwire.com/vulnerability/CVE-2026-28704/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-09T21:31:36
1 posts
1 repos
π΄ CVE-2026-39912 - Critical (9.1)
V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. Unauthenticated attackers can POST to the loginWith...
π https://www.thehackerwire.com/vulnerability/CVE-2026-39912/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-09T21:31:36
1 posts
π CVE-2026-4436 - High (8.6)
A low-privileged remote attacker can send Modbus packets to manipulate
register values that are inputs to the odorant injection logic such that
too much or too little odorant is injected into a gas line.
π https://www.thehackerwire.com/vulnerability/CVE-2026-4436/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-09T20:28:11
1 posts
π CVE-2026-40070 - High (8.1)
BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. In ac...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40070/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-09T19:06:18
7 posts
3 repos
https://github.com/0xBlackash/CVE-2026-39987
The U.S. initiated a naval blockade on all Iranian ports today, following failed peace talks, escalating tensions and causing oil prices to surge. The UK stated it would not support this action. In cybersecurity, Adobe released emergency patches for a critical, actively exploited zero-day in Acrobat and Reader (CVE-2026-34621). Additionally, a critical vulnerability in the Marimo open-source Python notebook platform (CVE-2026-39987) is now under active exploitation, allowing remote code execution. A U.S. DOT report also revealed significant cybersecurity gaps in 45 critical FAA air traffic systems.
##CVE-2026-39987: Marimo RCE exploited in hours after disclosure https://securityaffairs.com/190623/hacking/cve-2026-39987-marimo-rce-exploited-in-hours-after-disclosure.html
##The U.S. initiated a naval blockade on all Iranian ports today, following failed peace talks, escalating tensions and causing oil prices to surge. The UK stated it would not support this action. In cybersecurity, Adobe released emergency patches for a critical, actively exploited zero-day in Acrobat and Reader (CVE-2026-34621). Additionally, a critical vulnerability in the Marimo open-source Python notebook platform (CVE-2026-39987) is now under active exploitation, allowing remote code execution. A U.S. DOT report also revealed significant cybersecurity gaps in 45 critical FAA air traffic systems.
##CVE-2026-39987: Marimo RCE exploited in hours after disclosure https://securityaffairs.com/190623/hacking/cve-2026-39987-marimo-rce-exploited-in-hours-after-disclosure.html
##Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure https://thehackernews.com/2026/04/marimo-rce-flaw-cve-2026-39987.html
##π¨ Pre-Auth RCE vuln tagged as CVE-2026-39987 (CVSS 9.3) seeing active exploitation in the wild as reported by Vulncheck and Bleeping Computer.
Passively scan infrastructure to find potentially vulnerable instances:
https://github.com/rxerium/rxerium-templates/blob/main/2026/CVE-2026-39987.yaml
An unauthenticated attacker can obtain a full interactive root shell on the server via a single WebSocket connection. No user interaction or authentication token is required, even when authentication is enabled on the marimo instance
https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc
Marimo Python Notebook RCE Exploited Hours After Disclosure
Marimo patched a critical RCE vulnerability (CVE-2026-39987) that was exploited within 10 hours of disclosure to steal cloud credentials and SSH keys. The flaw allows unauthenticated attackers to gain full interactive shell access via a WebSocket authentication bypass.
**If you're running Marimo notebooks, update to version 0.23.0 immediately and rotate any credentials (AWS keys, SSH keys, database passwords, API secrets) that were stored on or accessible from that system. If you can't update right away, block access to the /terminal/ws endpoint or put the notebook behind a reverse proxy with authentication and never expose notebook platforms directly to the internet.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/marimo-python-notebook-rce-exploited-hours-after-disclosure-5-z-x-w-k/gD2P6Ple2L
updated 2026-04-09T19:05:28
1 posts
π CVE-2026-39942 - High (8.5)
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id} endpoint accepts a user-controlled filename_disk parameter. By setting this value to match the storage path of another user's ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-39942/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-09T18:31:34
1 posts
π CVE-2026-39911 - High (8.8)
Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaSc...
π https://www.thehackerwire.com/vulnerability/CVE-2026-39911/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-09T18:31:34
1 posts
π CVE-2026-5329 - High (8.5)
Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that allows an authenticated remote attacker to write to arbitr...
π https://www.thehackerwire.com/vulnerability/CVE-2026-5329/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-04-08T21:26:13.410000
2 posts
So it's not something random attackers can exploit, but if someone compromises the backend, they could own every Linux system running the agent. It's a high-impact scenario that shows how security tools themselves can become attack vectors.
https://www.sentinelone.com/vulnerability-database/cve-2026-4837/
2/2
##Interesting vulnerability in Rapid7's Insight Agent for Linux. CVE-2026-4837 is an eval() injection that could theoretically allow remote code execution as root. The catch? An attacker would need highly privileged access to the Rapid7 backend platform to craft a malicious beacon response.
1/2
##updated 2026-04-07T22:16:29
1 posts
π CVE Published in last 7 days (2026-04-06 - 2026-04-13)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1590
Severity:
- Critical: 126
- High: 530
- Medium: 671
- Low: 50
- None: 213
Status:
- : 7
- Analyzed: 175
- Awaiting Analysis: 513
- Modified: 12
- Received: 645
- Rejected: 14
- Undergoing Analysis: 224
Top CNAs:
- GitHub, Inc.: 462
- VulDB: 202
- Patchstack: 175
- MITRE: 115
- Wordfence: 95
- VulnCheck: 92
- Chrome: 60
- Apache Software Foundation: 31
- Juniper Networks, Inc.: 27
- wolfSSL Inc.: 22
Top Affected Products:
- UNKNOWN: 1354
- Dlink Di-8003 Firmware: 27
- Openclaw: 27
- Churchcrm: 24
- Qualcomm Fastconnect 7800 Firmware: 16
- Qualcomm Wsa8840 Firmware: 16
- Qualcomm Wcd9385 Firmware: 16
- Qualcomm Fastconnect 6900 Firmware: 16
- Qualcomm Wsa8845h Firmware: 16
- Qualcomm Wcd9380 Firmware: 16
Top EPSS Score:
- CVE-2026-34197 - 5.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34197)
- CVE-2026-34885 - 5.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34885)
- CVE-2026-39365 - 3.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-39365)
- CVE-2026-5677 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5677)
- CVE-2026-5678 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5678)
- CVE-2026-5688 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5688)
- CVE-2026-5689 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5689)
- CVE-2026-5690 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5690)
- CVE-2026-5691 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5691)
- CVE-2026-5692 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5692)
updated 2026-04-07T18:16:47.223000
1 posts
π¨ EUVD-2026-22134
π Score: 7.0/10 (CVSS v3.1)
π¦ Product: CPython
π’ Vendor: Python Software Foundation
π
Updated: 2026-04-13
π Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for ...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-22134
##updated 2026-04-07T13:20:35.010000
1 posts
π CVE Published in last 7 days (2026-04-06 - 2026-04-13)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1590
Severity:
- Critical: 126
- High: 530
- Medium: 671
- Low: 50
- None: 213
Status:
- : 7
- Analyzed: 175
- Awaiting Analysis: 513
- Modified: 12
- Received: 645
- Rejected: 14
- Undergoing Analysis: 224
Top CNAs:
- GitHub, Inc.: 462
- VulDB: 202
- Patchstack: 175
- MITRE: 115
- Wordfence: 95
- VulnCheck: 92
- Chrome: 60
- Apache Software Foundation: 31
- Juniper Networks, Inc.: 27
- wolfSSL Inc.: 22
Top Affected Products:
- UNKNOWN: 1354
- Dlink Di-8003 Firmware: 27
- Openclaw: 27
- Churchcrm: 24
- Qualcomm Fastconnect 7800 Firmware: 16
- Qualcomm Wsa8840 Firmware: 16
- Qualcomm Wcd9385 Firmware: 16
- Qualcomm Fastconnect 6900 Firmware: 16
- Qualcomm Wsa8845h Firmware: 16
- Qualcomm Wcd9380 Firmware: 16
Top EPSS Score:
- CVE-2026-34197 - 5.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34197)
- CVE-2026-34885 - 5.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34885)
- CVE-2026-39365 - 3.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-39365)
- CVE-2026-5677 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5677)
- CVE-2026-5678 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5678)
- CVE-2026-5688 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5688)
- CVE-2026-5689 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5689)
- CVE-2026-5690 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5690)
- CVE-2026-5691 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5691)
- CVE-2026-5692 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5692)
updated 2026-04-07T13:20:11.643000
1 posts
1 repos
CVE-2026-22666: Dolibarr 23.0.0 dol_eval() whitelist bypass -> RCE (full write-up + PoC) https://jivasecurity.com/writeups/dolibarr-remote-code-execution-cve-2026-22666
##updated 2026-04-07T13:20:11.643000
1 posts
π CVE Published in last 7 days (2026-04-06 - 2026-04-13)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1590
Severity:
- Critical: 126
- High: 530
- Medium: 671
- Low: 50
- None: 213
Status:
- : 7
- Analyzed: 175
- Awaiting Analysis: 513
- Modified: 12
- Received: 645
- Rejected: 14
- Undergoing Analysis: 224
Top CNAs:
- GitHub, Inc.: 462
- VulDB: 202
- Patchstack: 175
- MITRE: 115
- Wordfence: 95
- VulnCheck: 92
- Chrome: 60
- Apache Software Foundation: 31
- Juniper Networks, Inc.: 27
- wolfSSL Inc.: 22
Top Affected Products:
- UNKNOWN: 1354
- Dlink Di-8003 Firmware: 27
- Openclaw: 27
- Churchcrm: 24
- Qualcomm Fastconnect 7800 Firmware: 16
- Qualcomm Wsa8840 Firmware: 16
- Qualcomm Wcd9385 Firmware: 16
- Qualcomm Fastconnect 6900 Firmware: 16
- Qualcomm Wsa8845h Firmware: 16
- Qualcomm Wcd9380 Firmware: 16
Top EPSS Score:
- CVE-2026-34197 - 5.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34197)
- CVE-2026-34885 - 5.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34885)
- CVE-2026-39365 - 3.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-39365)
- CVE-2026-5677 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5677)
- CVE-2026-5678 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5678)
- CVE-2026-5688 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5688)
- CVE-2026-5689 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5689)
- CVE-2026-5690 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5690)
- CVE-2026-5691 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5691)
- CVE-2026-5692 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5692)
updated 2026-04-07T13:20:11.643000
1 posts
π CVE Published in last 7 days (2026-04-06 - 2026-04-13)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1590
Severity:
- Critical: 126
- High: 530
- Medium: 671
- Low: 50
- None: 213
Status:
- : 7
- Analyzed: 175
- Awaiting Analysis: 513
- Modified: 12
- Received: 645
- Rejected: 14
- Undergoing Analysis: 224
Top CNAs:
- GitHub, Inc.: 462
- VulDB: 202
- Patchstack: 175
- MITRE: 115
- Wordfence: 95
- VulnCheck: 92
- Chrome: 60
- Apache Software Foundation: 31
- Juniper Networks, Inc.: 27
- wolfSSL Inc.: 22
Top Affected Products:
- UNKNOWN: 1354
- Dlink Di-8003 Firmware: 27
- Openclaw: 27
- Churchcrm: 24
- Qualcomm Fastconnect 7800 Firmware: 16
- Qualcomm Wsa8840 Firmware: 16
- Qualcomm Wcd9385 Firmware: 16
- Qualcomm Fastconnect 6900 Firmware: 16
- Qualcomm Wsa8845h Firmware: 16
- Qualcomm Wcd9380 Firmware: 16
Top EPSS Score:
- CVE-2026-34197 - 5.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34197)
- CVE-2026-34885 - 5.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34885)
- CVE-2026-39365 - 3.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-39365)
- CVE-2026-5677 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5677)
- CVE-2026-5678 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5678)
- CVE-2026-5688 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5688)
- CVE-2026-5689 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5689)
- CVE-2026-5690 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5690)
- CVE-2026-5691 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5691)
- CVE-2026-5692 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5692)
updated 2026-04-07T13:20:11.643000
1 posts
π CVE Published in last 7 days (2026-04-06 - 2026-04-13)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1590
Severity:
- Critical: 126
- High: 530
- Medium: 671
- Low: 50
- None: 213
Status:
- : 7
- Analyzed: 175
- Awaiting Analysis: 513
- Modified: 12
- Received: 645
- Rejected: 14
- Undergoing Analysis: 224
Top CNAs:
- GitHub, Inc.: 462
- VulDB: 202
- Patchstack: 175
- MITRE: 115
- Wordfence: 95
- VulnCheck: 92
- Chrome: 60
- Apache Software Foundation: 31
- Juniper Networks, Inc.: 27
- wolfSSL Inc.: 22
Top Affected Products:
- UNKNOWN: 1354
- Dlink Di-8003 Firmware: 27
- Openclaw: 27
- Churchcrm: 24
- Qualcomm Fastconnect 7800 Firmware: 16
- Qualcomm Wsa8840 Firmware: 16
- Qualcomm Wcd9385 Firmware: 16
- Qualcomm Fastconnect 6900 Firmware: 16
- Qualcomm Wsa8845h Firmware: 16
- Qualcomm Wcd9380 Firmware: 16
Top EPSS Score:
- CVE-2026-34197 - 5.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34197)
- CVE-2026-34885 - 5.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34885)
- CVE-2026-39365 - 3.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-39365)
- CVE-2026-5677 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5677)
- CVE-2026-5678 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5678)
- CVE-2026-5688 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5688)
- CVE-2026-5689 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5689)
- CVE-2026-5690 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5690)
- CVE-2026-5691 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5691)
- CVE-2026-5692 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5692)
updated 2026-04-07T00:30:28
1 posts
π CVE Published in last 7 days (2026-04-06 - 2026-04-13)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1590
Severity:
- Critical: 126
- High: 530
- Medium: 671
- Low: 50
- None: 213
Status:
- : 7
- Analyzed: 175
- Awaiting Analysis: 513
- Modified: 12
- Received: 645
- Rejected: 14
- Undergoing Analysis: 224
Top CNAs:
- GitHub, Inc.: 462
- VulDB: 202
- Patchstack: 175
- MITRE: 115
- Wordfence: 95
- VulnCheck: 92
- Chrome: 60
- Apache Software Foundation: 31
- Juniper Networks, Inc.: 27
- wolfSSL Inc.: 22
Top Affected Products:
- UNKNOWN: 1354
- Dlink Di-8003 Firmware: 27
- Openclaw: 27
- Churchcrm: 24
- Qualcomm Fastconnect 7800 Firmware: 16
- Qualcomm Wsa8840 Firmware: 16
- Qualcomm Wcd9385 Firmware: 16
- Qualcomm Fastconnect 6900 Firmware: 16
- Qualcomm Wsa8845h Firmware: 16
- Qualcomm Wcd9380 Firmware: 16
Top EPSS Score:
- CVE-2026-34197 - 5.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34197)
- CVE-2026-34885 - 5.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34885)
- CVE-2026-39365 - 3.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-39365)
- CVE-2026-5677 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5677)
- CVE-2026-5678 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5678)
- CVE-2026-5688 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5688)
- CVE-2026-5689 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5689)
- CVE-2026-5690 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5690)
- CVE-2026-5691 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5691)
- CVE-2026-5692 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5692)
updated 2026-04-07T00:30:28
1 posts
π CVE Published in last 7 days (2026-04-06 - 2026-04-13)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1590
Severity:
- Critical: 126
- High: 530
- Medium: 671
- Low: 50
- None: 213
Status:
- : 7
- Analyzed: 175
- Awaiting Analysis: 513
- Modified: 12
- Received: 645
- Rejected: 14
- Undergoing Analysis: 224
Top CNAs:
- GitHub, Inc.: 462
- VulDB: 202
- Patchstack: 175
- MITRE: 115
- Wordfence: 95
- VulnCheck: 92
- Chrome: 60
- Apache Software Foundation: 31
- Juniper Networks, Inc.: 27
- wolfSSL Inc.: 22
Top Affected Products:
- UNKNOWN: 1354
- Dlink Di-8003 Firmware: 27
- Openclaw: 27
- Churchcrm: 24
- Qualcomm Fastconnect 7800 Firmware: 16
- Qualcomm Wsa8840 Firmware: 16
- Qualcomm Wcd9385 Firmware: 16
- Qualcomm Fastconnect 6900 Firmware: 16
- Qualcomm Wsa8845h Firmware: 16
- Qualcomm Wcd9380 Firmware: 16
Top EPSS Score:
- CVE-2026-34197 - 5.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34197)
- CVE-2026-34885 - 5.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34885)
- CVE-2026-39365 - 3.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-39365)
- CVE-2026-5677 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5677)
- CVE-2026-5678 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5678)
- CVE-2026-5688 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5688)
- CVE-2026-5689 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5689)
- CVE-2026-5690 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5690)
- CVE-2026-5691 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5691)
- CVE-2026-5692 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5692)
updated 2026-04-07T00:30:28
1 posts
π CVE Published in last 7 days (2026-04-06 - 2026-04-13)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1590
Severity:
- Critical: 126
- High: 530
- Medium: 671
- Low: 50
- None: 213
Status:
- : 7
- Analyzed: 175
- Awaiting Analysis: 513
- Modified: 12
- Received: 645
- Rejected: 14
- Undergoing Analysis: 224
Top CNAs:
- GitHub, Inc.: 462
- VulDB: 202
- Patchstack: 175
- MITRE: 115
- Wordfence: 95
- VulnCheck: 92
- Chrome: 60
- Apache Software Foundation: 31
- Juniper Networks, Inc.: 27
- wolfSSL Inc.: 22
Top Affected Products:
- UNKNOWN: 1354
- Dlink Di-8003 Firmware: 27
- Openclaw: 27
- Churchcrm: 24
- Qualcomm Fastconnect 7800 Firmware: 16
- Qualcomm Wsa8840 Firmware: 16
- Qualcomm Wcd9385 Firmware: 16
- Qualcomm Fastconnect 6900 Firmware: 16
- Qualcomm Wsa8845h Firmware: 16
- Qualcomm Wcd9380 Firmware: 16
Top EPSS Score:
- CVE-2026-34197 - 5.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34197)
- CVE-2026-34885 - 5.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34885)
- CVE-2026-39365 - 3.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-39365)
- CVE-2026-5677 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5677)
- CVE-2026-5678 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5678)
- CVE-2026-5688 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5688)
- CVE-2026-5689 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5689)
- CVE-2026-5690 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5690)
- CVE-2026-5691 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5691)
- CVE-2026-5692 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5692)
updated 2026-04-06T21:31:41
1 posts
π CVE Published in last 7 days (2026-04-06 - 2026-04-13)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1590
Severity:
- Critical: 126
- High: 530
- Medium: 671
- Low: 50
- None: 213
Status:
- : 7
- Analyzed: 175
- Awaiting Analysis: 513
- Modified: 12
- Received: 645
- Rejected: 14
- Undergoing Analysis: 224
Top CNAs:
- GitHub, Inc.: 462
- VulDB: 202
- Patchstack: 175
- MITRE: 115
- Wordfence: 95
- VulnCheck: 92
- Chrome: 60
- Apache Software Foundation: 31
- Juniper Networks, Inc.: 27
- wolfSSL Inc.: 22
Top Affected Products:
- UNKNOWN: 1354
- Dlink Di-8003 Firmware: 27
- Openclaw: 27
- Churchcrm: 24
- Qualcomm Fastconnect 7800 Firmware: 16
- Qualcomm Wsa8840 Firmware: 16
- Qualcomm Wcd9385 Firmware: 16
- Qualcomm Fastconnect 6900 Firmware: 16
- Qualcomm Wsa8845h Firmware: 16
- Qualcomm Wcd9380 Firmware: 16
Top EPSS Score:
- CVE-2026-34197 - 5.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34197)
- CVE-2026-34885 - 5.14 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34885)
- CVE-2026-39365 - 3.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-39365)
- CVE-2026-5677 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5677)
- CVE-2026-5678 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5678)
- CVE-2026-5688 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5688)
- CVE-2026-5689 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5689)
- CVE-2026-5690 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5690)
- CVE-2026-5691 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5691)
- CVE-2026-5692 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5692)
updated 2026-04-03T16:10:52.680000
1 posts
#OT #Advisory VDE-2026-043
Helmholz: Multiple Vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual that could allow RCE, SQLi or information leakage.
#CVE CVE-2026-33615, CVE-2026-33616, CVE-2026-33614, CVE-2026-33613, CVE-2026-33617
https://certvde.com/en/advisories/vde-2026-043/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-043.json
##updated 2026-04-03T16:10:52.680000
1 posts
#OT #Advisory VDE-2026-043
Helmholz: Multiple Vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual that could allow RCE, SQLi or information leakage.
#CVE CVE-2026-33615, CVE-2026-33616, CVE-2026-33614, CVE-2026-33613, CVE-2026-33617
https://certvde.com/en/advisories/vde-2026-043/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-043.json
##updated 2026-04-03T16:10:52.680000
1 posts
#OT #Advisory VDE-2026-043
Helmholz: Multiple Vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual that could allow RCE, SQLi or information leakage.
#CVE CVE-2026-33615, CVE-2026-33616, CVE-2026-33614, CVE-2026-33613, CVE-2026-33617
https://certvde.com/en/advisories/vde-2026-043/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-043.json
##updated 2026-04-02T12:31:13
1 posts
#OT #Advisory VDE-2026-043
Helmholz: Multiple Vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual that could allow RCE, SQLi or information leakage.
#CVE CVE-2026-33615, CVE-2026-33616, CVE-2026-33614, CVE-2026-33613, CVE-2026-33617
https://certvde.com/en/advisories/vde-2026-043/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-043.json
##updated 2026-04-02T12:31:13
1 posts
#OT #Advisory VDE-2026-043
Helmholz: Multiple Vulnerabilities in myREX24V2/myREX24V2.virtual
Multiple vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual that could allow RCE, SQLi or information leakage.
#CVE CVE-2026-33615, CVE-2026-33616, CVE-2026-33614, CVE-2026-33613, CVE-2026-33617
https://certvde.com/en/advisories/vde-2026-043/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-043.json
##updated 2026-03-21T00:32:48
1 posts
1 repos
Attackers Actively Exploiting Critical Vulnerability in Kali Forms Plugin
A critical Remote Code Execution vulnerability (CVE-2026-3584, CVSS 9.8) in Kali Forms with 10,000+ active installations is under active attack. Over 312,200 exploit attempts blocked.
Update to version 2.4.10.
##updated 2026-02-13T17:41:02.987000
2 posts
9 repos
https://github.com/adibirzu/openclaw-security-monitor
https://github.com/EQSTLab/CVE-2026-25253
https://github.com/ZhaoymOvO/openclaw-1click-rce-env
https://github.com/msaleme/start-here
https://github.com/Joseph19820124/openclaw-vuln-report
https://github.com/al4n4n/CVE-2026-25253-research
https://github.com/Ckokoski/moatbot-security
https://github.com/FrigateCaptain/openclaw_vulnerabilities_and_solutions
----------------
π οΈ Tool
===================
Opening: openclaw-ops is an operational skill and script collection designed to manage local or self-hosted OpenClaw gateways. The package focuses on continuous monitoring, automated repair workflows, update/change detection, session-level analysis, and pre-installation security auditing of third-party skills. The bundle was tested against OpenClaw 2026.4.11 and documents a minimum supported baseline of v2026.2.12 due to prior critical fixes including CVE-2026-25253.
Key Features:
β’ Includes a dedicated skill /openclaw-ops to triage gateway configuration and runtime components: gateway, auth, exec approvals, cron jobs, channels, sessions, and installation state.
β’ Provides single-purpose scripts such as heal.sh (one-shot auto-fix), post-update.sh (post-update orchestrator), and watchdog.sh (periodic liveness restarter with escalation).
β’ Offers session tooling: session-monitor.sh for behavioral checks over JSONL session logs, session-search.sh for full-text search with structured, redacted output, and session-resume.sh to compact a session into a markdown resume with failure context.
β’ Supplies operational checks: check-update.sh for version-change detection and explainers, health-check.sh for declarative URL/process checks, and security-scan.sh to score configuration and credential exposure (0β100).
Technical Implementation:
β’ Scripts rely on standard runtime tools (Python3, curl, openssl, ripgrep) and read runtime metadata from ~/.openclaw/openclaw.json, with the option to override the gateway port via the OPENCLAW_GATEWAY_PORT environment variable.
β’ The post-update orchestrator sequences update detection, healing, workspace reconciliation (VPS-aware), security scan, and a sentinel trigger via a policy-guard state file (policy-guard.trigger).
β’ macOS-specific integration is provided for always-on supervision via a LaunchAgent installer wrapper (watchdog-install.sh), while non-macOS environments are expected to use scheduling alternatives.
Use Cases:
β’ Continuous operations for small self-hosted deployments invoking automated healing and watchdog restarts.
β’ Pre-installation vetting of third-party skills via skill-audit.sh to reduce risky dependencies.
β’ Incident summarization through daily-digest.sh and a shared incident-manager.sh helper for lifecycle flows.
Limitations:
β’ The watchdog installer is macOS-only; cross-platform uptime requires external schedulers.
β’ Several scripts depend on external binaries (e.g., rg, openssl, curl) and assume local file-system state in ~/.openclaw.
β’ No bundled remote orchestration; intended for local/self-hosted operators rather than managed SaaS.
πΉ tool #OpenClaw #security #ops #CVE-2026-25253
π Source: https://github.com/cathrynlavery/openclaw-ops
##----------------
π οΈ Tool
===================
Opening: openclaw-ops is an operational skill and script collection designed to manage local or self-hosted OpenClaw gateways. The package focuses on continuous monitoring, automated repair workflows, update/change detection, session-level analysis, and pre-installation security auditing of third-party skills. The bundle was tested against OpenClaw 2026.4.11 and documents a minimum supported baseline of v2026.2.12 due to prior critical fixes including CVE-2026-25253.
Key Features:
β’ Includes a dedicated skill /openclaw-ops to triage gateway configuration and runtime components: gateway, auth, exec approvals, cron jobs, channels, sessions, and installation state.
β’ Provides single-purpose scripts such as heal.sh (one-shot auto-fix), post-update.sh (post-update orchestrator), and watchdog.sh (periodic liveness restarter with escalation).
β’ Offers session tooling: session-monitor.sh for behavioral checks over JSONL session logs, session-search.sh for full-text search with structured, redacted output, and session-resume.sh to compact a session into a markdown resume with failure context.
β’ Supplies operational checks: check-update.sh for version-change detection and explainers, health-check.sh for declarative URL/process checks, and security-scan.sh to score configuration and credential exposure (0β100).
Technical Implementation:
β’ Scripts rely on standard runtime tools (Python3, curl, openssl, ripgrep) and read runtime metadata from ~/.openclaw/openclaw.json, with the option to override the gateway port via the OPENCLAW_GATEWAY_PORT environment variable.
β’ The post-update orchestrator sequences update detection, healing, workspace reconciliation (VPS-aware), security scan, and a sentinel trigger via a policy-guard state file (policy-guard.trigger).
β’ macOS-specific integration is provided for always-on supervision via a LaunchAgent installer wrapper (watchdog-install.sh), while non-macOS environments are expected to use scheduling alternatives.
Use Cases:
β’ Continuous operations for small self-hosted deployments invoking automated healing and watchdog restarts.
β’ Pre-installation vetting of third-party skills via skill-audit.sh to reduce risky dependencies.
β’ Incident summarization through daily-digest.sh and a shared incident-manager.sh helper for lifecycle flows.
Limitations:
β’ The watchdog installer is macOS-only; cross-platform uptime requires external schedulers.
β’ Several scripts depend on external binaries (e.g., rg, openssl, curl) and assume local file-system state in ~/.openclaw.
β’ No bundled remote orchestration; intended for local/self-hosted operators rather than managed SaaS.
πΉ tool #OpenClaw #security #ops #CVE-2026-25253
π Source: https://github.com/cathrynlavery/openclaw-ops
##updated 2025-11-04T23:15:33.920000
3 posts
Critical ShowDoc RCE Vulnerability Sparks Alarm as Active Exploits Surge Across Unpatched Servers
Introduction: A Silent Threat Resurfaces in Legacy Systems A dangerous remote code execution (RCE) vulnerability has re-emerged as a serious cybersecurity concern, exposing how outdated software can become a gateway for modern attacks. The flaw, identified as CVE-2025-0520, targets ShowDocβa widely used documentation toolβand has begun to surface in active exploitationβ¦
##ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
https://thehackernews.com/2026/04/showdoc-rce-flaw-cve-2025-0520-actively.html
Read on HackerWorkspace: https://hackerworkspace.com/article/showdoc-rce-flaw-cve-2025-0520-actively-exploited-on-unpatched-servers
##ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
https://thehackernews.com/2026/04/showdoc-rce-flaw-cve-2025-0520-actively.html
Read on HackerWorkspace: https://hackerworkspace.com/article/showdoc-rce-flaw-cve-2025-0520-actively-exploited-on-unpatched-servers
##updated 2025-11-03T20:19:11.153000
2 posts
1 repos
https://github.com/Betim-Hodza/CVE-2025-4802-Proof-of-Concept
We chose a vulnerability in glibc (CVE-2025-4802) to teach students registered in our binary exploitation training the importance of the libc, loader, dynamic linker, and the kernel in making the execution of a modern Linux binary possible.
Furthermore, it demonstrates how a small oversight in the static glibc code allowed arbitrary libraries to be loaded into privileged code. Do you know the crucial role of the auxiliary vector? Or the main differences between dynamically and statically compiled binaries?
Check out the blog post for a brief analysis of CVE-2025-4802.
##We chose a vulnerability in glibc (CVE-2025-4802) to teach students registered in our binary exploitation training the importance of the libc, loader, dynamic linker, and the kernel in making the execution of a modern Linux binary possible.
Furthermore, it demonstrates how a small oversight in the static glibc code allowed arbitrary libraries to be loaded into privileged code. Do you know the crucial role of the auxiliary vector? Or the main differences between dynamically and statically compiled binaries?
Check out the blog post for a brief analysis of CVE-2025-4802.
##updated 2025-10-29T14:34:22.990000
1 posts
1 repos
Microsoft Update causing Print Spooler Problems - CVE-2019-1367 | https://techygeekshome.info/cve-2019-1367/?fsp_sid=27678 | #Guide #Microsoft #News #security #Updates #Windows
https://techygeekshome.info/cve-2019-1367/?fsp_sid=27678
updated 2025-09-23T16:45:09.443000
2 posts
10 repos
https://github.com/secopssite/HTB
https://github.com/zimshk/CVE-2025-59528.yaml
https://github.com/jwsly12/CVE-2025-58434-59528-htb-ctf
https://github.com/kartik2005221/CVE-2025-58434-AND-59528-POC
https://github.com/TYehan/CVE-2025-58434-59528
https://github.com/AzureADTrent/CVE-2025-58434-59528
https://github.com/Kamigold/Flowise-RCE
https://github.com/honney336/CVE-2025-58434_CVE-2025-59528
βͺοΈ Critical Flowise vulnerability is actively exploited in attacks
π¨οΈ Researchers have recorded the first attempted attacks on the Flowise AI platform using the critical vulnerability CVE-2025-59528, which is an arbitrary JavaScript code injection issue. This bug received the maximum score of 10 on the CVSS scale and has beenβ¦
##βͺοΈ Critical Flowise vulnerability is actively exploited in attacks
π¨οΈ Researchers have recorded the first attempted attacks on the Flowise AI platform using the critical vulnerability CVE-2025-59528, which is an arbitrary JavaScript code injection issue. This bug received the maximum score of 10 on the CVSS scale and has beenβ¦
##updated 2025-09-16T12:49:16.060000
2 posts
#CamoLeak is a high-severity #vuln in #GitHub #Copilot Chat (CVE-2025-59145, CVSS 9.6) that gives attackers ability to silently steal source code, API keys & secrets from private repos w/o executing any malicious code. Good overview from @blackfogprivacy. https://api.cyfluencer.com/s/camoleak-how-github-copilot-became-an-exfiltration-channel-26669
###CamoLeak is a high-severity #vuln in #GitHub #Copilot Chat (CVE-2025-59145, CVSS 9.6) that gives attackers ability to silently steal source code, API keys & secrets from private repos w/o executing any malicious code. Good overview from @blackfogprivacy. https://api.cyfluencer.com/s/camoleak-how-github-copilot-became-an-exfiltration-channel-26669
##updated 2025-09-11T21:32:01
1 posts
3 repos
https://github.com/symeonp/Lenovo-CVE-2025-8061
CVE-2025-8061: From User-land to Ring 0 https://sibouzitoun.tech/labs/cve-2025-8061
##π¨ EUVD-2026-22162
π Score: 4.6/10 (CVSS v3.1)
π¦ Product: MaxKB
π’ Vendor: 1Panel-dev
π
Updated: 2026-04-14
π MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing...
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-22162
##π CVE-2026-32605 - High (7.5)
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32605/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-32605 - High (7.5)
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32605/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##nice typo in
[SECURITY] [DSA 6207-1] flatpak security update:
"delete arbitrary hosts on the host"
https://lists.debian.org/debian-security-announce/2026/msg00117.html
in https://security-tracker.debian.org/tracker/CVE-2026-34079 it's "files" btw.
##π΄ CVE-2026-39980 - Critical (9.1)
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary Jav...
π https://www.thehackerwire.com/vulnerability/CVE-2026-39980/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-34734 - High (7.8)
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmov...
π https://www.thehackerwire.com/vulnerability/CVE-2026-34734/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Chamilo LMS <1.11.38 is vulnerable (CVE-2026-33698, CVSS 9.3, CRITICAL): unauth attackers can execute PHP & modify files if main/install/ is accessible. Upgrade to 1.11.38 + restrict dir access. More: https://radar.offseq.com/threat/cve-2026-33698-cwe-552-files-or-directories-access-2b2046ff #OffSeq #Chamilo #Vuln #LMS
##π CVE-2026-33698: Chamilo LMS (<1.11.38) has a CRITICAL flaw β exposed install/ dir lets unauth attackers execute PHP & modify files. Upgrade to 1.11.38+ & restrict install/ directory access now! Details: https://radar.offseq.com/threat/cve-2026-33698-cwe-552-files-or-directories-access-2b2046ff #OffSeq #Chamilo #Vuln
##π CVE-2026-31939 - High (8.3)
Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $_REQUEST['test'] is concatenated directly into filesystem path without ca...
π https://www.thehackerwire.com/vulnerability/CVE-2026-31939/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-32931 - High (7.5)
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type hea...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32931/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-40168 - High (8.2)
Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate t...
π https://www.thehackerwire.com/vulnerability/CVE-2026-40168/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##