## Updated at UTC 2026-07-10T23:40:09.505218

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2026-57850 8.3 0.00% 2 0 2026-07-10T21:32:40 RustDesk before 1.4.9 does not enforce a session's authorized connection scope o
CVE-2026-61460 8.8 0.00% 2 0 2026-07-10T21:32:32 Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerabil
CVE-2026-61459 9.8 0.00% 2 0 2026-07-10T21:32:32 MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability
CVE-2026-5801 9.8 0.00% 2 0 2026-07-10T21:32:32 Improper neutralization of special elements used in an SQL command ('SQL injecti
CVE-2026-58499 8.2 0.00% 2 0 2026-07-10T21:17:00.197000 EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to p
CVE-2026-57807 9.8 0.00% 2 0 2026-07-10T21:16:59.947000 Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOr
CVE-2026-57220 7.5 0.00% 2 0 2026-07-10T21:16:59.180000 RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ strea
CVE-2026-55879 9.3 0.00% 2 0 2026-07-10T21:16:57.367000 OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the
CVE-2026-55659 7.7 0.00% 2 0 2026-07-10T21:16:56.577000 Grist is spreadsheet software using Python as its formula language. Prior to 1.7
CVE-2026-55213 7.5 0.00% 2 0 2026-07-10T21:16:55.497000 h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to com
CVE-2026-55789 8.5 0.00% 2 0 2026-07-10T20:16:47.933000 Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior
CVE-2026-12598 8.1 0.35% 1 0 2026-07-10T19:17:20.113000 The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass i
CVE-2026-54527 0 0.28% 1 0 2026-07-10T19:05:27.310000 JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, t
CVE-2026-60105 8.6 0.31% 1 0 2026-07-10T18:46:32.250000 Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in
CVE-2025-45422 8.1 0.22% 1 1 2026-07-10T18:33:14 Incorrect access control in Proximus b-box v8c.725A allows authenticated attacke
CVE-2026-56291 9.8 0.28% 7 0 2026-07-10T18:33:13 The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary
CVE-2026-0288 7.5 0.52% 2 0 2026-07-10T18:33:13 Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (T
CVE-2026-15143 9.3 0.00% 2 0 2026-07-10T18:32:26 A flaw was found in the file_type content detector of guardrails-detectors. This
CVE-2026-33382 7.5 0.00% 2 0 2026-07-10T18:32:26 Several Grafana API endpoints, some of them unauthenticated, do not limit the si
CVE-2026-48939 9.8 0.56% 6 2 2026-07-10T18:32:03 A vulnerability in the iCagenda extension for Joomla allows the upload of arbitr
CVE-2026-12685 7.5 0.14% 1 0 2026-07-10T17:56:00.910000 The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendo
CVE-2026-57026 7.5 0.46% 1 0 2026-07-10T17:49:57.737000 An Improper Validation of Syntactic Correctness of Input vulnerability in the SI
CVE-2026-57589 7.4 0.12% 9 0 2026-07-10T16:39:52.480000 sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local p
CVE-2026-59832 7.7 0.32% 1 0 2026-07-10T16:16:38.187000 SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, t
CVE-2026-54771 8.1 0.39% 1 0 2026-07-10T15:49:19.093000 Langroid is a framework for building large-language-model-powered applications.
CVE-2026-41880 0 1.33% 1 0 2026-07-10T15:46:07.777000 R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recogn
CVE-2026-56689 7.7 0.00% 1 0 2026-07-10T15:45:33.663000 Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutral
CVE-2026-14894 9.8 0.52% 2 0 2026-07-10T15:43:30.330000 The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to
CVE-2026-56688 9.1 0.00% 1 0 2026-07-10T12:31:56 Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutral
CVE-2026-15378 9.3 0.42% 3 0 2026-07-10T12:31:55 A flaw was found in the `guardrails-detectors` component. This vulnerability all
CVE-2026-54423 8.2 0.52% 1 0 2026-07-10T09:31:36 In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nod
CVE-2026-15300 9.1 0.35% 1 0 2026-07-10T06:31:33 The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'dist
CVE-2026-15070 8.8 0.26% 1 0 2026-07-10T06:31:28 The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cr
CVE-2026-46215 7.8 0.13% 1 1 2026-07-10T05:16:37.103000 In the Linux kernel, the following vulnerability has been resolved: drm: Set ol
CVE-2026-15112 8.8 0.26% 1 0 2026-07-10T05:16:28.503000 Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remot
CVE-2026-12597 8.1 0.42% 1 0 2026-07-10T00:31:34 The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass v
CVE-2026-58123 9.8 0.93% 2 0 2026-07-10T00:31:34 Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution v
CVE-2026-12595 8.1 0.35% 1 0 2026-07-10T00:31:34 The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass v
CVE-2026-57023 7.5 0.46% 1 0 2026-07-10T00:31:33 An Improper Validation of Specified Quantity in Input vulnerability in the TCP p
CVE-2026-58122 9.1 0.29% 2 0 2026-07-10T00:31:33 Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability tha
CVE-2026-58143 8.8 0.18% 1 0 2026-07-10T00:31:33 Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerabi
CVE-2026-58473 9.1 0.37% 1 0 2026-07-09T19:37:12.317000 Cognee before 1.2.0 contains an improper access control vulnerability that allow
CVE-2026-15130 4.3 0.17% 1 0 2026-07-09T17:49:42.217000 Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.78
CVE-2026-13698 7.5 0.55% 1 0 2026-07-09T15:32:20 A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and
CVE-2026-15128 6.1 0.14% 1 0 2026-07-09T12:31:30 Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 a
CVE-2026-15129 8.8 0.22% 1 0 2026-07-09T12:31:30 Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remot
CVE-2026-9253 7.2 0.20% 1 0 2026-07-09T12:30:35 The WP Cost Estimation & Payment Forms Builder (E&P Forms) plugin for WordPress
CVE-2026-14245 9.8 0.59% 1 0 2026-07-09T09:30:40 The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPres
CVE-2026-46242 7.8 0.12% 4 2 2026-07-09T01:19:06.807000 In the Linux kernel, the following vulnerability has been resolved: eventpoll:
CVE-2026-43499 7.8 0.12% 8 7 2026-07-09T00:32:11 In the Linux kernel, the following vulnerability has been resolved: rtmutex: Us
CVE-2026-47646 9.3 0.27% 1 0 2026-07-09T00:31:25 Improper neutralization of input during web page generation ('cross-site scripti
CVE-2026-6896 8.7 0.28% 2 0 2026-07-08T21:30:42 GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 be
CVE-2026-58525 8.2 0.36% 1 0 2026-07-08T21:30:37 Improper access control in Microsoft Edge (Chromium-based) allows an unauthorize
CVE-2026-53481 9.8 0.63% 1 0 2026-07-08T19:57:35.883000 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release ver
CVE-2026-33264 9.8 1.65% 1 0 2026-07-08T19:37:10.507000 A bug in `BaseSerialization.deserialize()` allowed unrestricted `import_string()
CVE-2026-11405 9.8 0.67% 6 1 2026-07-08T15:32:52 The web server binary /bin/httpd contains a hidden backdoor authentication mecha
CVE-2026-11903 8.0 0.30% 1 0 2026-07-08T15:32:13 Improper neutralization of input during web page generation ('cross-site scripti
CVE-2026-58480 9.8 0.60% 1 0 2026-07-08T15:28:15.630000 Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthentic
CVE-2026-55255 8.4 0.47% 7 1 2026-07-08T13:39:12.593000 Langflow is a tool for building and deploying AI-powered agents and workflows. P
CVE-2026-12378 8.1 0.39% 1 0 2026-07-08T12:31:28 The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin
CVE-2026-9695 9.8 0.33% 1 0 2026-07-08T09:31:48 An Improper Authentication vulnerability affecting DELMIA Apriso from Release 20
CVE-2026-60002 7.7 0.26% 1 0 2026-07-08T03:30:33 ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its h
CVE-2026-56843 9.9 0.34% 1 0 2026-07-08T03:30:33 Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 all
CVE-2026-59706 9.3 0.26% 1 0 2026-07-08T00:38:03 mem0 contains unauthenticated config API endpoints that expose LLM API keys in p
CVE-2026-56290 9.8 2.91% 8 3 2026-07-07T21:32:33 The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitra
CVE-2026-48282 10.0 28.58% 11 2 template 2026-07-07T21:32:33 ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limi
CVE-2026-48908 9.8 1.57% 4 9 2026-07-07T21:31:26 A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary
CVE-2026-54060 7.5 0.36% 1 0 2026-07-07T18:58:45.827000 Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.co
CVE-2026-12375 9.8 0.30% 1 0 2026-07-07T15:33:58 The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with m
CVE-2026-4375 9.0 0.25% 1 0 2026-07-07T15:33:58 The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin t
CVE-2026-34168 8.8 0.40% 1 0 2026-07-07T15:16:44.500000 Coolify is an open-source and self-hostable tool for managing servers, applicati
CVE-2026-42200 8.8 0.54% 1 0 2026-07-07T13:22:13.557000 Coolify is an open-source and self-hostable tool for managing servers, applicati
CVE-2026-33655 7.7 0.44% 1 0 2026-07-07T13:01:13 ## Summary The default SSRF protection configuration did not apply IP filtering
CVE-2026-14345 9.8 0.74% 1 0 2026-07-07T06:31:27 The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell
CVE-2026-55500 9.9 0.00% 1 0 2026-07-06T21:37:49 ## Summary The `/api/settings/database` endpoint allows full database export (c
CVE-2026-13753 7.5 0.27% 1 0 2026-07-06T21:30:38 A missing authorization vulnerability exists in the embedded webserver of HP Des
CVE-2026-53359 None 0.18% 6 5 2026-07-06T21:30:34 In the Linux kernel, the following vulnerability has been resolved: KVM: x86: F
CVE-2026-54769 10.0 0.91% 1 0 2026-07-06T20:42:02 ### Advisory Details **Title**: Sandbox Escape to Remote Code Execution via Inco
CVE-2026-13768 10.0 0.56% 1 1 2026-07-06T19:42:32.890000 Gardyn devices expose a privileged iothubowner key. Access to this key will allo
CVE-2026-14544 9.8 0.51% 1 0 2026-07-03T09:31:35 A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnera
CVE-2026-57517 9.8 0.59% 1 2 2026-07-02T20:17:04.450000 Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability
CVE-2026-50746 10.0 0.83% 3 1 2026-07-02T15:32:12 A malicious actor with access to the network could exploit an Improper Access Co
CVE-2026-43503 8.8 0.14% 1 9 2026-07-02T12:31:55 In the Linux kernel, the following vulnerability has been resolved: net: skbuff
CVE-2026-23537 9.1 0.57% 1 0 2026-07-02T12:16:57.127000 A vulnerability has been identified in the Feast Feature Server’s `/save-documen
CVE-2026-10539 9.0 0.24% 1 0 2026-07-01T19:59:44.537000 A Control-M/Server communication command does not sufficiently filter or sanitiz
CVE-2026-8451 7.5 0.50% 2 5 2026-07-01T18:31:24 Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to
CVE-2026-13602 None 0.24% 1 0 2026-07-01T15:35:27 We found a chain of combining multiple weaknesses in the product that could allo
CVE-2026-8037 9.6 29.64% 1 2 template 2026-07-01T05:16:25.290000 OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC
CVE-2026-41717 8.1 0.33% 1 0 2026-06-30T22:16:53.940000 Spring Data MongoDB contains a SpEL (Spring Expression Language) expression inje
CVE-2026-23111 7.8 0.34% 1 8 2026-06-30T03:36:36 In the Linux kernel, the following vulnerability has been resolved: netfilter:
CVE-2018-1273 9.8 95.65% 1 8 template 2026-06-26T18:44:14.703000 Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older
CVE-2026-53111 None 0.18% 1 0 2026-06-24T18:32:50 In the Linux kernel, the following vulnerability has been resolved: bpf: test_r
CVE-2026-39999 9.1 0.39% 1 0 2026-06-23T15:08:22.603000 Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker
CVE-2026-54782 10.0 0.25% 1 0 2026-06-19T20:47:13 ### Impact Full impersonation of any principal the trusted STS could have issued
CVE-2026-54003 None 0.55% 1 0 2026-06-18T15:04:58 ### TL;DR This vulnerability affects Kirby sites that have no configured user a
CVE-2026-20190 7.5 0.41% 1 0 2026-06-17T18:36:07 A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote
CVE-2026-20181 9.1 0.75% 1 0 2026-06-17T18:36:07 A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote at
CVE-2026-47291 9.8 21.51% 5 2 2026-06-17T10:54:28.290000 Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attack
CVE-2026-44825 8.1 0.53% 1 2 2026-06-17T10:51:23.870000 Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enab
CVE-2026-44597 3.7 0.45% 1 0 2026-06-17T10:51:07.977000 Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNC
CVE-2026-41849 7.5 0.26% 1 0 2026-06-17T10:47:06.763000 An integer overflow vulnerability exists in the evaluation logic of the Spring E
CVE-2026-27808 5.8 0.47% 1 0 2026-06-17T10:27:43.150000 Mailpit is an email testing tool and API for developers. Prior to version 1.29.2
CVE-2024-38808 4.3 0.54% 1 0 2026-06-17T07:41:05.140000 In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it i
CVE-2022-22950 6.5 35.83% 1 0 2026-06-17T04:29:13.760000 n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is
CVE-2026-50656 7.8 3.39% 3 2 2026-06-16T21:31:57 Microsoft is aware of an elevation of privilege in the Microsoft Malware Protect
CVE-2026-48611 9.8 2.86% 1 3 template 2026-06-12T06:33:21 Improper authentication checks in the OAuth implementation allow account hijacki
CVE-2026-48062 9.8 0.00% 1 0 2026-06-11T17:16:09 ### Impact The `ext_in` upload validation rule checked the MIME-derived guessed
CVE-2026-41729 8.1 0.39% 1 1 2026-06-10T00:31:59 Spring Data REST is vulnerable to SpEL expression injection through map-typed pr
CVE-2026-41719 6.4 0.20% 1 0 2026-06-10T00:31:59 A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized
CVE-2026-41852 3.7 0.16% 1 0 2026-06-09T06:32:07 A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for
CVE-2026-41850 7.5 0.36% 1 0 2026-06-09T06:32:06 Applications that evaluate user-supplied Spring Expression Language (SpEL) expre
CVE-2026-41851 5.3 0.36% 1 0 2026-06-09T06:32:06 Applications which accept user-supplied Spring Expression Language (SpEL) expres
CVE-2026-1207 None 9.44% 1 1 template 2026-06-05T16:24:43 An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4
CVE-2026-31694 7.8 0.13% 1 1 2026-06-01T18:32:31 In the Linux kernel, the following vulnerability has been resolved: fuse: rejec
CVE-2026-43456 7.8 0.16% 1 0 2026-05-20T18:32:38 In the Linux kernel, the following vulnerability has been resolved: bonding: fi
CVE-2026-42841 4.8 0.40% 1 0 2026-05-13T13:52:11 ### Summary An authenticated user with page editing permissions can inject an e
CVE-2026-33112 8.8 2.11% 1 0 2026-05-12T18:30:49 Deserialization of untrusted data in Microsoft Office SharePoint allows an autho
CVE-2026-38431 9.8 0.39% 1 0 2026-05-06T18:31:37 ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SS
CVE-2025-49113 9.9 89.46% 1 23 template 2026-02-20T21:48:11 Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execu
CVE-2025-41253 7.5 0.43% 1 0 2026-02-19T22:00:42 The following versions of Spring Cloud Gateway Server Webflux may be vulnerable
CVE-2025-3248 None 99.99% 3 27 template 2025-11-05T20:12:46 Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v
CVE-2022-22963 9.8 99.94% 1 38 template 2025-10-22T19:18:03 In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, w
CVE-2024-42009 9.3 83.39% 1 7 template 2025-10-22T00:34:11 A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x throug
CVE-2023-20861 6.5 0.97% 1 0 2025-02-25T18:40:06 In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.
CVE-2018-1260 9.8 8.35% 1 1 2024-05-14T17:55:42 Spring Security OAuth versions prior to 2.3.3, prior to 2.2.2, prior to 2.1.2, a
CVE-2016-4977 8.8 79.18% 1 2 template 2024-05-14T17:39:04 When processing authorization requests using the whitelabel views in Spring Secu
CVE-2024-30326 7.8 0.91% 1 0 2024-04-03T18:30:55 Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability.
CVE-2024-26582 7.8 0.25% 1 0 2024-03-15T15:30:43 In the Linux kernel, the following vulnerability has been resolved: net: tls: f
CVE-2022-22947 10.0 98.25% 1 69 template 2023-07-24T19:30:19 In Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ , applications are v
CVE-2017-8046 9.8 74.36% 1 10 template 2023-02-02T05:01:22 Malicious PATCH requests submitted to servers using Spring Data REST versions pr
CVE-2022-22980 9.0 16.90% 1 8 2023-01-27T05:05:05 A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Qu
CVE-2026-23530 0 0.44% 1 0 N/A
CVE-2026-55827 0 0.00% 2 0 N/A
CVE-2026-54149 0 0.00% 2 0 N/A
CVE-2026-12932 0 0.00% 1 0 N/A
CVE-2026-12996 0 0.00% 1 0 N/A
CVE-2026-13117 0 0.00% 1 0 N/A
CVE-2026-20896 0 0.78% 5 3 N/A
CVE-2026-55604 0 0.22% 1 0 N/A
CVE-2026-59834 0 0.38% 1 0 N/A
CVE-2026-54433 0 0.00% 1 0 N/A
CVE-2026-57155 0 0.00% 2 0 N/A
CVE-2026-59723 0 0.14% 1 0 N/A
CVE-2026-33697 0 0.06% 1 0 N/A
CVE-2026-54161 0 0.00% 1 1 N/A
CVE-2026-14380 0 0.49% 1 0 N/A
CVE-2026-54234 0 0.34% 1 0 N/A
CVE-2026-12943 0 0.00% 1 0 N/A
CVE-2026-34152 0 0.37% 1 0 N/A
CVE-2026-42143 0 0.43% 1 0 N/A
CVE-2026-34158 0 0.36% 1 0 N/A
CVE-2026-34048 0 0.40% 1 0 N/A
CVE-2026-34037 0 0.25% 1 0 N/A

CVE-2026-57850
(8.3 HIGH)

EPSS: 0.00%

updated 2026-07-10T21:32:40

2 posts

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type (FileTransfer, PortForward, ViewCamera, or Terminal) can send control messages and login options reserved for a full Remote session. An authenticated remote peer can exploit this missing scope check to act outside its granted scope, injecting out-of-scope cont

thehackerwire@mastodon.social at 2026-07-10T21:00:11.000Z ##

🟠 CVE-2026-57850 - High (8.3)

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type (FileTransfer, PortForward, ViewCamera, or Terminal) can send control messages and login options reserved f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-10T21:00:11.000Z ##

🟠 CVE-2026-57850 - High (8.3)

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type (FileTransfer, PortForward, ViewCamera, or Terminal) can send control messages and login options reserved f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61460
(8.8 HIGH)

EPSS: 0.00%

updated 2026-07-10T21:32:32

2 posts

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CRM records and reassign ownership by exploiting missing record-level ownership validation in edit, updat

thehackerwire@mastodon.social at 2026-07-10T20:00:29.000Z ##

🟠 CVE-2026-61460 - High (8.8)

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete rec...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-10T20:00:29.000Z ##

🟠 CVE-2026-61460 - High (8.8)

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete rec...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-61459
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-07-10T21:32:32

2 posts

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can inject the --server flag to redirect kubectl commands to an attacker-controlled API server, causi

thehackerwire@mastodon.social at 2026-07-10T20:00:19.000Z ##

🔴 CVE-2026-61459 - Critical (9.8)

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-10T20:00:19.000Z ##

🔴 CVE-2026-61459 - Critical (9.8)

MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_get, kubectl_describe, kubectl_delete) that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5801
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-07-10T21:32:32

2 posts

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026.

thehackerwire@mastodon.social at 2026-07-10T20:00:08.000Z ##

🔴 CVE-2026-5801 - Critical (9.8)

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection.

This issue affects SEM-PMP: t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-10T20:00:08.000Z ##

🔴 CVE-2026-5801 - Critical (9.8)

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection.

This issue affects SEM-PMP: t...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58499
(8.2 HIGH)

EPSS: 0.00%

updated 2026-07-10T21:17:00.197000

2 posts

EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message sender_id field was not validated as a path-safe identifier, unlike app_id and project_id. During user-memory extraction, sender_id is used as owner_id and joined into the filesystem path where the extracted episode is persisted as

thehackerwire@mastodon.social at 2026-07-10T22:00:04.000Z ##

🟠 CVE-2026-58499 - High (8.2)

EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message sender_id field was not validated as a path-safe identifier, unlike app_id and ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-10T22:00:04.000Z ##

🟠 CVE-2026-58499 - High (8.2)

EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint because the per-message sender_id field was not validated as a path-safe identifier, unlike app_id and ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-57807
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-07-10T21:16:59.947000

2 posts

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO (OAuth Client): from n/a through 38.5.8.

thehackerwire@mastodon.social at 2026-07-10T22:00:25.000Z ##

🔴 CVE-2026-57807 - Critical (9.8)

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation.

This issue affects OAuth Single Sign On - SSO (OAuth ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-10T22:00:25.000Z ##

🔴 CVE-2026-57807 - Critical (9.8)

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation.

This issue affects OAuth Single Sign On - SSO (OAuth ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-57220
(7.5 HIGH)

EPSS: 0.00%

updated 2026-07-10T21:16:59.180000

2 posts

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame lengths and consume broker memory in rabbit_stream_core. This issue is fixed in version 4.2.6.

thehackerwire@mastodon.social at 2026-07-10T22:00:14.000Z ##

🟠 CVE-2026-57220 - High (7.5)

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-10T22:00:14.000Z ##

🟠 CVE-2026-57220 - High (7.5)

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55879
(9.3 CRITICAL)

EPSS: 0.00%

updated 2026-07-10T21:16:57.367000

2 posts

OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any visitor using a public project key, stores them in ClickHouse without output encoding, and later renders them in the authenticated dashboard through TextEllipsis and the event-details modal, allowing an unauthenticated attacker to store

thehackerwire@mastodon.social at 2026-07-10T22:01:03.000Z ##

🔴 CVE-2026-55879 - Critical (9.3)

OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any visitor using a public project key, stores them in ClickHouse without output encodi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-10T22:01:03.000Z ##

🔴 CVE-2026-55879 - Critical (9.3)

OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any visitor using a public project key, stores them in ClickHouse without output encodi...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55659
(7.7 HIGH)

EPSS: 0.00%

updated 2026-07-10T21:16:56.577000

2 posts

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's name or description, set by a document editor, is rendered into the page that other users load when openin

thehackerwire@mastodon.social at 2026-07-10T22:01:13.000Z ##

🟠 CVE-2026-55659 - High (7.7)

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-10T22:01:13.000Z ##

🟠 CVE-2026-55659 - High (7.7)

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripti...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55213
(7.5 HIGH)

EPSS: 0.00%

updated 2026-07-10T21:16:55.497000

2 posts

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling alloca, which exceeds the default pthread stack size used by musl libc and causes the h2o server to crash w

thehackerwire@mastodon.social at 2026-07-10T22:01:23.000Z ##

🟠 CVE-2026-55213 - High (7.5)

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-10T22:01:23.000Z ##

🟠 CVE-2026-55213 - High (7.5)

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55789
(8.5 HIGH)

EPSS: 0.00%

updated 2026-07-10T20:16:47.933000

2 posts

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as name, email, and custom attribute-mapping values into element-text placeholders of a SAML XML template using samlify 2.10.0, which left those placeholders u

thehackerwire@mastodon.social at 2026-07-10T21:00:24.000Z ##

🟠 CVE-2026-55789 - High (8.5)

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as nam...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-10T21:00:24.000Z ##

🟠 CVE-2026-55789 - High (8.5)

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as nam...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-12598
(8.1 HIGH)

EPSS: 0.35%

updated 2026-07-10T19:17:20.113000

1 posts

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpress_on_spotify_login() function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it directly with get_user_by('email', $profile['email']) to identify and log in an existing WordPress a

thehackerwire@mastodon.social at 2026-07-10T01:59:58.000Z ##

🟠 CVE-2026-12598 - High (8.1)

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpress_on_spotify_login() function trusting the unverified 'email' fiel...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54527
(0 None)

EPSS: 0.28%

updated 2026-07-10T19:05:27.310000

1 posts

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader() method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff in the Git History tab. This issue is fixed in version 0.54.0.

offseq@infosec.exchange at 2026-07-09T03:00:28.000Z ##

CVE-2026-54527: CRITICAL XSS in jupyterlab-git (<0.54.0). Malicious Git filenames can execute JavaScript when viewed in the Git History tab — risking session hijack & data theft. Upgrade to 0.54.0+ ASAP. radar.offseq.com/threat/cve-20 #OffSeq #XSS #jupyterlab #security

##

CVE-2026-60105
(8.6 HIGH)

EPSS: 0.31%

updated 2026-07-10T18:46:32.250000

1 posts

Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP() function, which fails to detect embedded IPv4 addresses within IPv4-mapped IPv6 addresses. An unauthenticated attacker can obtain a CSRF token from the public getSystemVars endpoint and submit a fetchRemoteFile request with a so

thehackerwire@mastodon.social at 2026-07-08T22:00:53.000Z ##

🟠 CVE-2026-60105 - High (8.6)

Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP() function, which fails to detect embedded IPv4 addresses within IPv4-mapped ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-45422
(8.1 HIGH)

EPSS: 0.22%

updated 2026-07-10T18:33:14

1 posts

Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules.

1 repos

https://github.com/Cedrico03/CVE-2025-45422---Bbox

obivan@infosec.exchange at 2026-07-10T13:32:39.000Z ##

CVE-2025-45422: Proximus b-box UPnP Persistence & Access Control Bypass github.com/Cedrico03/CVE-2025-

##

CVE-2026-56291
(9.8 CRITICAL)

EPSS: 0.28%

updated 2026-07-10T18:33:13

7 posts

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

secdb at 2026-07-10T19:00:12.219Z ##

🚨 [CISA-2026:0710] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-48939 (secdb.nttzen.cloud/cve/detail/)
- Name: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: iCagenda
- Product: iCagenda
- Notes: icagenda.com/#download ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-56291 (secdb.nttzen.cloud/cve/detail/)
- Name: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Balbooa
- Product: Forms
- Notes: balbooa.com/joomla-forms ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

##

cisakevtracker@mastodon.social at 2026-07-10T18:00:48.000Z ##

CVE ID: CVE-2026-56291
Vendor: Balbooa
Product: Forms
Date Added: 2026-07-10
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL at 2026-07-10T17:21:04.075Z ##

CISA has added two vulnerabilities to the KEV catalogue.

- CVE-2026-48939: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-56291: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026-

##

secdb@infosec.exchange at 2026-07-10T19:00:12.000Z ##

🚨 [CISA-2026:0710] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-48939 (secdb.nttzen.cloud/cve/detail/)
- Name: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: iCagenda
- Product: iCagenda
- Notes: icagenda.com/#download ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-56291 (secdb.nttzen.cloud/cve/detail/)
- Name: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Balbooa
- Product: Forms
- Notes: balbooa.com/joomla-forms ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260710 #cisa20260710 #cve_2026_48939 #cve_2026_56291 #cve202648939 #cve202656291

##

cisakevtracker@mastodon.social at 2026-07-10T18:00:48.000Z ##

CVE ID: CVE-2026-56291
Vendor: Balbooa
Product: Forms
Date Added: 2026-07-10
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2026-07-10T17:21:04.000Z ##

CISA has added two vulnerabilities to the KEV catalogue.

- CVE-2026-48939: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-56291: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026- #CISA #infosec #vulnerability

##

offseq@infosec.exchange at 2026-07-09T12:00:29.000Z ##

CVE-2026-56291 | CRITICAL: Balbooa Forms for Joomla (v1.0 – 2.4.0) allows unauthenticated RCE via arbitrary file upload (CWE-434). No patch yet. Disable or restrict access until fixed. radar.offseq.com/threat/cve-20 #OffSeq #Joomla #RCE #Vuln

##

CVE-2026-0288
(7.5 HIGH)

EPSS: 0.52%

updated 2026-07-10T18:33:13

2 posts

Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic. The security risk posed by this issue is minimized when the User-ID Terminal Server

DailyCyberSecurity@infosec.exchange at 2026-07-09T02:00:28.000Z ##

A PAN-OS buffer overflow, CVE-2026-0288, enables arbitrary code execution on Palo Alto firewalls. Patch now.

#PANOS #PaloAltoNetworks #BufferOverflow #ArbitraryCodeExecution #CVE #FirewallSecurity #PatchNow #InfoSec

securityonline.info/pan-os-cve

##

AAKL@infosec.exchange at 2026-07-08T16:15:21.000Z ##

Broadcom has a long list of advisories today, addressing at least two critical vulnerabilities support.broadcom.com/web/ecx/s

Palo Alto:

CRITICAL: CVE-2026-0288 PAN-OS: Buffer Overflow Vulnerabilities in User-ID Terminal Server Agent security.paloaltonetworks.com/

Dell: Security Update for Dell Networking Products for Multiple Vulnerabilities dell.com/support/kbdoc/en-us/0 #Broascom #infosec #vulnerability #Dell #Intel

##

CVE-2026-15143
(9.3 CRITICAL)

EPSS: 0.00%

updated 2026-07-10T18:32:26

2 posts

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file reads, potentially resulting in sensitive information disclosure, such as cloud provider credentials or

nyanbinary at 2026-07-10T18:45:37.059Z ##

access.redhat.com/security/cve

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions.

:neobot_giggle:

##

nyanbinary@infosec.exchange at 2026-07-10T18:45:37.000Z ##

access.redhat.com/security/cve

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed without proper restrictions.

:neobot_giggle:

##

CVE-2026-33382
(7.5 HIGH)

EPSS: 0.00%

updated 2026-07-10T18:32:26

2 posts

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service.

thehackerwire@mastodon.social at 2026-07-10T17:00:31.000Z ##

🟠 CVE-2026-33382 - High (7.5)

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-10T17:00:31.000Z ##

🟠 CVE-2026-33382 - High (7.5)

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-48939
(9.8 CRITICAL)

EPSS: 0.56%

updated 2026-07-10T18:32:03

6 posts

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.

2 repos

https://github.com/Polosss/By-Poloss..-..CVE-2026-48939

https://github.com/shinthink/CVE-2026-48939

secdb at 2026-07-10T19:00:12.219Z ##

🚨 [CISA-2026:0710] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-48939 (secdb.nttzen.cloud/cve/detail/)
- Name: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: iCagenda
- Product: iCagenda
- Notes: icagenda.com/#download ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-56291 (secdb.nttzen.cloud/cve/detail/)
- Name: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Balbooa
- Product: Forms
- Notes: balbooa.com/joomla-forms ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

##

cisakevtracker@mastodon.social at 2026-07-10T18:01:04.000Z ##

CVE ID: CVE-2026-48939
Vendor: iCagenda
Product: iCagenda
Date Added: 2026-07-10
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL at 2026-07-10T17:21:04.075Z ##

CISA has added two vulnerabilities to the KEV catalogue.

- CVE-2026-48939: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-56291: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026-

##

secdb@infosec.exchange at 2026-07-10T19:00:12.000Z ##

🚨 [CISA-2026:0710] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-48939 (secdb.nttzen.cloud/cve/detail/)
- Name: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: iCagenda
- Product: iCagenda
- Notes: icagenda.com/#download ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-56291 (secdb.nttzen.cloud/cve/detail/)
- Name: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Balbooa
- Product: Forms
- Notes: balbooa.com/joomla-forms ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260710 #cisa20260710 #cve_2026_48939 #cve_2026_56291 #cve202648939 #cve202656291

##

cisakevtracker@mastodon.social at 2026-07-10T18:01:04.000Z ##

CVE ID: CVE-2026-48939
Vendor: iCagenda
Product: iCagenda
Date Added: 2026-07-10
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2026-07-10T17:21:04.000Z ##

CISA has added two vulnerabilities to the KEV catalogue.

- CVE-2026-48939: iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-56291: Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026- #CISA #infosec #vulnerability

##

CVE-2026-12685
(7.5 HIGH)

EPSS: 0.14%

updated 2026-07-10T17:56:00.910000

1 posts

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator email address, and license key to a third-party server.

offseq@infosec.exchange at 2026-07-10T07:30:26.000Z ##

CVE-2026-12685 | EscortWP ≤3.6.2: CRITICAL backdoor (CWE-912) enables unauthenticated data wipe & exfiltrates site/admin info via hard-coded key. No patch available — replace theme & monitor vendor. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #CVE2026_12685

##

CVE-2026-57026
(7.5 HIGH)

EPSS: 0.46%

updated 2026-07-10T17:49:57.737000

1 posts

An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart.

thehackerwire@mastodon.social at 2026-07-10T05:01:21.000Z ##

🟠 CVE-2026-57026 - High (7.5)

An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-57589
(7.4 HIGH)

EPSS: 0.12%

updated 2026-07-10T16:39:52.480000

9 posts

sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().

benoit@benoit.jp.net at 2026-07-09T10:48:05.000Z ##

OpenBSD has a use-after-free allowing local privilege escalation to root

nvd.nist.gov/vuln/detail/cve-2

##

hn100@social.lansky.name at 2026-07-08T16:05:10.000Z ##

OpenBSD has a use-after-free allowing local privilege escalation to root

Link: nvd.nist.gov/vuln/detail/cve-2
Discussion: news.ycombinator.com/item?id=4

##

newsycombinator@framapiaf.org at 2026-07-08T16:00:47.000Z ##

OpenBSD has a use-after-free allowing local privilege escalation to root
Link: nvd.nist.gov/vuln/detail/cve-2
Comments: news.ycombinator.com/item?id=4

##

hn50@social.lansky.name at 2026-07-08T15:25:07.000Z ##

OpenBSD has a use-after-free allowing local privilege escalation to root

Link: nvd.nist.gov/vuln/detail/cve-2
Discussion: news.ycombinator.com/item?id=4

##

hnbot@chrispelli.fun at 2026-07-08T14:48:47.000Z ##

OpenBSD has a use-after-free allowing local privilege escalation to root - nvd.nist.gov/vuln/detail/cve-2

#hackernews

##

ngate@mastodon.social at 2026-07-08T14:47:21.000Z ##

Oh, joy! 😒 A riveting tale of OpenBSD's latest "oopsie-daisy" moment, where users can magically escalate privileges—because who doesn't love a good #security blunder? Meanwhile, the article itself is a masterpiece of accessibility: blocked by Cloudflare like a bouncer at a club for nerds. 🕵️‍♂️🔒
nvd.nist.gov/vuln/detail/cve-2 #OpenBSD #Blunder #Accessibility #Issues #HackerNews #PrivilegeEscalation #HackerNews #ngated

##

h4ckernews@mastodon.social at 2026-07-08T14:47:16.000Z ##

OpenBSD has a use-after-free allowing local privilege escalation to root

nvd.nist.gov/vuln/detail/cve-2

Comments: news.ycombinator.com/item?id=4

#HackerNews #OpenBSD #UseAfterFree #PrivilegeEscalation #Cybersecurity #Vulnerability #CVE-2026-57589

##

CuratedHackerNews@mastodon.social at 2026-07-08T14:36:03.000Z ##

OpenBSD has a use-after-free allowing local privilege escalation to root

nvd.nist.gov/vuln/detail/cve-2

#gov #openbsd

##

lobsters@mastodon.social at 2026-07-08T01:50:10.000Z ##

OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root (CVE-2026-57589) lobste.rs/s/7hmu0w #openbsd #security
nvd.nist.gov/vuln/detail/cve-2

##

CVE-2026-59832
(7.7 HIGH)

EPSS: 0.32%

updated 2026-07-10T16:16:38.187000

1 posts

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath containment or sensitive-path checks, allowing an authenticated request such as /snippets/%2e%2e/%2e%2e/conf/conf.json to read workspace secrets and the document d

thehackerwire@mastodon.social at 2026-07-10T03:00:55.000Z ##

🟠 CVE-2026-59832 - High (7.7)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the snippets directory without subpath containmen...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54771
(8.1 HIGH)

EPSS: 0.39%

updated 2026-07-10T15:49:19.093000

1 posts

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with `use=False, handle=True`. Version 0.65.3 fixes the issue.

thehackerwire@mastodon.social at 2026-07-10T01:00:20.000Z ##

🟠 CVE-2026-54771 - High (8.1)

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools ar...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41880
(0 None)

EPSS: 1.33%

updated 2026-07-10T15:46:07.777000

1 posts

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding neutralizes the injection during the standard web upload flow. An authenticated attacker who is able to tri

offseq@infosec.exchange at 2026-07-10T12:00:34.000Z ##

CVE-2026-41880 | CRITICAL OS Command Injection in R-SOFT SERWIS DMS OCR module. Authenticated users can execute root commands via crafted uploads. Patched in v3.19-2862/3.17-2580. Upgrade now: radar.offseq.com/threat/cve-20 #OffSeq #infosec #vulnerability #CVE202641880

##

CVE-2026-56689
(7.7 HIGH)

EPSS: 0.00%

updated 2026-07-10T15:45:33.663000

1 posts

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

hugovalters@mastodon.social at 2026-07-10T17:01:56.000Z ##

CVE-2026-56689 - SQL Injection in Dell PowerFlex Manager <5.1.0.1. Low-priv remote attacker can exploit for info disclosure. CVSS 7.7. No patch available. Monitor for updates. #CVE #Dell #infosec

valtersit.com/cve/CVE-2026-566

##

CVE-2026-14894
(9.8 CRITICAL)

EPSS: 0.52%

updated 2026-07-10T15:43:30.330000

2 posts

The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submit_form function. This is due to missing file type validation and the absence of any capability check on the submit_form nopriv AJAX handler, whose only barrier is a session nonce freely obtainable by unauthenticated visitors via a separat

thehackerwire@mastodon.social at 2026-07-10T04:59:59.000Z ##

🔴 CVE-2026-14894 - Critical (9.8)

The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submit_form function. This is due to missing file type validation and the absence of any...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-07-10T04:30:25.000Z ##

CVE-2026-14894 (CRITICAL, CVSS 9.8): Arbitrary file upload in Super Forms – Drag & Drop Form Builder <=6.3.313 enables unauthenticated RCE. Restrict plugin use & monitor for uploads. Await vendor patch. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #Vulnerability

##

CVE-2026-56688
(9.1 CRITICAL)

EPSS: 0.00%

updated 2026-07-10T12:31:56

1 posts

Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability during OS Repository processing to achieve arbitrary command execution as root, potentially leading to full appliance compromise and latera

offseq@infosec.exchange at 2026-07-10T13:30:28.000Z ##

Dell PowerFlex Manager <5.1.0.1 faces CRITICAL OS command injection (CVE-2026-56688, CVSS 9.1). High-priv attackers can execute root commands — full compromise risk. No patch yet. Limit admin remote access & monitor activity. radar.offseq.com/threat/cve-20 #OffSeq #Dell #Vuln #Infosec

##

CVE-2026-15378
(9.3 CRITICAL)

EPSS: 0.42%

updated 2026-07-10T12:31:55

3 posts

A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote attacker to perform a blind Server-Side Request Forgery (SSRF) by submitting a specially crafted XML Schema Definition (XSD) string. This can lead to unauthorized access to sensitive information, including credentials from cloud metadata services, Kubernetes API, internal MinIO, and other internal network

nyanbinary at 2026-07-10T18:53:22.845Z ##

(there is more, actually, lol access.redhat.com/security/cve )

##

nyanbinary@infosec.exchange at 2026-07-10T18:53:22.000Z ##

(there is more, actually, lol access.redhat.com/security/cve )

##

offseq@infosec.exchange at 2026-07-10T10:30:25.000Z ##

Red Hat OpenShift AI hit by CRITICAL SSRF (CVE-2026-15378): guardrails-detectors flaw allows remote attackers to access cloud metadata, K8s API, and secrets via crafted XSD. Monitor for exploitation & restrict egress. radar.offseq.com/threat/cve-20 #OffSeq #CVE202615378 #RedHat #Infosec

##

CVE-2026-54423
(8.2 HIGH)

EPSS: 0.52%

updated 2026-07-10T09:31:36

1 posts

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.

thehackerwire@mastodon.social at 2026-07-10T04:59:50.000Z ##

🟠 CVE-2026-54423 - High (8.2)

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-15300
(9.1 CRITICAL)

EPSS: 0.35%

updated 2026-07-10T06:31:33

1 posts

The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, 4.5.4. The values were read from $_SERVER['QUERY_STRING'] via parse_str() (bypassing wp_magic_quotes, which does not cover $_SERVER), then passed through bare esc_sql() before being interpolated into unquoted numeric positions in the proximity-search

offseq@infosec.exchange at 2026-07-10T06:00:25.000Z ##

SQL Injection vuln (CRITICAL, CVE-2026-15300) in GEO my WP <=4.5.4 lets attackers exploit 'distance', 'lat', 'lng' via query string. Upgrade to 4.5.5 for numeric validation & input casting. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Security #CVE202615300

##

CVE-2026-15070
(8.8 HIGH)

EPSS: 0.26%

updated 2026-07-10T06:31:28

1 posts

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into the web-accessible translate-constants.php file within the plugin directory,

thehackerwire@mastodon.social at 2026-07-10T05:00:11.000Z ##

🟠 CVE-2026-15070 - High (8.8)

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This mak...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-46215
(7.8 HIGH)

EPSS: 0.13%

updated 2026-07-10T05:16:37.103000

1 posts

In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in change_handle There was a potential race condition in change_handle. The ioctl briefly had a single object with two idr entries; a concurrent gem_close could delete the object and remove one of the handles while leaving the other one dangling, which could subsequently be dereferen

1 repos

https://github.com/0xCyberstan/CVE-2026-46215-POC

CVE-2026-15112
(8.8 HIGH)

EPSS: 0.26%

updated 2026-07-10T05:16:28.503000

1 posts

Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

offseq@infosec.exchange at 2026-07-09T01:30:28.000Z ##

CVE-2026-15112: CRITICAL use-after-free in Chrome Ozone (<150.0.7871.115). Remote attackers could trigger heap corruption via crafted HTML. No exploits seen yet. Check vendor guidance: radar.offseq.com/threat/cve-20 #OffSeq #Chrome #Vuln #AppSec

##

CVE-2026-12597
(8.1 HIGH)

EPSS: 0.42%

updated 2026-07-10T00:31:34

1 posts

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpress_on_github_login() function, which blindly trusts the first element (profile[0]['email']) of the array returned by GitHub's /user/emails endpoint as an account-binding identifier without verifying that the em

thehackerwire@mastodon.social at 2026-07-10T01:59:48.000Z ##

🟠 CVE-2026-12597 - High (8.1)

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpress_on_github_login() function, which blindly trusts the f...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58123
(9.8 CRITICAL)

EPSS: 0.93%

updated 2026-07-10T00:31:34

2 posts

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitrary commands through the terminal input endpoint to achieve full command execution as the server process

offseq@infosec.exchange at 2026-07-10T01:30:25.000Z ##

CVE-2026-58123 | CRITICAL RCE in nesquena hermes-webui <0.51.788: Unauthenticated attackers can execute arbitrary shell commands via terminal API in 4 HTTP requests. Restrict endpoint access until patch confirmed. radar.offseq.com/threat/cve-20 #OffSeq #RCE #infosec #CVE

##

thehackerwire@mastodon.social at 2026-07-09T23:01:33.000Z ##

🔴 CVE-2026-58123 - Critical (9.8)

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can creat...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-12595
(8.1 HIGH)

EPSS: 0.35%

updated 2026-07-10T00:31:34

1 posts

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpress_on_discord_login() Discord OAuth callback handler, which accepts the email field returned by Discord's /users/@me endpoint without ever checking that the profile's verified flag is true, then directly maps th

thehackerwire@mastodon.social at 2026-07-10T01:00:31.000Z ##

🟠 CVE-2026-12595 - High (8.1)

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpress_on_discord_login() Discord OAuth callback handler, whic...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-57023
(7.5 HIGH)

EPSS: 0.46%

updated 2026-07-10T00:31:33

1 posts

An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS). When TCP proxy is engaged in a flow session, to support ALGs, Advanced Anti-Malware, ICAP or UTM, a TCP packet with specifically malformed TCP h

thehackerwire@mastodon.social at 2026-07-10T05:01:09.000Z ##

🟠 CVE-2026-57023 - High (7.5)

An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58122
(9.1 CRITICAL)

EPSS: 0.29%

updated 2026-07-10T00:31:33

2 posts

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopback address. Attackers can exploit this bypass to perform server-side request forgery against internal services including cloud metadata endpoints, overw

offseq@infosec.exchange at 2026-07-10T00:00:36.000Z ##

CVE-2026-58122 (CRITICAL): Hermes WebUI <0.51.307 lets remote attackers bypass local IP restrictions via spoofed X-Forwarded-For — enabling SSRF, config overwrite, and OAuth token theft. Restrict header spoofing & monitor access. radar.offseq.com/threat/cve-20 #OffSeq #CVE202658122 #infosec #SSRF

##

thehackerwire@mastodon.social at 2026-07-09T23:01:20.000Z ##

🔴 CVE-2026-58122 - Critical (9.1)

Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to circumvent local-origin IP restrictions on onboarding endpoints by supplying a spoofed X-Forwarded-For header with a loopb...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58143
(8.8 HIGH)

EPSS: 0.18%

updated 2026-07-10T00:31:33

1 posts

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes the application's CSRF validation function. Attackers can disable the PFS module's file extension white

thehackerwire@mastodon.social at 2026-07-09T23:01:43.000Z ##

🟠 CVE-2026-58143 - High (8.8)

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the adm...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58473
(9.1 CRITICAL)

EPSS: 0.37%

updated 2026-07-09T19:37:12.317000

1 posts

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all LLM operations instance-wide to an attacker-controlled endpoint by exploiting the process-wide singleton

offseq@infosec.exchange at 2026-07-08T03:00:25.000Z ##

topoteretes cognee (<1.2.0) is affected by CVE-2026-58473 (CRITICAL, CVSS 9.3): improper access control lets unauth attackers overwrite LLM provider config & exfiltrate sensitive data. Restrict endpoint, monitor configs. radar.offseq.com/threat/cve-20 #OffSeq #CVE #Infosec

##

CVE-2026-15130
(4.3 MEDIUM)

EPSS: 0.17%

updated 2026-07-09T17:49:42.217000

1 posts

Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

offseq@infosec.exchange at 2026-07-09T04:30:26.000Z ##

CVE-2026-15130 (HIGH): Chrome <150.0.7871.115 has an insufficient policy enforcement bug, letting remote attackers bypass site isolation with crafted HTML. No exploits reported. Check radar.offseq.com/threat/cve-20 for updates. #OffSeq #Chrome #BrowserSecurity #Vulnerability

##

CVE-2026-13698
(7.5 HIGH)

EPSS: 0.55%

updated 2026-07-09T15:32:20

1 posts

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service

cryptostorm@infosec.exchange at 2026-07-10T13:32:09.000Z ##

v4.01 of our Windows client is at cryptostorm.is/windows#widget

See attached for client-side fixes.

Servers were updated to OpenVPN 2.7.5 on the 2nd, and v4.01 bundles 2.7.5, so we're good on CVE-2026-12996, CVE-2026-13117, CVE-2026-12932, and CVE-2026-13698.

##

CVE-2026-15128
(6.1 MEDIUM)

EPSS: 0.14%

updated 2026-07-09T12:31:30

1 posts

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

offseq@infosec.exchange at 2026-07-09T06:00:29.000Z ##

CVE-2026-15128 (HIGH): Google Chrome <150.0.7871.115 vulnerable to remote UXSS via crafted HTML. Patch available — update now to block script injection. Details: radar.offseq.com/threat/cve-20 #OffSeq #Chrome #Vuln #PatchTuesday #InfoSec

##

CVE-2026-15129
(8.8 HIGH)

EPSS: 0.22%

updated 2026-07-09T12:31:30

1 posts

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

offseq@infosec.exchange at 2026-07-09T00:00:37.000Z ##

Google Chrome <150.0.7871.115 impacted by CRITICAL CVE-2026-15129 (use-after-free in Views). Remote code execution possible via malicious HTML. Patch status not confirmed — monitor advisory: radar.offseq.com/threat/cve-20 #OffSeq #Chrome #Infosec #CVE202615129

##

CVE-2026-9253
(7.2 HIGH)

EPSS: 0.20%

updated 2026-07-09T12:30:35

1 posts

The WP Cost Estimation & Payment Forms Builder (E&P Forms) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customerInfos' parameter in all versions up to, and including, 10.5.97 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesse

offseq@infosec.exchange at 2026-07-09T13:30:50.000Z ##

CVE-2026-9253: WP Cost Estimation & Payment Forms Builder ≤10.5.97 has a HIGH severity stored XSS via 'customerInfos'. Unauthenticated attackers can inject scripts. Patch status unconfirmed — restrict plugin use for now. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #XSS

##

CVE-2026-14245
(9.8 CRITICAL)

EPSS: 0.59%

updated 2026-07-09T09:30:40

1 posts

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the `um_reset_password_process_hook()` function performing no server-side verification that the OTP validation step was completed, and relying solely on a public `form_nonce` no

offseq@infosec.exchange at 2026-07-09T09:00:26.000Z ##

CVE-2026-14245: CRITICAL vuln in miniOrange OTP Login ≤5.5.1. Auth bypass allows admin takeover if Ultimate Member Password Reset Form is enabled. Disable that integration or enforce phone-only reset until patched. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Infosec #Vuln

##

CVE-2026-46242
(7.8 HIGH)

EPSS: 0.12%

updated 2026-07-09T01:19:06.807000

4 posts

In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file UAF ep_remove() (via ep_remove_file()) cleared file->f_ep under file->f_lock but then kept using @file inside the critical section (is_file_epoll(), hlist_del_rcu() through the head, spin_unlock). A concurrent __fput() taking the eventpoll_release() fastpath in that window

2 repos

https://github.com/SaithFranklinB/ScannerBadEpoll

https://github.com/0xBlackash/CVE-2026-46242

jschauma@mstdn.social at 2026-07-08T20:49:14.000Z ##

Here's your weekly batch of Linux local privilege escalation vulnerabilities:

CVE-2026-43499 "GhostLock"
nebusec.ai/research/ionstack-p

CVE-2026-46242 "Bad Epoll"
github.com/J-jaeyoung/bad-epoll

Enjoy! ✌️

##

netsecio@mastodon.social at 2026-07-08T14:52:58.000Z ##

📰 New 'Bad Epoll' Linux Kernel Zero-Day (CVE-2026-46242) Grants Full Root Access

🚨 CRITICAL ZERO-DAY: 'Bad Epoll' (CVE-2026-46242) in Linux Kernel allows any local user to gain full root access. The use-after-free bug affects servers, desktops & Android. PoC exists. Patch immediately! 🐧💥 #Linux #CyberSecurity #ZeroDay #Infosec

🌐 cyber[.]netsecops[.]io

🔗 cyber.netsecops.io/articles/ba

##

youranonnewsirc@nerdculture.de at 2026-07-07T16:05:23.000Z ##

Geopolitical: The NATO Summit commenced in Ankara on July 7, addressing defense spending and new air power deals. Ukraine executed long-range drone strikes on Russia's Omsk refinery on July 7. Cybersecurity: A critical Adobe ColdFusion vulnerability (CVE-2026-48282) is being actively exploited. A Linux 'Bad Epoll' root exploit (CVE-2026-46242) has also been publicly released. Technology: The UN Global Dialogue on AI Governance started July 6 in Geneva. Microsoft announced 4,800 job cuts, notably affecting its Xbox division, on July 6.

#AnonNews_irc #Cybersecurity #News

##

threatnoir@infosec.exchange at 2026-07-07T01:05:15.000Z ##

⚠️ CRITICAL: Proof-of-Concept Exploit Released for Linux ‘Bad Epoll’ Root Access Vulnerability

A public proof-of-concept exploit is now available for CVE-2026-46242, a race-condition use-after-free bug in the Linux kernel epoll facility that allows unprivileged local processes to escalate to root. This affects kernel versions 6.4 and newer, including Android devices. Any system running vulne…

threatnoir.com/focus

#infosec #cybersecurity

##

CVE-2026-43499
(7.8 HIGH)

EPSS: 0.12%

updated 2026-07-09T00:32:11

8 posts

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also used for proxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from futex_requeue(). In the latter case waiter::task is not current, but remove_waiter() operates on current for the dequeue oper

7 repos

https://github.com/caspy123/CVE-2026-43499

https://github.com/inforcqb/CVE-2026-43499-pja110

https://github.com/pubglite55/oppo-ghostlock

https://github.com/0xBlackash/CVE-2026-43499

https://github.com/tc3650/CVE-2026-43499-armv7

https://github.com/MobiusM/CVE-2026-43499

https://github.com/HORKimhab/CVE-2026-43499

radwebhosting@mastodon.social at 2026-07-10T19:45:52.000Z ##

GhostLock (CVE-2026-43499): What It Is and Why We Patched All Managed Servers

This article provides an overview of recently patched #security vulnerability, Ghostlock (CVE-2026-43499).
GhostLock (CVE-2026-43499): What It Is, Why It Matters, and How Rad Web Hosting Protected Customer Servers
Published: July 10, 2026

When a critical operating system vulnerability is disclosed, every hour counts. That's why ...
Continued 👉 blog.radwebhosting.com/ghostlo #privilegeescalation #criticalvulnerability

##

radwebhosting@mastodon.social at 2026-07-10T19:42:21.000Z ##

GhostLock (CVE-2026-43499): What It Is and Why We Patched All Managed Servers

This article provides an overview of recently patched #security vulnerability, Ghostlock (CVE-2026-43499).
GhostLock (CVE-2026-43499): What It Is, Why It Matters, and How Rad Web Hosting Protected Customer Servers
Published: July 10, 2026

When a critical operating system vulnerability is disclosed, every hour counts. That's why ...
Continued 👉 blog.radwebhosting.com/ghostlo #privilegeescalation #criticalvulnerability

##

autobrain@arram.senta-la.cloud at 2026-07-10T14:23:23.000Z ##

Postei no BR-Linux to avisando, e é sobre bug novo/velho.

VULNERABILIDADE GHOSTLOCK PERMITE QUE USUÁRIOS LOCAIS VIREM ROOT

A vulnerabilidade CVE-2026-43499, batizada de GhostLock, é um bug de sincronização divulgado esta semana, que ficou oculto por 15 anos no kernel Linux, e expõe a acesso root por usuários locais.

br-linux.org/2026/01/vulnerabi

##

schwerdtfegr.wordpress.com@schwerdtfegr.wordpress.com at 2026-07-10T12:46:19.000Z ##

Aber linux ist doch sicherer als windohs

Eine seit 2011 bestehende Schwachstelle im Linux-Kernel sorgt gerade für Aufsehen: CVE-2026-43499, von Sicherheitsforschern »GhostLock« getauft, steckt im rtmutex/futex-Subsystem und lässt sich mit hoher Zuverlässigkeit zur Rechteausweitung missbrauchen […] Der Bug betrifft praktisch jede Linux-Distribution der letzten 15 Jahre, ein funktionierender Root-Exploit mit rund 97 % Erfolgsquote kursiert bereits, und ein Proof-of-Concept ist öffentlich auf GitHub einsehbar. Zusätzlich lässt sich damit auch aus Containern ausbrechen – für Docker- und Kubernetes-Hosts also doppelt relevant

Huj, fuffzehn jahre alt. Der kleine verkacker im kernel ist ja fast volljährig geworden, bis ihn mal jemand bemerkt hat… und etwas im kontäjhner laufenzulassen, ist auch kein schutz.

Spielt eure sicherheitsaktualisierungen ein!

#Epic #Fail #Link #Linux #Linuxnews #Security ##

StevenSaus@faithcollapsing.com at 2026-07-10T01:31:05.000Z ##

15-Year-Old Linux Kernel GhostLock Flaw Lets Local Users Gain Root

CVE-2026-43499, dubbed GhostLock by Nebula Security, exposes a long-standing Linux kernel futex bug that can lead to local root access.

#kernel #linux-&-open-source-news #software #vulnerability
linuxiac.com/15-year-old-linux

##

guru@thecybersecguru.com at 2026-07-09T04:50:52.000Z ##

GhostLock (CVE-2026-43499): a fifteen-year-old rtmutex bug just handed root to anyone with a shell

GhostLock (CVE-2026-43499) is a 15-year rtmutex use-after-free giving root to any local Linux user. Full technical breakdown of the exploit chain

thecybersecguru.com/news/ghost

##

jschauma@mstdn.social at 2026-07-08T20:49:14.000Z ##

Here's your weekly batch of Linux local privilege escalation vulnerabilities:

CVE-2026-43499 "GhostLock"
nebusec.ai/research/ionstack-p

CVE-2026-46242 "Bad Epoll"
github.com/J-jaeyoung/bad-epoll

Enjoy! ✌️

##

DailyCyberSecurity@infosec.exchange at 2026-07-08T02:15:10.000Z ##

Researchers disclosed GhostLock (CVE-2026-43499) with public PoC code. The 15-year Linux kernel bug enables privilege escalation and container escape.

#GhostLock #CVE202643499 #LinuxKernel #PrivilegeEscalation #ContainerEscape #InfoSec

securityonline.info/ghostlock-

##

CVE-2026-47646
(9.3 CRITICAL)

EPSS: 0.27%

updated 2026-07-09T00:31:25

1 posts

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.

thehackerwire@mastodon.social at 2026-07-09T04:00:19.000Z ##

🔴 CVE-2026-47646 - Critical (9.3)

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-6896
(8.7 HIGH)

EPSS: 0.28%

updated 2026-07-08T21:30:42

2 posts

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser session due to improper sanitization of user-supplied input.

DailyCyberSecurity@infosec.exchange at 2026-07-09T02:15:41.000Z ##

The GitLab patch release fixes 8 flaws, including a high-severity cross-site scripting bug (CVE-2026-6896). Update to 19.1.2 now.

#GitLab #GitLabSecurity #XSS #CrossSiteScripting #CVE #DevSecOps #PatchNow #InfoSec

securityonline.info/gitlab-pat

##

thehackerwire@mastodon.social at 2026-07-08T22:00:32.000Z ##

🟠 CVE-2026-6896 - High (8.7)

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to exec...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-58525
(8.2 HIGH)

EPSS: 0.36%

updated 2026-07-08T21:30:37

1 posts

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

thehackerwire@mastodon.social at 2026-07-08T22:00:43.000Z ##

🟠 CVE-2026-58525 - High (8.2)

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-53481
(9.8 CRITICAL)

EPSS: 0.63%

updated 2026-07-08T19:57:35.883000

1 posts

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vuln

offseq@infosec.exchange at 2026-07-07T13:30:28.000Z ##

Dell PowerProtect Data Domain is affected by CRITICAL path traversal (CVE-2026-53481, CVSS 9.8). Remote, unauthenticated attackers can gain full system control. No patch yet — monitor Dell advisories. radar.offseq.com/threat/cve-20 #OffSeq #Dell #CVE202653481 #infosec

##

CVE-2026-33264
(9.8 CRITICAL)

EPSS: 1.65%

updated 2026-07-08T19:37:10.507000

1 posts

A bug in `BaseSerialization.deserialize()` allowed unrestricted `import_string()` of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossing the Airflow security boundary that DAG-author code must never execute in those processes. Us

offseq@infosec.exchange at 2026-07-07T10:30:25.000Z ##

CVE-2026-33264: Apache Airflow <3.3.0 has a CRITICAL deserialization flaw. DAG authors can trigger remote code execution on Scheduler/API Server. Upgrade to 3.3.0+ and restrict allowed_deserialization_classes. Details: radar.offseq.com/threat/cve-20 #OffSeq #Airflow #Infosec #CVE202633264

##

CVE-2026-11405
(9.8 CRITICAL)

EPSS: 0.67%

updated 2026-07-08T15:32:52

6 posts

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key). - After normal authentication fails, it calls GetValue("sys.rzadmin.password") to read a backdoor password from the device configuratio

1 repos

https://github.com/HORKimhab/CVE-2026-11405

beyondmachines1@infosec.exchange at 2026-07-10T12:01:43.000Z ##

Tenda Routers Contain Undocumented Authentication Backdoor

Tenda routers contain a hardcoded authentication backdoor (CVE-2026-11405) that allows attackers to gain full administrative control by bypassing standard login credentials. The vulnerability is not patched, and the vendor has not yet responded to the disclosure.

**If you use Tenda routers check your firmware version. If it's one of FH1201, W15E, AC10, AC5, AC6, immediately disable remote web management interface or at least isolate it from the internet. Only manage the device from your trusted local network. Since this backdoor is built into the firmware and Tenda has not released a fix, if there is no patch plan to replace these routers soon. As an extra step, change LAN IP address from the default to make them harder for attackers to find.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

beyondmachines1@infosec.exchange at 2026-07-10T10:01:43.000Z ##

CERT/CC Warns of Unpatched Admin Backdoor in Tenda Router Firmware

CERT/CC warned that several Tenda firmware versions contain an undocumented authentication backdoor that can give attackers administrative access to affected devices. The flaw, tracked as CVE-2026-11405, remains unpatched and could allow attackers to modify device settings, disable security features, or take full control of the device.

**Check your network for affected Tenda devices and reduce exposure immediately. No patch is available, so disable remote web management, block untrusted access to the router’s web interface, and change the default LAN IP address to reduce discovery by automated scanners.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

tomshardware@mastodon.online at 2026-07-08T15:49:05.000Z ##

Hidden backdoor in Tenda routers goes unpatched as company ignores warnings from cybersecurity researchers — Chinese company's firmware allows admin access without a password

CERT/CC has disclosed a critical authentication backdoor affecting multiple Tenda router firmware versions. Tracked as CVE-2026-11405, the flaw grants full administrator access without valid credentials, and no vendor patch is currently available after CERT failed to reach Tenda.
#hardware
tomshardware.com/tech-industry

##

jt_rebelo@ciberlandia.pt at 2026-07-07T19:52:06.000Z ##

@tugatech é preciso avisar as pessoas disto: discourse.ifin.network/t/cve-2

##

DarkWebInformer@infosec.exchange at 2026-07-07T15:04:21.000Z ##

‼️ New Dark Web Informer Blog Post!

Title: When the Password Check Fails, You're In: The Hidden Admin Backdoor in Tenda Router Firmware (CVE-2026-11405)

Link: darkwebinformer.com/when-the-p

##

DailyCyberSecurity@infosec.exchange at 2026-07-07T04:32:10.000Z ##

CVE-2026-11405 is a Tenda authentication backdoor. It allows full administrative access without valid credentials. Protect your network with these steps.

#CVE202611405 #Tenda #AuthenticationBackdoor #CyberSecurity #RouterSecurity

securityonline.info/cve-2026-1

##

CVE-2026-11903
(8.0 HIGH)

EPSS: 0.30%

updated 2026-07-08T15:32:13

1 posts

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Progress MOVEit Transfer (Ad Hoc module). This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8.

CVE-2026-58480
(9.8 CRITICAL)

EPSS: 0.60%

updated 2026-07-08T15:28:15.630000

1 posts

Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the save_attachments function exposed through the Advanced Reviews feature. Attackers can exploit the Custom Fonts extension's flawed strpos() substring check by uploading double-extension file

offseq@infosec.exchange at 2026-07-08T13:30:31.000Z ##

Blocksy Companion Pro <2.1.47 has a CRITICAL unauthenticated file upload flaw (CVE-2026-58480). Attackers can bypass extension checks and achieve remote code execution via crafted filenames. Patch ASAP. radar.offseq.com/threat/cve-20 #OffSeq #CVE202658480 #WordPress #Vuln

##

CVE-2026-55255
(8.4 HIGH)

EPSS: 0.47%

updated 2026-07-08T13:39:12.593000

7 posts

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.1.

1 repos

https://github.com/rootdirective-sec/CVE-2026-55255-Lab

thecybermind at 2026-07-10T22:55:39.988Z ##

Alert: Langflow CVE-2026-55255 allows authenticated attackers to execute arbitrary flows by manipulating flow IDs. Secure your tenant isolation now with our latest forensic deep-dive, featuring detection queries and hardening protocols. thecybermind.co/4912

##

thecybermind@infosec.exchange at 2026-07-10T22:55:39.000Z ##

Alert: Langflow CVE-2026-55255 allows authenticated attackers to execute arbitrary flows by manipulating flow IDs. Secure your tenant isolation now with our latest forensic deep-dive, featuring detection queries and hardening protocols. thecybermind.co/4912

#CyberSecurity #Langflow

##

youranonnewsirc@nerdculture.de at 2026-07-09T04:26:24.000Z ##

Here's a summary of the latest geopolitical, technology, and cybersecurity news from the last 24 hours:

Geopolitical tensions escalate as the US conducted strikes on Iran, defying an earlier ceasefire agreement. In technology, Apple lost its appeal against the EU's Digital Markets Act, maintaining its "gatekeeper" designation. Cybersecurity concerns rise with CISA warning of active exploitation of the Langflow vulnerability (CVE-2026-55255) for credential harvesting, and Accenture confirming a data breach involving alleged source code theft. Additionally, a new "ghost phishing" technique, using encrypted HTML, has been observed bypassing traditional email security.

#AnonNews_irc #Cybersecurity #News

##

offseq@infosec.exchange at 2026-07-08T12:00:26.000Z ##

CRITICAL vulnerabilities in Adobe ColdFusion (CVE-2026-48282), Langflow (CVE-2026-55255), Joomla SP Page Builder (CVE-2026-48908), & Page Builder CK (CVE-2026-56290) are being actively exploited for remote code execution & backdoors. Patch ASAP! radar.offseq.com/threat/cisa-u #OffSeq #CyberSec #CVE

##

secdb@infosec.exchange at 2026-07-07T19:00:12.000Z ##

🚨 [CISA-2026:0707] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-48908 (secdb.nttzen.cloud/cve/detail/)
- Name: JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JoomShaper
- Product: SP Page Builder
- Notes: extensions.joomla.org/extensio ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-55255 (secdb.nttzen.cloud/cve/detail/)
- Name: Langflow Authorization Bypass Through User-Controlled Key Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Langflow
- Product: Langflow
- Notes: github.com/langflow-ai/langflo ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-56290 (secdb.nttzen.cloud/cve/detail/)
- Name: Joomlack Page Builder Improper Access Control Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Joomlack
- Product: Page Builder
- Notes: joomlack.fr/en/joomla-extensio ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260707 #cisa20260707 #cve_2026_48908 #cve_2026_55255 #cve_2026_56290 #cve202648908 #cve202655255 #cve202656290

##

cisakevtracker@mastodon.social at 2026-07-07T18:01:04.000Z ##

CVE ID: CVE-2026-55255
Vendor: Langflow
Product: Langflow
Date Added: 2026-07-07
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2026-07-07T17:33:09.000Z ##

CISA has updated the KEV catalogue.

- CVE-2026-56290: Joomlack Page Builder Improper Access Control Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-55255: Langflow Authorization Bypass Through User-Controlled Key Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-48908: JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026-

Several industrial vulnerabilities: cisa.gov/ #infosec #vulnerability #CISA

##

CVE-2026-12378
(8.1 HIGH)

EPSS: 0.39%

updated 2026-07-08T12:31:28

1 posts

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; where a suitable gadget chain is present on the site this can be leveraged to achieve remote code execution.

offseq@infosec.exchange at 2026-07-08T07:30:31.000Z ##

CRITICAL: CVE-2026-12378 — Deserialization of untrusted data in Appointment Booking Calendar & Scheduling Plugins (<=1.1.28) for WordPress. Unauthenticated attackers may achieve RCE. Restrict plugin use & monitor for patches. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #RCE

##

CVE-2026-9695
(9.8 CRITICAL)

EPSS: 0.33%

updated 2026-07-08T09:31:48

1 posts

An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to the server.

offseq@infosec.exchange at 2026-07-08T10:30:27.000Z ##

CVE-2026-9695: CRITICAL improper authentication vuln in DELMIA Apriso (2020 – 2026). Allows unauthenticated privileged access — no patch yet. Restrict server access & monitor for anomalies. Details: radar.offseq.com/threat/cve-20 #OffSeq #CVE20269695 #SCADA #Infosec

##

CVE-2026-60002
(7.7 HIGH)

EPSS: 0.26%

updated 2026-07-08T03:30:33

1 posts

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)

DailyCyberSecurity@infosec.exchange at 2026-07-08T15:17:01.000Z ##

OpenSSH 10.4 ships eight security fixes, including a client use-after-free (CVE-2026-60002) plus SFTP and SCP path bugs. Update now.

#OpenSSH #SSH #UseAfterFree #CVE #InfoSec #CyberSecurity

securityonline.info/openssh-10

##

CVE-2026-56843
(9.9 CRITICAL)

EPSS: 0.34%

updated 2026-07-08T03:30:33

1 posts

Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up domains they do not own, because ownership is enforced only for certain lookup filters and schema validation is bypassed for legacy protocol versions. This results in cross-tenant disclosure of other tenants' FTP credentials stored in cleartext, which can be levera

offseq@infosec.exchange at 2026-07-08T01:30:26.000Z ##

CVE-2026-56843 (CRITICAL, CVSS 9.9): WebPros Plesk <18.0.78.4 has insufficient auth in XML-RPC API, letting low-privileged users access other tenants’ cleartext FTP creds & run code as them. Restrict API access & monitor. radar.offseq.com/threat/cve-20 #OffSeq #Infosec #Plesk

##

CVE-2026-59706
(9.3 CRITICAL)

EPSS: 0.26%

updated 2026-07-08T00:38:03

1 posts

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm en

cR0w@infosec.exchange at 2026-07-09T13:31:54.000Z ##

I keep hearing how AI and LLMs are the future but they sure keep feeling like shitty applications from 20 years ago.

nvd.nist.gov/vuln/detail/CVE-2

mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint.

##

CVE-2026-56290
(9.8 CRITICAL)

EPSS: 2.91%

updated 2026-07-07T21:32:33

8 posts

The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

3 repos

https://github.com/Jenderal92/CVE-2026-56290

https://github.com/sagsooz/PageBuilderCK-CVE-2026-56290-Exploit

https://github.com/shinthink/pbck-exploit

thecybermind at 2026-07-10T20:33:50.052Z ##

Critical Alert: Joomlack Page Builder CVE-2026-56290 allows for unauthorized access control bypasses. Secure your perimeter now with our latest forensic deep-dive, featuring detection queries and hardening protocols. Don’t wait for the breach—patch today

thecybermind.co/w06o

##

thecybermind at 2026-07-10T17:29:31.677Z ##

Critical alert for Adobe ColdFusion users: CVE-2026-56290 allows for potential RCE. Our latest forensic deep-dive breaks down the technical impact and provides the hardening steps you need to secure your production environment. Don't wait for the breach—patch today.

thecybermind.co/2026/07/10/cve

##

thecybermind@infosec.exchange at 2026-07-10T20:33:50.000Z ##

Critical Alert: Joomlack Page Builder CVE-2026-56290 allows for unauthorized access control bypasses. Secure your perimeter now with our latest forensic deep-dive, featuring detection queries and hardening protocols. Don’t wait for the breach—patch today

thecybermind.co/w06o

##

thecybermind@infosec.exchange at 2026-07-10T17:29:31.000Z ##

Critical alert for Adobe ColdFusion users: CVE-2026-56290 allows for potential RCE. Our latest forensic deep-dive breaks down the technical impact and provides the hardening steps you need to secure your production environment. Don't wait for the breach—patch today.

thecybermind.co/2026/07/10/cve

##

offseq@infosec.exchange at 2026-07-08T12:00:26.000Z ##

CRITICAL vulnerabilities in Adobe ColdFusion (CVE-2026-48282), Langflow (CVE-2026-55255), Joomla SP Page Builder (CVE-2026-48908), & Page Builder CK (CVE-2026-56290) are being actively exploited for remote code execution & backdoors. Patch ASAP! radar.offseq.com/threat/cisa-u #OffSeq #CyberSec #CVE

##

secdb@infosec.exchange at 2026-07-07T19:00:12.000Z ##

🚨 [CISA-2026:0707] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-48908 (secdb.nttzen.cloud/cve/detail/)
- Name: JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JoomShaper
- Product: SP Page Builder
- Notes: extensions.joomla.org/extensio ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-55255 (secdb.nttzen.cloud/cve/detail/)
- Name: Langflow Authorization Bypass Through User-Controlled Key Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Langflow
- Product: Langflow
- Notes: github.com/langflow-ai/langflo ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-56290 (secdb.nttzen.cloud/cve/detail/)
- Name: Joomlack Page Builder Improper Access Control Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Joomlack
- Product: Page Builder
- Notes: joomlack.fr/en/joomla-extensio ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260707 #cisa20260707 #cve_2026_48908 #cve_2026_55255 #cve_2026_56290 #cve202648908 #cve202655255 #cve202656290

##

cisakevtracker@mastodon.social at 2026-07-07T18:01:20.000Z ##

CVE ID: CVE-2026-56290
Vendor: Joomlack
Product: Page Builder
Date Added: 2026-07-07
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2026-07-07T17:33:09.000Z ##

CISA has updated the KEV catalogue.

- CVE-2026-56290: Joomlack Page Builder Improper Access Control Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-55255: Langflow Authorization Bypass Through User-Controlled Key Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-48908: JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026-

Several industrial vulnerabilities: cisa.gov/ #infosec #vulnerability #CISA

##

CVE-2026-48282
(10.0 CRITICAL)

EPSS: 28.58%

updated 2026-07-07T21:32:33

11 posts

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Nuclei template

2 repos

https://github.com/g0thamRabb1t/CVE-2026-48282-coldfusion-rds-detection

https://github.com/imbas007/CVE-2026-48282

thecybermind at 2026-07-10T17:29:31.677Z ##

Critical alert for Adobe ColdFusion users: CVE-2026-56290 allows for potential RCE. Our latest forensic deep-dive breaks down the technical impact and provides the hardening steps you need to secure your production environment. Don't wait for the breach—patch today.

thecybermind.co/2026/07/10/cve

##

thecybermind@infosec.exchange at 2026-07-10T17:29:31.000Z ##

Critical alert for Adobe ColdFusion users: CVE-2026-56290 allows for potential RCE. Our latest forensic deep-dive breaks down the technical impact and provides the hardening steps you need to secure your production environment. Don't wait for the breach—patch today.

thecybermind.co/2026/07/10/cve

##

hackmag@infosec.exchange at 2026-07-09T20:30:03.000Z ##

⚪️ Critical Adobe ColdFusion bug already exploited in attacks

🗨️ Attackers began exploiting a fresh vulnerability in Adobe ColdFusion (CVE-2026-48282) about two hours after information about it was published. The developers fixed the issue last week and strongly recommended that administrators install the updates as soon as possible. The CVE-2026-48282…

🔗 hackmag.com/news/adobe-coldfus

#news

##

thecybermind@infosec.exchange at 2026-07-09T09:49:38.000Z ##

⚠️ Actively Exploited: CVE-2026-48282 (CVSS 10.0) in Adobe ColdFusion. CISA KEV deadline is July 10. We just dropped the paywall on our TS-MAN runbook. Get the exact Splunk, Sentinel, and CrowdStrike queries to hunt this unauthenticated RCE right now. 👇
thecybermind.co/1m24

##

offseq@infosec.exchange at 2026-07-08T12:00:26.000Z ##

CRITICAL vulnerabilities in Adobe ColdFusion (CVE-2026-48282), Langflow (CVE-2026-55255), Joomla SP Page Builder (CVE-2026-48908), & Page Builder CK (CVE-2026-56290) are being actively exploited for remote code execution & backdoors. Patch ASAP! radar.offseq.com/threat/cisa-u #OffSeq #CyberSec #CVE

##

youranonnewsirc@nerdculture.de at 2026-07-08T10:07:56.000Z ##

Recent events include heightened geopolitical tensions as the U.S. launched strikes on Iran following attacks in the Strait of Hormuz, pushing oil prices higher. In cybersecurity, Sysdig reported the first end-to-end AI agent ransomware attack, dubbed "JADEPUFFER." Additionally, CISA issued a warning regarding active exploitation of a critical Adobe ColdFusion vulnerability (CVE-2026-48282).

#AnonNews_irc #Cybersecurity #News

##

obivan@infosec.exchange at 2026-07-08T09:16:35.000Z ##

Poc for CVE-2026-48282, a path traversal vulnerability in Adobe ColdFusion's Remote Development Service (RDS) github.com/imbas007/CVE-2026-4

##

DarkWebInformer@infosec.exchange at 2026-07-07T22:50:22.000Z ##

🚨 CVE-2026-48282: PoC Path traversal vulnerability in Adobe ColdFusion's Remote Development Service (RDS) with a CVSS score of 10.0

GitHub: github.com/imbas007/CVE-2026-4

##

cisakevtracker@mastodon.social at 2026-07-07T20:00:45.000Z ##

CVE ID: CVE-2026-48282
Vendor: Adobe
Product: ColdFusion
Date Added: 2026-07-07
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

youranonnewsirc@nerdculture.de at 2026-07-07T16:05:23.000Z ##

Geopolitical: The NATO Summit commenced in Ankara on July 7, addressing defense spending and new air power deals. Ukraine executed long-range drone strikes on Russia's Omsk refinery on July 7. Cybersecurity: A critical Adobe ColdFusion vulnerability (CVE-2026-48282) is being actively exploited. A Linux 'Bad Epoll' root exploit (CVE-2026-46242) has also been publicly released. Technology: The UN Global Dialogue on AI Governance started July 6 in Geneva. Microsoft announced 4,800 job cuts, notably affecting its Xbox division, on July 6.

#AnonNews_irc #Cybersecurity #News

##

teezeh@ieji.de at 2026-07-07T05:19:39.000Z ##

"Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel.“

bleepingcomputer.com/news/secu

##

offseq@infosec.exchange at 2026-07-08T12:00:26.000Z ##

CRITICAL vulnerabilities in Adobe ColdFusion (CVE-2026-48282), Langflow (CVE-2026-55255), Joomla SP Page Builder (CVE-2026-48908), & Page Builder CK (CVE-2026-56290) are being actively exploited for remote code execution & backdoors. Patch ASAP! radar.offseq.com/threat/cisa-u #OffSeq #CyberSec #CVE

##

secdb@infosec.exchange at 2026-07-07T19:00:12.000Z ##

🚨 [CISA-2026:0707] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (secdb.nttzen.cloud/security-ad)

CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-48908 (secdb.nttzen.cloud/cve/detail/)
- Name: JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JoomShaper
- Product: SP Page Builder
- Notes: extensions.joomla.org/extensio ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-55255 (secdb.nttzen.cloud/cve/detail/)
- Name: Langflow Authorization Bypass Through User-Controlled Key Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Langflow
- Product: Langflow
- Notes: github.com/langflow-ai/langflo ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

⚠️ CVE-2026-56290 (secdb.nttzen.cloud/cve/detail/)
- Name: Joomlack Page Builder Improper Access Control Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset&#39;s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Joomlack
- Product: Page Builder
- Notes: joomlack.fr/en/joomla-extensio ; BOD 26-04: cisa.gov/news-events/directive ; Forensics Triage Requirements: cisa.gov/news-events/directive ; nvd.nist.gov/vuln/detail/CVE-2

#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260707 #cisa20260707 #cve_2026_48908 #cve_2026_55255 #cve_2026_56290 #cve202648908 #cve202655255 #cve202656290

##

cisakevtracker@mastodon.social at 2026-07-07T18:00:49.000Z ##

CVE ID: CVE-2026-48908
Vendor: JoomShaper
Product: SP Page Builder
Date Added: 2026-07-07
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2026-07-07T17:33:09.000Z ##

CISA has updated the KEV catalogue.

- CVE-2026-56290: Joomlack Page Builder Improper Access Control Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-55255: Langflow Authorization Bypass Through User-Controlled Key Vulnerability cve.org/CVERecord?id=CVE-2026-

- CVE-2026-48908: JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability cve.org/CVERecord?id=CVE-2026-

Several industrial vulnerabilities: cisa.gov/ #infosec #vulnerability #CISA

##

CVE-2026-54060
(7.5 HIGH)

EPSS: 0.36%

updated 2026-07-07T18:58:45.827000

1 posts

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a font to trigger excessive allocation during conversion or saving. This issue is fixed in version 12.3.0.

hugovalters@mastodon.social at 2026-07-07T05:11:21.000Z ##

CVE-2026-54060 - Supply chain attack in Pillow Python imaging library. FontFile.compile() bypasses decompression bomb check, enabling excessive memory allocation. CVSS 7.5. Update to Pillow 12.3.0 immediately. #CVE #infosec #Python

valtersit.com/cve/CVE-2026-540

##

CVE-2026-12375
(9.8 CRITICAL)

EPSS: 0.30%

updated 2026-07-07T15:33:58

1 posts

The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with malicious code after the vendor's uncanny-automator-pro WordPress plugin before 7.3.0.6 update/distribution infrastructure was compromised; the injected backdoor grants unauthenticated attackers an administrator session on affected sites and beacons the site's secret keys and administrator details to attacker-controlled

offseq@infosec.exchange at 2026-07-07T12:00:28.000Z ##

CVE-2026-12375 (CRITICAL): uncanny-automator-pro v7.3.0.5 distributed with a hidden backdoor due to vendor supply chain compromise. Attackers can gain admin access & exfiltrate secrets. Remove/disable this version now. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #SupplyChain

##

CVE-2026-4375
(9.0 None)

EPSS: 0.25%

updated 2026-07-07T15:33:58

1 posts

The DoLeads Integrator WordPress plugin through 0.65, wp2epub WordPress plugin through 0.65 have been seen to be used to achieve RCE, once they are added adding to a blog, for example using a vulnerability where unclosed extensions from wordpress.org can be installed by unauthorized users.

offseq@infosec.exchange at 2026-07-07T07:30:26.000Z ##

CVE-2026-4375: CRITICAL code injection (CWE-94) in DoLeads Integrator & wp2epub WordPress plugins ≤0.65 allows RCE by unauthorized users. No patch yet — restrict plugin installs & monitor for changes. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #CVE20264375

##

CVE-2026-34168
(8.8 HIGH)

EPSS: 0.40%

updated 2026-07-07T15:16:44.500000

1 posts

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument escaping, allowing an authenticated user to set a storage name containing shell metacharacters and execute commands on managed servers when the resource is

thehackerwire@mastodon.social at 2026-07-07T07:00:46.000Z ##

🟠 CVE-2026-34168 - High (8.8)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the LocalPersistentVolume.name field is interpolated directly into docker volume shell commands without shell argument esc...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42200
(8.8 HIGH)

EPSS: 0.54%

updated 2026-07-07T13:22:13.557000

1 posts

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script (generate_init_scripts() method in app/Actions/Database/StartPostgresql.php) filename handling did not sufficiently restrict paths, allowing an authenticated user to write files outside the intended directory and achieve command execution thr

thehackerwire@mastodon.social at 2026-07-07T06:00:42.000Z ##

🟠 CVE-2026-42200 - High (8.8)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL initialization script (generate_init_scripts() method in app/Actions/Database/StartPostgresql.php) filename han...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33655
(7.7 HIGH)

EPSS: 0.44%

updated 2026-07-07T13:01:13

1 posts

## Summary The default SSRF protection configuration did not apply IP filtering to hostnames. With `ApplyIPFilterForDomain` disabled by default, URL validation checked domain allow/block rules but did not resolve a hostname and validate the resolved IP address. Authenticated users could configure notification URLs for Webhook, Bark, or Gotify notifications and point a hostname at an internal or m

thehackerwire@mastodon.social at 2026-07-10T03:01:15.000Z ##

🟠 CVE-2026-33655 - High (7.7)

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabl...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-14345
(9.8 CRITICAL)

EPSS: 0.74%

updated 2026-07-07T06:31:27

1 posts

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values into a PHP-includeable .log file combined with the use of include_once to render that file in wpfnl_sho

thehackerwire@mastodon.social at 2026-07-07T07:00:23.000Z ##

🔴 CVE-2026-14345 - Critical (9.8)

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsan...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-55500
(9.9 CRITICAL)

EPSS: 0.00%

updated 2026-07-06T21:37:49

1 posts

## Summary The `/api/settings/database` endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any authentication requirement beyond the `ALWAYS_PROTECTED` middleware check, which only validates JWT or CLI token. Combined with other vulnerabilities (e.g., default password, tunnel exposure), this

thehackerwire@mastodon.social at 2026-07-10T17:00:11.000Z ##

🔴 CVE-2026-55500 - Critical (9.9)

9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full database export (containing all credentials, API keys, OAuth tokens, and settings) and full database import (complete overwrite) without any au...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13753
(7.5 HIGH)

EPSS: 0.27%

updated 2026-07-06T21:30:38

1 posts

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version <=TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive configuration data such as plaintext Wi‑Fi Direct credentials, unique device identity information, and other ad

DailyCyberSecurity@infosec.exchange at 2026-07-10T08:55:33.000Z ##

CVE-2026-13753 exposes a missing authorization vulnerability in HP Deskjet 2800 printers. Unauthenticated attackers can extract sensitive Wi-Fi credentials.

#CVE202613753 #HPDeskjet #CyberSecurity #Vulnerability #PrinterSecurity

securityonline.info/cve-2026-1

##

CVE-2026-53359(CVSS UNKNOWN)

EPSS: 0.18%

updated 2026-07-06T21:30:34

6 posts

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and computed GFNs; the bug could be triggered by changing a PDE mapping from outside the guest, and then deleting a memslot. Th

5 repos

https://github.com/Aoripus-LTD/Januscape-Hotfix

https://github.com/xj2268-TA/KVM-Januscape

https://github.com/chuzhongyun/CVE-2026-53359-Kernel-Fix

https://github.com/0xBlackash/CVE-2026-53359

https://github.com/HORKimhab/CVE-2026-53359

cedric@fosstodon.org at 2026-07-10T17:53:33.000Z ##

🆕 Vulnerability-Lookup now imports Microsoft CSAF VEX documents from MSRC — joining the Red Hat VEX feed as a vendor VEX enrichment source.

Per-CVE VEX statements (product status, severity) are attached directly to CVE records, visible on the vulnerability page and via the API with the full CSAF documents.

Example with both Red Hat and Microsoft VEX:
vulnerability.circl.lu/vuln/CV

#VEX #CSAF #VulnerabilityManagement #CVE #OpenSource

##

cedric@fosstodon.org at 2026-07-10T17:53:33.000Z ##

🆕 Vulnerability-Lookup now imports Microsoft CSAF VEX documents from MSRC — joining the Red Hat VEX feed as a vendor VEX enrichment source.

Per-CVE VEX statements (product status, severity) are attached directly to CVE records, visible on the vulnerability page and via the API with the full CSAF documents.

Example with both Red Hat and Microsoft VEX:
vulnerability.circl.lu/vuln/CV

#VEX #CSAF #VulnerabilityManagement #CVE #OpenSource

##

DailyCyberSecurity@infosec.exchange at 2026-07-08T13:01:00.000Z ##

Januscape CVE-2026-53359 KVM Vulnerability

meterpreter.org/januscape-cve-

##

oversecurity@mastodon.social at 2026-07-08T07:21:41.000Z ##

Januscape Flaw in Linux KVM’s MMU Code Enables VM Escape on Intel and AMD

A newly disclosed Linux kernel vulnerability, CVE-2026-53359, dubbed Januscape, has exposed a critical weakness in the Linux Kernel-based Virtual...

🔗️ [Thecyberexpress] link.is.it/a1LDMj

##

obivan@infosec.exchange at 2026-07-07T13:21:38.000Z ##

Januscape (CVE-2026-53359) Guest-to-Host Escape in KVM/x86 github.com/V4bel/Januscape

##

hn100@social.lansky.name at 2026-07-07T07:30:09.000Z ##

Januscape: Guest-to-Host Escape in KVM/x86 [CVE-2026-53359]

Link: github.com/V4bel/Januscape
Discussion: news.ycombinator.com/item?id=4

##

CVE-2026-54769
(10.0 CRITICAL)

EPSS: 0.91%

updated 2026-07-06T20:42:02

1 posts

### Advisory Details **Title**: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent **Description**: ### Summary Langroid is vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` capabilities. When these agents evaluate LLM-generated tool messages with `full_eval=True`, they attempt to sand

thehackerwire@mastodon.social at 2026-07-10T01:00:09.000Z ##

🔴 CVE-2026-54769 - Critical (10)

Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` capabilities. Whe...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-13768
(10.0 CRITICAL)

EPSS: 0.56%

updated 2026-07-06T19:42:32.890000

1 posts

Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary commands on a specific connected device and may allow the malicious user to pivot to other devices on the

1 repos

https://github.com/MichaelAdamGroberman/CVE-2026-13768

CVE-2026-14544
(9.8 CRITICAL)

EPSS: 0.51%

updated 2026-07-03T09:31:35

1 posts

A flaw was found in HPLIP (HP Linux Imaging and Printing Software). This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling specially crafted print data.

DailyCyberSecurity@infosec.exchange at 2026-07-09T06:06:47.000Z ##

A critical HPLIP vulnerability, CVE-2026-14544 (CVSS 9.8), lets a remote attacker gain arbitrary code execution via crafted print data. Patch now.

#HPLIP #LinuxSecurity #RCE #CVE #hpcups #CyberSecurity #Vulnerability #InfoSec

securityonline.info/hplip-vuln

##

CVE-2026-57517
(9.8 CRITICAL)

EPSS: 0.59%

updated 2026-07-02T20:17:04.450000

1 posts

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges obtained via the injection to write arbitrary files using INTO DUMPFILE, enabling deployment of a PHP webshe

2 repos

https://github.com/gagaltotal/CVE-2026-57517-CWP

https://github.com/shinthink/CVE-2026-57517

tugatech@masto.pt at 2026-07-07T17:54:32.000Z ##

O Control Web Panel sofre uma falha crítica que exige atualização urgente nos servidores. A vulnerabilidade CVE-2026-57517 permite a execução remota de código sem autenticação prévia. 🚨

🔗 tugatech.com.pt/t86933-control

#control #falha #nos #urgente #web 

##

CVE-2026-50746
(10.0 CRITICAL)

EPSS: 0.83%

updated 2026-07-02T15:32:12

3 posts

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.

1 repos

https://github.com/HORKimhab/Ubiquiti-CVE

jbhall56@infosec.exchange at 2026-07-08T13:01:06.000Z ##

The CVE-2026-50746 vulnerability affects UniFi Connect Application (versions 3.4.16 and earlier), a management software suite that Ubiquiti customers can use to automate and manage commercial building operations. bleepingcomputer.com/news/secu

##

offseq@infosec.exchange at 2026-07-08T09:00:29.000Z ##

CRITICAL: Ubiquiti UniFi OS hit by 7 flaws, incl. CVE-2026-50746 (command injection) in UniFi Connect ≤3.4.16. Exploitable w/ network access, no user interaction. Update to 3.4.20+ ASAP. No in-the-wild exploits yet. radar.offseq.com/threat/ubiqui #OffSeq #Ubiquiti #Infosec #CVE202650746

##

DailyCyberSecurity@infosec.exchange at 2026-07-07T13:30:36.000Z ##

Ubiquiti's UniFi security advisory 066 patches 25 flaws, including a critical command injection (CVE-2026-50746) scoring 10.0. Update your devices now.

#Ubiquiti #UniFi #UniFiOS #UniFiProtect #CommandInjection #CyberSecurity

securityonline.info/unifi-secu

##

CVE-2026-43503
(8.8 HIGH)

EPSS: 0.14%

updated 2026-07-02T12:31:55

1 posts

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail to propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()->flags when moving frags from source to destination. __pskb_copy_fclone() defers the rest of the shinfo metadata to skb_copy_header(

9 repos

https://github.com/mooder1/dirtyclone-CVE-2026-43503

https://github.com/douglasmun/pagecache-lpe-containment-kit

https://github.com/gl1tch0x1/DirtyClone

https://github.com/entra1337/DirtyClone

https://github.com/0xBlackash/CVE-2026-43503

https://github.com/lieehrdiansyah12/CVE-2026-43503

https://github.com/SecureWithUmer/CVE-2026-43503

https://github.com/sec0x/CVE-2026-43503

https://github.com/aexdyhaxor/CVE-2026-43503-DirtyClone

sekurakbot@mastodon.com.pl at 2026-07-07T15:08:00.000Z ##

Dirty Clone – kolejny sposób na roota pod Linuksem

Nie tak dawno pisaliśmy o serii podatności Dirty Frag występujących w większości nowoczesnych dystrybucji Linuksa. I choć mogłoby się wydawać, że deweloperzy naprawili błędy, to najnowsze badania pokazują, że problem nie został jednak wyeliminowany. W jądrze pozostała bowiem niezałatana luka, którą badacze z JFrog ochrzcili mianem Dirty Clone (CVE-2026-43503). Podobnie...

#Aktualności #Eskalacja #Hacking #Kernel #Linux #LocalRoot #Lpe #PageCache

sekurak.pl/dirty-clone-kolejny

##

CVE-2026-23537
(9.1 CRITICAL)

EPSS: 0.57%

updated 2026-07-02T12:16:57.127000

1 posts

A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling an attacker to overwrite vital application configurations or startup scripts. Because this flaw requir

DailyCyberSecurity@infosec.exchange at 2026-07-09T13:34:38.000Z ##

A critical Feast Feature Server flaw (CVE-2026-23537) lets unauthenticated attackers perform arbitrary file write and risk remote code execution. Act now.

#Feast #FeatureStore #MachineLearning #ArbitraryFileWrite #RCE #CVE202623537 #CyberSecurity

securityonline.info/feast-feat

##

CVE-2026-10539
(9.0 CRITICAL)

EPSS: 0.24%

updated 2026-07-01T19:59:44.537000

1 posts

A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input. Under certain conditions, this issue may allow an unauthenticated attacker to execute unauthorized commands on the affected server, potentially leading to compromise of the server.  This vulnerability affects Control-M/Server versions 9.0.20.x to 9.0.21.200 (included) and potentially earlier u

CVE-2026-8451
(7.5 HIGH)

EPSS: 0.50%

updated 2026-07-01T18:31:24

2 posts

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP

5 repos

https://github.com/derekpreston81/CVE_ADC_IOC_2026

https://github.com/0xBlackash/CVE-2026-8451

https://github.com/amnsecurity/CVE-2026-8451-CitrixBleed

https://github.com/attarwahyup/Netscaler-CVE-2026-8451

https://github.com/watchtowrlabs/watchTowr-vs-Netscaler-CVE-2026-8451

CVE-2026-13602(CVSS UNKNOWN)

EPSS: 0.24%

updated 2026-07-01T15:35:27

1 posts

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: * The payment integration plugins Stripe (included in the core system), pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect, pretix-sofort, and pretix-saferpay contain a code path that is intended for the transp

CVE-2026-8037
(9.6 CRITICAL)

EPSS: 29.64%

updated 2026-07-01T05:16:25.290000

1 posts

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints

Nuclei template

2 repos

https://github.com/Caster-chen/CVE-2026-8037-POC

https://github.com/HORKimhab/CVE-2026-8037

CVE-2026-41717
(8.1 HIGH)

EPSS: 0.33%

updated 2026-06-30T22:16:53.940000

1 posts

Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring Data MongoDB 5.0.0 through 5.0.5; 4.5.0 through 4.5.11; 4.4.0 through 4.4.14; 4.3.0 through 4.3.16; 4.2.0 through 4.2.15;

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-23111
(7.8 HIGH)

EPSS: 0.34%

updated 2026-06-30T03:36:36

1 posts

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart nft_mapelem_activate() and compared to what is logically required. nft_map_catchall_activate() is called from the abort path to re-activate c

8 repos

https://github.com/bakano98/cve-2026-23111-poc

https://github.com/criann/check-cve-2026-23111

https://github.com/seguridadentrerios/CVE-2026-23111

https://github.com/0xBlackash/CVE-2026-23111

https://github.com/vrtlbob/Linux-Kernel-Vulnerabilities-CVE-2026-23111

https://github.com/ishankaru/CVE-2026-23111-nftables-lab

https://github.com/Baba01hacker666/CVE-2026-23111

https://github.com/HORKimhab/CVE-2026-23111

nemo@mas.to at 2026-07-08T06:10:16.000Z ##

Root-Zugriff durch einen Linux-Kernel-Bug: Ein einzelnes falsch gesetztes Ausrufezeichen in Nftables (CVE-2026-23111) negierte eine Bedingung und öffnete eine Use-after-free-Lücke. Angreifer mit einfachen Rechten können Code als Root ausführen. Patch seit Feb. 2026. 🔒🐧 golem.de/news/root-zugriff-moe #Linux #Security #CVE #Nftables

##

CVE-2018-1273
(9.8 CRITICAL)

EPSS: 95.65%

updated 2026-06-26T18:44:14.703000

1 posts

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request paylo

Nuclei template

8 repos

https://github.com/WuliRuler/SBSCAN

https://github.com/knqyf263/CVE-2018-1273

https://github.com/hdgokani/CVE-2018-1273

https://github.com/jas502n/cve-2018-1273

https://github.com/AabyssZG/SpringBoot-Scan

https://github.com/webr0ck/poc-cve-2018-1273

https://github.com/wearearima/poc-cve-2018-1273

https://github.com/cved-sources/cve-2018-1273

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-53111(CVSS UNKNOWN)

EPSS: 0.18%

updated 2026-06-24T18:32:50

1 posts

In the Linux kernel, the following vulnerability has been resolved: bpf: test_run: Fix the null pointer dereference issue in bpf_lwt_xmit_push_encap The bpf_lwt_xmit_push_encap helper needs to access skb_dst(skb)->dev to calculate the needed headroom: err = skb_cow_head(skb, len + LL_RESERVED_SPACE(skb_dst(skb)->dev)); But skb->_skb_refdst may not be initialized when the skb is set up b

nemo@mas.to at 2026-07-08T06:11:51.000Z ##

🛡️ Linux rocked by CVE-2026-53111: a single faulty character leads to a use-after-free flaw that can help unprivileged users evade sandbox defenses—and escalate to root. Researchers say the February kernel fix has been backported to major distros. #Linux #Security arstechnica.com/security/2026/

##

CVE-2026-39999
(9.1 CRITICAL)

EPSS: 0.39%

updated 2026-06-23T15:08:22.603000

1 posts

Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which fixes the issue.

DailyCyberSecurity@infosec.exchange at 2026-07-08T12:21:46.000Z ##

APISIX authentication bypass CVE-2026-39999 lets attackers forge JWTs via algorithm confusion. APISIX 3.16.0 is affected; upgrade to 3.16.1.

#APISIX #ApacheAPISIX #JWT #AuthBypass #InfoSec

securityonline.info/apisix-jwt

##

CVE-2026-54782
(10.0 CRITICAL)

EPSS: 0.25%

updated 2026-06-19T20:47:13

1 posts

### Impact Full impersonation of any principal the trusted STS could have issued an assertion for — including administrative principals when the relying party grants them via SAML claims. Affects both SAML 1.1 and SAML 2.0. #### Preconditions Relying-party service is hosted with WSFederationHttpBinding or WS2007FederationHttpBinding (or any binding that triggers FederatedSecurityTokenManager for

thehackerwire@mastodon.social at 2026-07-09T04:00:29.000Z ##

🔴 CVE-2026-54782 - Critical (10)

CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54003(CVSS UNKNOWN)

EPSS: 0.55%

updated 2026-06-18T15:04:58

1 posts

### TL;DR This vulnerability affects Kirby sites that have no configured user accounts and are running on publicly accessible servers behind a reverse proxy that sets the `Forwarded: for=...`, `X-Client-IP`, or `X-Real-IP` request header. It was possible to install the Panel (= create the first admin user) in these setups even from remote IP addresses. **This vulnerability is of critical severi

offseq@infosec.exchange at 2026-07-10T03:00:25.000Z ##

CVE-2026-54003 (CRITICAL, CVSS 9.1): getkirby Kirby CMS sites w/o users & behind certain reverse proxies risk remote admin creation via trusted IP headers. Upgrade to 4.9.4/5.4.4+ ASAP. More: radar.offseq.com/threat/cve-20 #OffSeq #Vulnerability #KirbyCMS #InfoSec

##

CVE-2026-20190
(7.5 HIGH)

EPSS: 0.41%

updated 2026-06-17T18:36:07

1 posts

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to sensitive

AAKL@infosec.exchange at 2026-07-07T17:30:37.000Z ##

If you missed this yesterday, Cisco posted this advisory on a critical vulnerability that was first published in June.

CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity

More: sec.cloudapps.cisco.com/securi #Cisco #infosec #vulnerability

##

CVE-2026-20181
(9.1 CRITICAL)

EPSS: 0.75%

updated 2026-06-17T18:36:07

1 posts

A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a c

AAKL@infosec.exchange at 2026-07-07T17:30:37.000Z ##

If you missed this yesterday, Cisco posted this advisory on a critical vulnerability that was first published in June.

CRITICAL: CVE-2026-20181 and CVE-2026-20190: Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities sec.cloudapps.cisco.com/securi @TalosSecurity

More: sec.cloudapps.cisco.com/securi #Cisco #infosec #vulnerability

##

CVE-2026-47291
(9.8 CRITICAL)

EPSS: 21.51%

updated 2026-06-17T10:54:28.290000

5 posts

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.

2 repos

https://github.com/dhmosfunk/CVE-2026-49160-CVE-2026-47291-HTTP.sys

https://github.com/ManagerEmpty/CVE-2026-47291-httpsys

thezdi@infosec.exchange at 2026-07-10T14:05:00.000Z ##

Our research team is back looking at CVE-2026-47291 - a CVSS 9.8 RCE bug in #Windows HTTP.sys. They show root cause and look at why detection may be just as hard as exploitation. zerodayinitiative.com/blog/202

##

thezdi@infosec.exchange at 2026-07-10T00:44:21.000Z ##

Our research team is back looking at CVE-2026-47291 - a CVSS 9.8 RCE bug in #Windows HTTP.sys. They show root cause and look at why detection may be just as hard as exploitation. zerodayinitiative.com/blog/202

##

thezdi@infosec.exchange at 2026-07-10T00:44:08.000Z ##

Our research team is back looking at CVE-2026-47291 - a CVSS 9.8 RCE bug in #Windows HTTP.sys. They show root cause and look at why detection may be just as hard as exploitation. zerodayinitiative.com/blog/202

##

thezdi@infosec.exchange at 2026-07-10T00:44:02.000Z ##

Our research team is back looking at CVE-2026-47291 - a CVSS 9.8 RCE bug in #Windows HTTP.sys. They show root cause and look at why detection may be just as hard as exploitation. zerodayinitiative.com/blog/202

##

thezdi@infosec.exchange at 2026-07-10T00:43:54.000Z ##

Our research team is back looking at CVE-2026-47291 - a CVSS 9.8 RCE bug in #Windows HTTP.sys. They show root cause and look at why detection may be just as hard as exploitation. zerodayinitiative.com/blog/202

##

CVE-2026-44825
(8.1 HIGH)

EPSS: 0.53%

updated 2026-06-17T10:51:23.870000

1 posts

Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specified account. As an immediate workaround without upgrading, delete the template users (superadmin, ad

2 repos

https://github.com/shinthink/solrradar

https://github.com/gagaltotal/CVE-2026-44825-Apache-Solr-Scanner

DarkWebInformer@infosec.exchange at 2026-07-09T19:09:07.000Z ##

💥 CVE-2026-44825: A scanner for Apache Solr instances that may be affected by CVE-2026-44825, related to Velocity Template Remote Code Execution (RCE) conditions.

GitHub: github.com/gagaltotal/CVE-2026

##

CVE-2026-44597
(3.7 LOW)

EPSS: 0.45%

updated 2026-06-17T10:51:07.977000

1 posts

Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.

UpBEATs@podcastindex.social at 2026-07-10T21:16:53.000Z ##

What a complete node meltdown. Tor craps the bed and umbrel nodes everywhere lose peers and channels from 3 CVE vulnerabilities.

github.com/getumbrel/umbrel/is

@dave

cve.halosecurity.com/cve-advis

##

CVE-2026-41849
(7.5 HIGH)

EPSS: 0.26%

updated 2026-06-17T10:47:06.763000

1 posts

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service (DoS). Affected versions: Spring Framework 5.3.0 through 5.3.48.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-27808
(5.8 MEDIUM)

EPSS: 0.47%

updated 2026-06-17T10:27:43.150000

1 posts

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API (/api/v1/message/{ID}/link-check) is vulnerable to Server-Side Request Forgery (SSRF). The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status codes and status text per link, making

EUVD_Bot@mastodon.social at 2026-07-10T23:00:58.000Z ##

🚨 EUVD-2026-43052

📊 Score: 5.8/10 (CVSS v3.1)
📦 Product: mailpit
🏢 Vendor: axllent
📅 Updated: 2026-07-10

📝 Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and do...

🔗 euvd.enisa.europa.eu/vulnerabi

#cybersecurity #infosec #euvd #cve #vulnerability

##

CVE-2024-38808
(4.3 MEDIUM)

EPSS: 0.54%

updated 2026-06-17T07:41:05.140000

1 posts

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2022-22950
(6.5 MEDIUM)

EPSS: 35.83%

updated 2026-06-17T04:29:13.760000

1 posts

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-50656
(7.8 HIGH)

EPSS: 3.39%

updated 2026-06-16T21:31:57

3 posts

Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as &quot;RoguePlanet &quot;. We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.

2 repos

https://github.com/0xBlackash/CVE-2026-50656

https://github.com/g0thamRabb1t/CVE-2026-50656-rogueplanet-validation

jbhall56@infosec.exchange at 2026-07-09T12:24:14.000Z ##

The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine ("mpengine.dll"), which provides scanning, detection, and cleaning capabilities for its antivirus and antispyware software. thehackernews.com/2026/07/micr

##

DailyCyberSecurity@infosec.exchange at 2026-07-09T09:33:44.000Z ##

Microsoft patched the RoguePlanet Microsoft Defender zero-day, CVE-2026-50656, a race condition that grants SYSTEM privileges. A public PoC exists.

#MicrosoftDefender #RoguePlanet #ZeroDay #CVE #PrivilegeEscalation #Windows #InfoSec #PatchNow

securityonline.info/rogueplane

##

cyberveille@mastobot.ping.moi at 2026-07-09T09:30:12.000Z ##

📢 Microsoft corrige la zero-day RoguePlanet (CVE-2026-50656) dans Microsoft Defender
📝 ## 🗓️ Contexte

Source : BleepingComputer, publié le 9 juillet 2026.
📖 cyberveille : cyberveille.ch/posts/2026-07-0
🌐 source : bleepingcomputer.com/news/micr
#CVE_2026_50656 #IOC #Cyberveille

##

CVE-2026-48611
(9.8 CRITICAL)

EPSS: 2.86%

updated 2026-06-12T06:33:21

1 posts

Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.

Nuclei template

3 repos

https://github.com/Diznev/CVE-2026-48611-EXPLOIT

https://github.com/wanmywan/CVE-2026-48611-phpBB

https://github.com/citruscitruscitruscitruscitrusci/CVE-2026-48611-poc

pentesttools@infosec.exchange at 2026-07-09T14:32:07.000Z ##

Here we go. Product updates - the June edition.

This month your coverage got a LOT wider.

80 new detections landed in the Network Scanner, including pre-auth RCE in Oracle PeopleSoft and an auth bypass in Palo Alto PAN-OS. If any are in your scope, you know where to look.

The rest of June:

🌐 Our research team found two authentication flaws in phpBB, one buried in the code for over a decade. There's a working PoC for each, and the Network Scanner now detects the most critical one - CVE-2026-48611 (9.4).

🤖 AI where it earns its place in the Website Scanner and URL Fuzzer: smarter logins, deeper crawling, fewer fake 200 pages.

🎯 the XSS Exploiter now gives you two delivery options: script tag or fetch plus eval.

🔌 API: a new info_text key on /scans tells you why a scan didn't start.

☁️ We're now on the Microsoft Azure Marketplace, so you can add us to your existing Azure billing.

Our colleague Stefan Perju walks you through all of it in the video.

Until next time: stay sharp. Stay human.

Everything that shipped can be found in the change-log: pentest-tools.com/change-log

The phpBB PoCs and full write-up: pentest-tools.com/research/php

#offensivesecurity #vulnerabilitymanagement #infosec #penetrationtesting

##

CVE-2026-48062
(9.8 CRITICAL)

EPSS: 0.00%

updated 2026-06-11T17:16:09

1 posts

### Impact The `ext_in` upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named `shell.php` containing GIF-like content could pass validation such as: ``` uploaded[avatar]|is_image[avatar]|mime_in[avatar,image/gif]|ext_in[avatar,gif] ``` because the detected MIME type maps to `gif`, even though the upl

DarkWebInformer@infosec.exchange at 2026-07-07T18:06:37.000Z ##

⚠️ CVE-2026-48062: CodeIgniter4 RCE Risk
CodeIgniter4 has a critical ext_in upload validation bypass with a CVSS 9.8 severity score.

Under unsafe upload configurations, a malicious file may bypass extension checks and potentially lead to remote code execution.

FOFA reports 14,862 matching CodeIgniter results over the past year.

Risk conditions:

• User-controlled uploads
• ext_in used for validation
• Original filenames preserved
• Uploads stored in a web-accessible path
• Script execution allowed in that directory

Patch: upgrade to CodeIgniter4 4.7.3+

FOFA Query: app="CodeIgniter"

FOFA Link: en.fofa.info/result?qbase64=YX

Search results are not confirmed vulnerable hosts. Validate before taking action.

##

CVE-2026-41729
(8.1 HIGH)

EPSS: 0.39%

updated 2026-06-10T00:31:59

1 posts

Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly into a SpEL expression without sanitization or validation. Affected versions: Spring Data REST 3.7.0 through 3.7.19;

1 repos

https://github.com/daehyuh/CVE-2026-41729

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-41719
(6.4 MEDIUM)

EPSS: 0.20%

updated 2026-06-10T00:31:59

1 posts

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 thro

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-41852
(3.7 LOW)

EPSS: 0.16%

updated 2026-06-09T06:32:07

1 posts

A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-41850
(7.5 HIGH)

EPSS: 0.36%

updated 2026-06-09T06:32:06

1 posts

Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Algorithmic Denial of Service (DoS). By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or unavailability. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-41851
(5.3 MEDIUM)

EPSS: 0.36%

updated 2026-06-09T06:32:06

1 posts

Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-1207(CVSS UNKNOWN)

EPSS: 9.44%

updated 2026-06-05T16:24:43

1 posts

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issu

Nuclei template

1 repos

https://github.com/sw0rd1ight/CVE-2026-1207

DailyCyberSecurity@infosec.exchange at 2026-07-10T02:57:10.000Z ##

CVE-2026-1207 is a Django SQL injection flaw (CVSS 8.3) in PostGIS raster lookups. Canada's CCCS says it is exploited in the wild. Patch now.

#Django #SQLInjection #CVE20261207 #PostGIS #InfoSec

securityonline.info/django-sql

##

CVE-2026-31694
(7.8 HIGH)

EPSS: 0.13%

updated 2026-06-01T18:32:31

1 posts

In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuse_add_dirent_to_cache() computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks whether the dirent fits in the remaining space of the current page and advances to a fresh page if

1 repos

https://github.com/0xCyberstan/CVE-2026-31694-POC

DailyCyberSecurity@infosec.exchange at 2026-07-10T08:02:48.000Z ##

Public PoC and full details are out for CVE-2026-31694, a Linux kernel FUSE page cache overflow that gives local privilege escalation to root. Patch now.

#LinuxKernel #FUSE #CVE202631694 #PrivilegeEscalation #InfoSec

securityonline.info/linux-kern

##

CVE-2026-43456
(7.8 HIGH)

EPSS: 0.16%

updated 2026-05-20T18:32:38

1 posts

In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bond_setup_by_slave() kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI RIP: 0010:pskb_expand_head+0xa08/0xfe0 net/core/skbuff.c:2306 RSP: 0018:ffffc90004aff760 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff88807e3c8780 RCX: ffffffff89593e0e RDX: ffff88807b7c49

CVE-2026-42841
(4.8 MEDIUM)

EPSS: 0.40%

updated 2026-05-13T13:52:11

1 posts

### Summary An authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute into rendered image HTML through Grav's Markdown media action syntax. The issue is caused by Markdown image query parameters being converted into callable media actions. The public `attribute()` media method can be reached this way, allowing an editor to set an arbitrary HT

EUVD_Bot@mastodon.social at 2026-07-10T18:00:18.000Z ##

🚨 EUVD-2026-42946

📊 Score: 4.8/10 (CVSS v3.1)
📦 Product: grav
🏢 Vendor: getgrav
📅 Updated: 2026-07-10

📝 Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action (CVE-2026-42841) leaves the sibling MediaObjectTrait::style method reachable through the same Markdown excerpt-action pipeli...

🔗 euvd.enisa.europa.eu/vulnerabi

#cybersecurity #infosec #euvd #cve #vulnerability

##

CVE-2026-33112
(8.8 HIGH)

EPSS: 2.11%

updated 2026-05-12T18:30:49

1 posts

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

DailyCyberSecurity@infosec.exchange at 2026-07-07T14:01:40.000Z ##

A SharePoint remote code execution flaw (CVE-2026-33112) is now public with full details and PoC. A low-privilege user can run code. Patch now.

#SharePoint #RCE #CVE202633112 #Microsoft #CyberSecurity

securityonline.info/sharepoint

##

CVE-2026-38431
(9.8 CRITICAL)

EPSS: 0.39%

updated 2026-05-06T18:31:37

1 posts

ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on the server when the template is rendered.

beyondmachines1@infosec.exchange at 2026-07-10T13:01:43.000Z ##

ERPNext Patches Critical Server-Side Template Injection Vulnerability

ERPNext addressed a critical server-side template injection vulnerability (CVE-2026-38431) that allows authenticated attackers to execute arbitrary SQL queries and gain full access to the application database.

**If you run ERPNext, update immediately to a version later than 15.103.1. Until you've updated, remove email template editing rights from every account that doesn't absolutely need them. After patching keep those rights limited to a few highly trusted admins only.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2025-49113
(9.9 CRITICAL)

EPSS: 89.46%

updated 2026-02-20T21:48:11

1 posts

Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

Nuclei template

23 repos

https://github.com/rippsec/CVE-2025-49113-Roundcube-RCE

https://github.com/rasool13x/exploit-CVE-2025-49113

https://github.com/punitdarji/roundcube-cve-2025-49113

https://github.com/AC8999/CVE-2025-49113

https://github.com/Joelp03/CVE-2025-49113

https://github.com/CyberQuestor-infosec/CVE-2025-49113-Roundcube_1.6.10

https://github.com/hakaioffsec/CVE-2025-49113-exploit

https://github.com/Zuack55/Roundcube-1.6.10-Post-Auth-RCE-CVE-2025-49113-

https://github.com/BiiTts/Roundcube-CVE-2025-49113

https://github.com/mooder1/CVE-2025-49113

https://github.com/LeakForge/CVE-2025-49113

https://github.com/hackmelocal/CVE-2025-49113-Simulation

https://github.com/Zwique/CVE-2025-49113

https://github.com/l4f2s4/CVE-2025-49113_exploit_cookies

https://github.com/Ademking/CVE-2025-49113-nuclei-template

https://github.com/SteamPunk424/CVE-2025-49113-Roundcube-RCE-PHP

https://github.com/5kr1pt/Roundcube_CVE-2025-49113

https://github.com/fearsoff-org/CVE-2025-49113

https://github.com/rxerium/CVE-2025-49113

https://github.com/00xCanelo/CVE-2025-49113

https://github.com/ankitpandey383/roundcube-cve-2025-49113-lab

https://github.com/Evillm/CVE-2025-49113-PoC

https://github.com/SyFi/CVE-2025-49113

threatnoir@infosec.exchange at 2026-07-09T00:07:03.000Z ##

⚠️ CRITICAL: Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

China-aligned group UNK_MassTraction is actively exploiting critical Roundcube vulnerabilities (CVE-2024-42009, CVE-2025-49113) to target physics and engineering departments at U.S. and Canadian universities. Attackers are stealing credentials and deploying web shells for persistent access. If your…

threatnoir.com/focus

#infosec #cybersecurity

##

CVE-2025-41253
(7.5 HIGH)

EPSS: 0.43%

updated 2026-02-19T22:00:42

1 posts

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable). * An admin or untrusted third

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2025-3248(CVSS UNKNOWN)

EPSS: 99.99%

updated 2025-11-05T20:12:46

3 posts

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Nuclei template

27 repos

https://github.com/0-d3y/langflow-rce-exploit

https://github.com/PuddinCat/CVE-2025-3248-POC

https://github.com/drackyjr/cve-2025-3248-exploit

https://github.com/dennisec/Mass-CVE-2025-3248

https://github.com/EQSTLab/CVE-2025-3248

https://github.com/bambooqj/cve-2025-3248

https://github.com/ill-deed/Langflow-CVE-2025-3248-Multi-target

https://github.com/vigilante-1337/CVE-2025-3248

https://github.com/Praison001/CVE-2025-3248

https://github.com/dennisec/CVE-2025-3248

https://github.com/Vip3rLi0n/CVE-2025-3248

https://github.com/Kiraly07/Demo_CVE-2025-3248

https://github.com/b0ySie7e/CVE-2025-3248-POC

https://github.com/verylazytech/CVE-2025-3248

https://github.com/nebari-playground/langflow-cve-2025-3248

https://github.com/get-xor/coreweave-demo-2026-05

https://github.com/tiemio/RCE-CVE-2025-3248

https://github.com/min8282/CVE-2025-3248

https://github.com/xuemian168/CVE-2025-3248

https://github.com/imbas007/CVE-2025-3248

https://github.com/peiqiF4ck/WebFrameworkTools-5.5-enhance

https://github.com/wand3rlust/CVE-2025-3248

https://github.com/ynsmroztas/CVE-2025-3248-Langflow-RCE

https://github.com/zapstiko/CVE-2025-3248

https://github.com/12-test-12/CVE-2025-3248

https://github.com/r0otk3r/CVE-2025-3248

https://github.com/0xgh057r3c0n/CVE-2025-3248

DailyCyberSecurity@infosec.exchange at 2026-07-10T06:13:38.000Z ##

Sysdig documented JADEPUFFER, the first agentic ransomware run end-to-end by an AI agent. It breached Langflow via CVE-2025-3248 and extorted a database.

#JADEPUFFER #AgenticRansomware #AI #Ransomware #Langflow #Sysdig #CyberSecurity #InfoSec

securityonline.info/jadepuffer

##

kev_Stalker@infosec.exchange at 2026-07-07T15:06:04.000Z ##

CVE-2025-3248 - Changed to Known Ransomware Status

Langflow Missing Authentication VulnerabilityVendor: LangflowProduct: LangflowLangflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests.Status changed from Unknown to Known for ransomware campaign usage.Flip detected on: July 07, 2026 at 15:00:35 UTCDate Addedhttps://nvd.nist.gov/vuln/detail/CVE-2025-3248

##

threatnoir@infosec.exchange at 2026-07-07T01:05:19.000Z ##

⚠️ CRITICAL: Sysdig clocks first documented case of agentic ransomware

JadePuffer deployed the first documented end-to-end agentic ransomware attack in June 2026, using AI agents to autonomously conduct reconnaissance, steal credentials, move laterally, and encrypt systems. The attack exploited CVE-2025-3248 in Langflow and targeted MySQL and Alibaba Nacos instances.…

threatnoir.com/focus

#infosec #cybersecurity

##

CVE-2022-22963
(9.8 CRITICAL)

EPSS: 99.94%

updated 2025-10-22T19:18:03

1 posts

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Nuclei template

38 repos

https://github.com/kh4sh3i/Spring-CVE

https://github.com/SourM1lk/CVE-2022-22963-Exploit

https://github.com/Qualys/spring4scanwin

https://github.com/XuCcc/VulEnv

https://github.com/G01d3nW01f/CVE-2022-22963

https://github.com/west-wind/Spring4Shell-Detection

https://github.com/me2nuk/CVE-2022-22963

https://github.com/Kirill89/CVE-2022-22963-PoC

https://github.com/dinosn/CVE-2022-22963

https://github.com/k3rwin/spring-cloud-function-rce

https://github.com/WuliRuler/SBSCAN

https://github.com/hktalent/spring-spel-0day-poc

https://github.com/gunzf0x/CVE-2022-22963

https://github.com/darryk10/CVE-2022-22963

https://github.com/mebibite/springhound

https://github.com/SealPaPaPa/SpringCloudFunction-Research

https://github.com/twseptian/cve-2022-22963

https://github.com/cyberager/CVE-2022-22963

https://github.com/J0ey17/CVE-2022-22963_Reverse-Shell-Exploit

https://github.com/tpt11fb/SpringVulScan

https://github.com/jschauma/check-springshell

https://github.com/Mustafa1986/CVE-2022-22963

https://github.com/75ACOL/CVE-2022-22963

https://github.com/randallbanner/Spring-Cloud-Function-Vulnerability-CVE-2022-22963-RCE

https://github.com/jrbH4CK/CVE-2022-22963

https://github.com/stevemats/Spring0DayCoreExploit

https://github.com/xmqaq/CVE-2022-22963

https://github.com/puckiestyle/CVE-2022-22963

https://github.com/charis3306/CVE-2022-22963

https://github.com/AayushmanThapaMagar/CVE-2022-22963

https://github.com/iliass-dahman/CVE-2022-22963-POC

https://github.com/nikn0laty/RCE-in-Spring-Cloud-CVE-2022-22963

https://github.com/lemmyz4n3771/CVE-2022-22963-PoC

https://github.com/BearClaw96/CVE-2022-22963-Poc-Bearcules

https://github.com/Shayz614/CVE-2022-22963

https://github.com/viemsr/Spring_Cloud_Function_memshell

https://github.com/RanDengShiFu/CVE-2022-22963

https://github.com/AabyssZG/SpringBoot-Scan

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2024-42009
(9.3 CRITICAL)

EPSS: 83.39%

updated 2025-10-22T00:34:11

1 posts

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

Nuclei template

7 repos

https://github.com/DaniTheHack3r/CVE-2024-42009-PoC

https://github.com/0xbassiouny1337/CVE-2024-42009

https://github.com/Shubhankargupta691/CVE-2024-42009

https://github.com/ZaidArif47/CVE-2024-42009

https://github.com/segunakinsoyinu/CVE-2024-42009-roundcube-xss

https://github.com/Bhanunamikaze/CVE-2024-42009

https://github.com/Foxer131/CVE-2024-42008-9-exploit

threatnoir@infosec.exchange at 2026-07-09T00:07:03.000Z ##

⚠️ CRITICAL: Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

China-aligned group UNK_MassTraction is actively exploiting critical Roundcube vulnerabilities (CVE-2024-42009, CVE-2025-49113) to target physics and engineering departments at U.S. and Canadian universities. Attackers are stealing credentials and deploying web shells for persistent access. If your…

threatnoir.com/focus

#infosec #cybersecurity

##

CVE-2023-20861
(6.5 MEDIUM)

EPSS: 0.97%

updated 2025-02-25T18:40:06

1 posts

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2018-1260
(9.8 CRITICAL)

EPSS: 8.35%

updated 2024-05-14T17:55:42

1 posts

Spring Security OAuth versions prior to 2.3.3, prior to 2.2.2, prior to 2.1.2, and prior to 2.0.15 contain a remote code execution vulnerability. An attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.

1 repos

https://github.com/shoucheng3/SpringSource__spring-security-oauth_CVE-2018-1260_2-3-2-RELEASE

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2016-4977
(8.8 HIGH)

EPSS: 79.18%

updated 2024-05-14T17:39:04

1 posts

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.

Nuclei template

2 repos

https://github.com/N0b1e6/CVE-2016-4977-POC

https://github.com/tpt11fb/SpringVulScan

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2024-30326
(7.8 HIGH)

EPSS: 0.91%

updated 2024-04-03T18:30:55

1 posts

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue

DarkWebInformer@infosec.exchange at 2026-07-08T15:42:46.000Z ##

‼️ New Dark Web Informer Blog Post!

Title: Foxit PDF Reader RCE Flaw CVE-2024-30326 Highlights PDF Attack Surface

Link: darkwebinformer.com/foxit-pdf-

##

CVE-2024-26582
(7.8 HIGH)

EPSS: 0.25%

updated 2024-03-15T15:30:43

1 posts

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb.

CVE-2022-22947
(10.0 CRITICAL)

EPSS: 98.25%

updated 2023-07-24T19:30:19

1 posts

In Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed, and unsecured. A remote attacker could make a maliciously crafted request resulting in arbitrary remote execution on the remote host.

Nuclei template

69 repos

https://github.com/Tas9er/SpringCloudGatewayRCE

https://github.com/dingxiao77/-cve-2022-22947-

https://github.com/Enokiy/cve-2022-22947-spring-cloud-gateway

https://github.com/dbgee/CVE-2022-22947

https://github.com/skysliently/CVE-2022-22947-pb-ai

https://github.com/crowsec-edtech/CVE-2022-22947

https://github.com/darkb1rd/cve-2022-22947

https://github.com/kkx600/Burp_VulPscan

https://github.com/shoucheng3/spring-cloud__spring-cloud-gateway_CVE-2022-22947_3-0-6

https://github.com/XuCcc/VulEnv

https://github.com/SanderSchepers1993/CyberSec2026

https://github.com/sagaryadav8742/springcloudRCE

https://github.com/scopion/cve-2022-22947

https://github.com/fbion/CVE-2022-22947

https://github.com/MoCh3n/CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE

https://github.com/SiJiDo/CVE-2022-22947

https://github.com/Sumitpathania03/CVE-2022-22947

https://github.com/aesm1p/CVE-2022-22947-POC-Reproduce

https://github.com/Vulnmachines/spring-cve-2022-22947

https://github.com/scopion/CVE-2022-22947-exp

https://github.com/Summer177/Spring-Cloud-Gateway-CVE-2022-22947

https://github.com/Nathaniel1025/CVE-2022-22947

https://github.com/WuliRuler/SBSCAN

https://github.com/sentryCyberSec/sentryCyberSec.github.io

https://github.com/twseptian/cve-2022-22947

https://github.com/Zh0um1/CVE-2022-22947

https://github.com/wjl110/Spring_CVE_2022_22947

https://github.com/cc3305/CVE-2022-22947

https://github.com/k3rwin/spring-cloud-gateway-rce

https://github.com/kmahyyg/CVE-2022-22947

https://github.com/whwlsfb/cve-2022-22947-godzilla-memshell

https://github.com/Wrin9/CVE-2022-22947

https://github.com/ciri3/spring-cloud-gateway-cve-2022-22947-report

https://github.com/Wrong-pixel/CVE-2022-22947-exp

https://github.com/tpt11fb/SpringVulScan

https://github.com/nanaao/CVE-2022-22947-POC

https://github.com/Vancomycin-g/CVE-2022-22947

https://github.com/superneilcn/SpringExploitGUI

https://github.com/SecNN/CVE-2022-22947_Rce_Exp

https://github.com/Arrnitage/CVE-2022-22947_exp

https://github.com/Le1a/CVE-2022-22947

https://github.com/4nNns/CVE-2022-22947

https://github.com/stayfoolish777/CVE-2022-22947-POC

https://github.com/22ke/CVE-2022-22947

https://github.com/hh-hunter/cve-2022-22947-docker

https://github.com/BerMalBerIst/CVE-2022-22947

https://github.com/viemsr/spring_cloud_gateway_memshell

https://github.com/PaoPaoLong-lab/Spring-CVE-2022-22947-

https://github.com/entr0pie/demo-cve-2022-22947

https://github.com/anansec/CVE-2022-22947_EXP

https://github.com/0730Nophone/CVE-2022-22947-

https://github.com/bysinks/CVE-2022-22947

https://github.com/talentsec/Spring-Cloud-Gateway-CVE-2022-22947

https://github.com/B0rn2d/Spring-Cloud-Gateway-Nacos

https://github.com/24-2021/EXP-POC

https://github.com/tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway

https://github.com/hunzi0/CVE-2022-22947-Rce_POC

https://github.com/0x7eTeam/CVE-2022-22947

https://github.com/qq87234770/CVE-2022-22947

https://github.com/Jun-5heng/CVE-2022-22947

https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947

https://github.com/mrknow001/CVE-2022-22947

https://github.com/Bin4xin/bin4xin.github.io

https://github.com/YutuSec/SpEL

https://github.com/nu0l/cve-2022-22947

https://github.com/AabyssZG/SpringBoot-Scan

https://github.com/LY613313/CVE-2022-22947

https://github.com/flying0er/CVE-2022-22947-goby

https://github.com/Greetdawn/CVE-2022-22947

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2022-22980
(9.0 None)

EPSS: 16.90%

updated 2023-01-27T05:05:05

1 posts

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.

8 repos

https://github.com/murataydemir/CVE-2022-22980

https://github.com/Vulnmachines/Spring_cve-2022-22980

https://github.com/Eliasdekiniweek/CVE-2022-22980

https://github.com/jweny/cve-2022-22980

https://github.com/kuron3k0/Spring-Data-Mongodb-Example

https://github.com/W01fh4cker/Serein

https://github.com/trganda/CVE-2022-22980

https://github.com/li8u99/Spring-Data-Mongodb-Demo

nurkiewicz@fosstodon.org at 2026-07-10T14:39:10.000Z ##

A decade of #Spring SpEL CVEs: CVE-2026-41852, CVE-2026-41851, CVE-2026-41850, CVE-2026-41849, CVE-2026-41729, CVE-2026-41719, CVE-2026-41717, CVE-2025-41253, CVE-2024-38808, CVE-2023-20861, CVE-2022-22980, CVE-2022-22963, CVE-2022-22950, CVE-2022-22947, CVE-2018-1273, CVE-2018-1260, CVE-2017-8046, CVE-2016-4977. RCE, DoS, you name it

##

CVE-2026-23530
(0 None)

EPSS: 0.44%

1 posts

N/A

EUVD_Bot@mastodon.social at 2026-07-10T21:00:16.000Z ##

🚨 EUVD-2026-43005

📊 Score: 5.1/10 (CVSS v3.1)
📦 Product: FreeRDP
🏢 Vendor: FreeRDP
📅 Updated: 2026-07-10

📝 FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planar_decompress_plane_rle_only in libfreerdp/codec/planar.c, allowing a malic...

🔗 euvd.enisa.europa.eu/vulnerabi

#cybersecurity #infosec #euvd #cve #vulnerability

##

CVE-2026-55827
(0 None)

EPSS: 0.00%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-10T21:00:01.000Z ##

🟠 CVE-2026-55827 - High (7.5)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-10T21:00:01.000Z ##

🟠 CVE-2026-55827 - High (7.5)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating b...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54149
(0 None)

EPSS: 0.00%

2 posts

N/A

thehackerwire@mastodon.social at 2026-07-10T17:00:21.000Z ##

🟠 CVE-2026-54149 - High (8.8)

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chat_pipeline/step/chat_step/impl/base_chat_step.py do not con...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-07-10T17:00:21.000Z ##

🟠 CVE-2026-54149 - High (8.8)

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chat_pipeline/step/chat_step/impl/base_chat_step.py do not con...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-12932
(0 None)

EPSS: 0.00%

1 posts

N/A

cryptostorm@infosec.exchange at 2026-07-10T13:32:09.000Z ##

v4.01 of our Windows client is at cryptostorm.is/windows#widget

See attached for client-side fixes.

Servers were updated to OpenVPN 2.7.5 on the 2nd, and v4.01 bundles 2.7.5, so we're good on CVE-2026-12996, CVE-2026-13117, CVE-2026-12932, and CVE-2026-13698.

##

CVE-2026-12996
(0 None)

EPSS: 0.00%

1 posts

N/A

cryptostorm@infosec.exchange at 2026-07-10T13:32:09.000Z ##

v4.01 of our Windows client is at cryptostorm.is/windows#widget

See attached for client-side fixes.

Servers were updated to OpenVPN 2.7.5 on the 2nd, and v4.01 bundles 2.7.5, so we're good on CVE-2026-12996, CVE-2026-13117, CVE-2026-12932, and CVE-2026-13698.

##

CVE-2026-13117
(0 None)

EPSS: 0.00%

1 posts

N/A

cryptostorm@infosec.exchange at 2026-07-10T13:32:09.000Z ##

v4.01 of our Windows client is at cryptostorm.is/windows#widget

See attached for client-side fixes.

Servers were updated to OpenVPN 2.7.5 on the 2nd, and v4.01 bundles 2.7.5, so we're good on CVE-2026-12996, CVE-2026-13117, CVE-2026-12932, and CVE-2026-13698.

##

linuxmint_hun@mastodon.social at 2026-07-10T11:49:28.000Z ##

Kibertámadók már 13 nappal a bejelentés után vizsgálják a Gitea Docker sebezhetőséget (CVE-2026-20896)

linuxmint.hu/hir/2026/07/kiber

##

threatnoir@infosec.exchange at 2026-07-09T01:05:46.000Z ##

⚠️ CRITICAL: Critical Gitea Flaw Under Active Exploitation, Researchers Warn

Critical vulnerability CVE-2026-20896 in Gitea's reverse-proxy authentication is under active exploitation. Attackers bypass authentication by spoofing a single HTTP header to gain unauthorized access to repositories and secrets. Gitea Docker images prior to version 1.26.3 are vulnerable due to def…

threatnoir.com/focus

#infosec #cybersecurity

##

offseq@infosec.exchange at 2026-07-08T06:00:28.000Z ##

CRITICAL: Gitea Docker (<1.26.3) is vulnerable to auth bypass (CVE-2026-20896) — attackers can access repos & secrets by spoofing a username header. Actively exploited! Patch to 1.26.3+ & restrict access now. radar.offseq.com/threat/critic #OffSeq #Gitea #Vuln #Infosec

##

DarkWebInformer@infosec.exchange at 2026-07-07T17:38:26.000Z ##

🚨 Critical Gitea flaw CVE-2026-20896 is being probed in the wild

Researchers warn that attackers are targeting a critical Gitea Docker image flaw that can allow authentication bypass with a single HTTP header.

The issue affects official Gitea Docker images up to 1.26.2 when reverse-proxy authentication is enabled.

The vulnerable default trusted any source IP as a reverse proxy, meaning an attacker who could reach the container’s HTTP port could spoof X-WEBAUTH-USER and impersonate a known or guessable user.

Gitea patched the issue in 1.26.3 / 1.26.4, and a public PoC/checker is now available.

Sysdig says the first in-the-wild probing was seen 13 days after disclosure.

Observed IP: 159[.]26[.]98[.]241

##

beyondmachines1@infosec.exchange at 2026-07-07T12:01:07.000Z ##

Gitea Docker Images Vulnerable to Critical Authentication Bypass, Already Attacked

Gitea patched a critical authentication bypass vulnerability (CVE-2026-20896) in its Docker images that allows attackers to impersonate any user with a single HTTP header. The flaw is being exploited in the wild.

**If you self-host Gitea, first make sure it's isolated from the internet and reachable only from trusted networks, then update to version 1.26.3 or later ASAP. If you can't update immediately, edit your app.ini to change REVERSE_PROXY_TRUSTED_PROXIES from * to your actual reverse proxy's specific IP address, and rotate all credentials and secrets stored in your repositories.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

##

CVE-2026-55604
(0 None)

EPSS: 0.22%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-10T05:01:33.000Z ##

🟠 CVE-2026-55604 - High (8.6)

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.7.0, the process-global `SessionStore` accepts caller-supplied `session_id` values without binding them to any authenticated principal or transp...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-59834
(0 None)

EPSS: 0.38%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-10T03:01:04.000Z ##

🟠 CVE-2026-59834 - High (7.5)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-54433
(0 None)

EPSS: 0.00%

1 posts

N/A

CVE-2026-57155
(0 None)

EPSS: 0.00%

2 posts

N/A

DailyCyberSecurity@infosec.exchange at 2026-07-09T13:06:42.000Z ##

OPNsense root RCE flaws are public with PoC code. CVE-2026-57155 (9.9) chains an arbitrary file write to root. Patch 26.1.11 or 26.4.1p1 now.

#OPNsense #RootRCE #RCE #FirewallSecurity #CyberSecurity #Vulnerability #InfoSec #PoC

securityonline.info/opnsense-r

##

beyondmachines1@infosec.exchange at 2026-07-07T09:01:07.000Z ##

OPNsense Patches Critical Root Vulnerability in GeoIP Alias Importer

OPNsense released critical security updates to fix a root remote code execution vulnerability (CVE-2026-57155) in its GeoIP alias importer. The update also patches several other flaws including XPath injection and stored cross-site scripting.

**Make sure your OPNsense firewall's management interface is isolated from the internet and reachable only from trusted networks, since even a low-level user with alias-editing rights can exploit this flaw. Update to OPNsense 26.1.11 or 26.4.1p1 ASAP. If you can't update immediately, lock down management access and limit alias-editing permissions to trusted administrators only.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

##

CVE-2026-59723
(0 None)

EPSS: 0.14%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-09T04:00:38.000Z ##

🟠 CVE-2026-59723 - High (8.8)

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the O...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33697
(0 None)

EPSS: 0.06%

1 posts

N/A

CVE-2026-54161
(0 None)

EPSS: 0.00%

1 posts

N/A

1 repos

https://github.com/ja-errorpro/CVE-2026-54161

DailyCyberSecurity@infosec.exchange at 2026-07-08T13:29:43.000Z ##

A Network UPS Tools RCE (CVE-2026-54161) lets a malicious upsd trigger upsmon command injection as root. No patch exists yet, so mitigate now.

#NetworkUPSTools #NUT #upsmon #CommandInjection #RCE #CVE202654161 #CyberSecurity

securityonline.info/network-up

##

CVE-2026-14380
(0 None)

EPSS: 0.49%

1 posts

N/A

offseq@infosec.exchange at 2026-07-08T00:00:42.000Z ##

CVE-2026-14380 | CRITICAL eval injection in HMBRAND DBI <1.650 lets attackers execute arbitrary Perl code via Profile. Remote code exec possible with exposed DBI::Gofer/ProxyServer. Restrict access & monitor for patches. radar.offseq.com/threat/cve-20 #OffSeq #Perl #Security

##

CVE-2026-54234
(0 None)

EPSS: 0.34%

1 posts

N/A

hugovalters@mastodon.social at 2026-07-07T14:01:57.000Z ##

CVE-2026-54234 - High-severity DoS in vLLM. Multi-request speculative decoding triggers out-of-vocabulary token crash. CVSS 7.5. No patch yet - update to v0.24.0+ immediately. #CVE #vLLM #infosec

valtersit.com/cve/CVE-2026-542

##

CVE-2026-12943
(0 None)

EPSS: 0.00%

1 posts

N/A

DailyCyberSecurity@infosec.exchange at 2026-07-07T08:30:35.000Z ##

A critical IBM Power HMC vulnerability (CVE-2026-12943) allows unauthenticated attackers to execute commands. Patch your systems immediately.

#IBMPowerHMC #Vulnerability #CyberSecurity #CVE202612943 #Infosec

securityonline.info/ibm-power-

##

CVE-2026-34152
(0 None)

EPSS: 0.37%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-07T07:00:34.000Z ##

🟠 CVE-2026-34152 - High (8.8)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, pre-deployment and post-deployment commands are single-quote escaped but then sent through SSH heredoc transport that pres...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-42143
(0 None)

EPSS: 0.43%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-07T06:00:56.000Z ##

🟠 CVE-2026-42143 - High (8.8)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34158
(0 None)

EPSS: 0.36%

1 posts

N/A

thehackerwire@mastodon.social at 2026-07-07T06:00:26.000Z ##

🟠 CVE-2026-34158 - High (8.8)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker() helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Atta...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34048
(0 None)

EPSS: 0.40%

1 posts

N/A

offseq@infosec.exchange at 2026-07-07T06:00:29.000Z ##

CVE-2026-34048 (CRITICAL, CVSS 9.9): improper auth in coollabsio Coolify (<4.0.0-beta.471) lets low-priv users execute commands via terminal websockets. Update to 4.0.0-beta.471 ASAP. radar.offseq.com/threat/cve-20 #OffSeq #Coolify #CVE202634048 #infosec

##

CVE-2026-34037
(0 None)

EPSS: 0.25%

1 posts

N/A

offseq@infosec.exchange at 2026-07-07T04:30:26.000Z ##

CVE-2026-34037: CRITICAL auth bypass in coollabsio coolify (=4.0.0-beta.464). Privileged users can clone resources into other teams, risking cross-tenant data exposure. Fix: upgrade to 4.0.0-beta.464. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #coolify #Infosec

##

Visit counter For Websites