| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-28461 | 7.5 | 0.00% | 2 | 0 | 2026-03-19T02:16:02.810000 | OpenClaw versions prior to 2026.3.1 contain an unbounded memory growth vulnerabi | |
| CVE-2026-32255 | 8.6 | 0.00% | 2 | 0 | 2026-03-19T00:16:18.003000 | Kan is an open-source project management tool. In versions 0.5.4 and below, the | |
| CVE-2026-32731 | 9.9 | 0.00% | 6 | 1 | 2026-03-18T23:17:29.543000 | ApostropheCMS is an open-source content management framework. Prior to version 3 | |
| CVE-2026-32730 | 8.1 | 0.00% | 2 | 0 | 2026-03-18T23:17:29.370000 | ApostropheCMS is an open-source content management framework. Prior to version 4 | |
| CVE-2025-15031 | 8.1 | 0.00% | 2 | 0 | 2026-03-18T23:17:28.693000 | A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file | |
| CVE-2026-32703 | 9.0 | 0.00% | 6 | 0 | 2026-03-18T22:16:24.517000 | OpenProject is an open-source, web-based project management software. In version | |
| CVE-2026-32698 | 9.1 | 0.00% | 4 | 0 | 2026-03-18T22:16:24.223000 | OpenProject is an open-source, web-based project management software. Versions p | |
| CVE-2026-32634 | 8.1 | 0.00% | 2 | 0 | 2026-03-18T21:48:54 | ## Summary In Central Browser mode, Glances stores both the Zeroconf-advertised | |
| CVE-2025-55040 | 8.8 | 0.00% | 2 | 0 | 2026-03-18T21:34:01 | The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers t | |
| CVE-2026-4396 | 8.3 | 0.00% | 2 | 0 | 2026-03-18T21:33:04 | Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 | |
| CVE-2026-25873 | 9.8 | 0.00% | 2 | 0 | 2026-03-18T21:33:04 | OmniGen2-RL contains an unauthenticated remote code execution vulnerability in t | |
| CVE-2026-20963 | 8.8 | 1.63% | 2 | 0 | 2026-03-18T21:32:58 | Deserialization of untrusted data in Microsoft Office SharePoint allows an autho | |
| CVE-2025-43520 | 5.5 | 0.02% | 4 | 0 | 2026-03-18T21:32:58 | A memory corruption issue was addressed with improved memory handling. This issu | |
| CVE-2026-22730 | 8.8 | 0.03% | 4 | 0 | 2026-03-18T20:20:40 | A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionCon | |
| CVE-2026-2603 | 8.1 | 0.17% | 1 | 2 | 2026-03-18T20:17:34 | A flaw was found in Keycloak. A remote attacker could bypass security controls b | |
| CVE-2026-2092 | 7.7 | 0.07% | 1 | 0 | 2026-03-18T20:17:22 | A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAM | |
| CVE-2025-66376 | 7.2 | 0.05% | 4 | 0 | 2026-03-18T20:13:37.087000 | Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Clas | |
| CVE-2026-28500 | 8.6 | 0.01% | 1 | 0 | 2026-03-18T19:47:59.707000 | Open Neural Network Exchange (ONNX) is an open standard for machine learning int | |
| CVE-2026-32633 | 9.1 | 0.00% | 2 | 0 | 2026-03-18T19:16:05.347000 | Glances is an open-source system cross-platform monitoring tool. Prior to versio | |
| CVE-2026-26740 | 8.2 | 0.00% | 2 | 0 | 2026-03-18T19:16:03.810000 | Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to caus | |
| CVE-2026-24062 | 7.8 | 0.00% | 2 | 0 | 2026-03-18T18:31:24 | The "Privileged Helper" component of the Arturia Software Center (MacOS) does no | |
| CVE-2026-2992 | 8.2 | 0.00% | 2 | 0 | 2026-03-18T18:31:24 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is | |
| CVE-2026-2991 | 9.8 | 0.00% | 2 | 1 | 2026-03-18T18:31:24 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is | |
| CVE-2026-1463 | 8.8 | 0.00% | 2 | 0 | 2026-03-18T18:31:17 | The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for Wor | |
| CVE-2026-32640 | 9.8 | 0.05% | 2 | 0 | 2026-03-18T18:26:49.927000 | SimpleEval is a library for adding evaluatable expressions into python projects. | |
| CVE-2026-32610 | 8.1 | 0.00% | 2 | 0 | 2026-03-18T17:16:06.947000 | Glances is an open-source system cross-platform monitoring tool. Prior to versio | |
| CVE-2026-30911 | 8.1 | 0.04% | 2 | 0 | 2026-03-18T16:33:18 | Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability | |
| CVE-2026-24063 | 8.2 | 0.00% | 2 | 0 | 2026-03-18T16:16:26.527000 | When a plugin is installed using the Arturia Software Center (MacOS), it also in | |
| CVE-2026-22729 | 8.6 | 0.05% | 3 | 0 | 2026-03-18T16:16:25.990000 | A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConver | |
| CVE-2026-4258 | 7.5 | 0.02% | 2 | 0 | 2026-03-18T16:10:10 | All versions of the package sjcl are vulnerable to Improper Verification of Cryp | |
| CVE-2026-30707 | 8.1 | 0.02% | 2 | 0 | 2026-03-18T15:31:47 | An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FE | |
| CVE-2026-25449 | 9.8 | 0.00% | 2 | 0 | 2026-03-18T15:30:51 | Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Ob | |
| CVE-2026-20643 | 5.4 | 0.02% | 6 | 1 | 2026-03-18T15:30:46 | A cross-origin issue in the Navigation API was addressed with improved input val | |
| CVE-2026-21994 | 9.8 | 0.04% | 1 | 1 | 2026-03-18T15:16:27.927000 | Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation | |
| CVE-2026-25534 | 9.1 | 0.04% | 3 | 0 | 2026-03-18T14:52:44.227000 | ### Impact Spinnaker updated URL Validation logic on user input to provide sanit | |
| CVE-2026-22171 | 8.2 | 0.03% | 2 | 0 | 2026-03-18T14:52:44.227000 | OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in t | |
| CVE-2026-31898 | 8.1 | 0.03% | 2 | 1 | 2026-03-18T14:52:44.227000 | jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user | |
| CVE-2025-41258 | 8.0 | 0.03% | 2 | 0 | 2026-03-18T14:52:44.227000 | LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechan | |
| CVE-2026-22317 | 7.2 | 0.06% | 1 | 0 | 2026-03-18T14:52:44.227000 | A command injection vulnerability in the device’s Root CA certificate transfer w | |
| CVE-2026-22319 | 4.9 | 0.04% | 1 | 0 | 2026-03-18T14:52:44.227000 | A stack-based buffer overflow in the device's file installation workflow allows | |
| CVE-2026-22316 | 6.5 | 0.09% | 1 | 0 | 2026-03-18T14:52:44.227000 | A remote attacker with user privileges for the webUI can use the setting of the | |
| CVE-2026-32292 | 7.5 | 0.03% | 2 | 0 | 2026-03-18T14:52:44.227000 | The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enab | |
| CVE-2026-24901 | 8.1 | 0.03% | 3 | 0 | 2026-03-18T14:52:44.227000 | Outline is a service that allows for collaborative documentation. Prior to 1.4.0 | |
| CVE-2026-3564 | 9.0 | 0.05% | 1 | 0 | 2026-03-18T14:52:44.227000 | A condition in ScreenConnect may allow an actor with access to server-level cryp | |
| CVE-2025-66342 | 7.8 | 0.01% | 1 | 0 | 2026-03-18T14:52:44.227000 | A type confusion vulnerability exists in the EMF functionality of Canva Affinity | |
| CVE-2026-32295 | 7.5 | 0.03% | 1 | 0 | 2026-03-18T14:52:44.227000 | JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force att | |
| CVE-2026-32746 | 9.8 | 0.04% | 12 | 1 | 2026-03-18T14:16:40.673000 | telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMO | |
| CVE-2026-30405 | 7.5 | 0.11% | 2 | 0 | 2026-03-18T12:58:46 | An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of s | |
| CVE-2026-22322 | 7.1 | 0.08% | 1 | 0 | 2026-03-18T09:30:35 | A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation config | |
| CVE-2026-22321 | 5.3 | 0.04% | 1 | 0 | 2026-03-18T09:30:35 | A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occur | |
| CVE-2026-22323 | 7.1 | 0.04% | 1 | 0 | 2026-03-18T09:30:34 | A CSRF vulnerability in the Link Aggregation configuration interface allows an u | |
| CVE-2026-22320 | 6.5 | 0.04% | 1 | 0 | 2026-03-18T09:30:34 | A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling a | |
| CVE-2026-22318 | 4.9 | 0.04% | 1 | 0 | 2026-03-18T09:30:34 | A stack-based buffer overflow vulnerability in the device's file transfer parame | |
| CVE-2026-3888 | 7.8 | 0.01% | 28 | 2 | 2026-03-18T04:17:30.720000 | Local privilege escalation in snapd on Linux allows local attackers to get root | |
| CVE-2026-32841 | 8.1 | 0.09% | 2 | 0 | 2026-03-18T00:30:59 | Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication by | |
| CVE-2025-14031 | 7.5 | 0.07% | 1 | 0 | 2026-03-18T00:30:59 | IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6. | |
| CVE-2026-22727 | 7.5 | 0.02% | 1 | 0 | 2026-03-18T00:30:59 | Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, | |
| CVE-2026-32838 | 7.5 | 0.01% | 1 | 0 | 2026-03-18T00:30:59 | Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the w | |
| CVE-2026-1376 | 7.5 | 0.17% | 1 | 0 | 2026-03-18T00:30:59 | IBM i 7.6 could allow a remote attacker to cause a denial of service using faile | |
| CVE-2026-4064 | 8.3 | 0.04% | 1 | 0 | 2026-03-17T21:31:53 | Missing authorization checks on multiple gRPC service endpoints in PowerShell Un | |
| CVE-2026-4295 | 7.8 | 0.01% | 1 | 0 | 2026-03-17T21:31:53 | Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supp | |
| CVE-2026-32981 | 7.5 | 0.07% | 1 | 0 | 2026-03-17T21:31:53 | A path traversal vulnerability was identified in Ray Dashboard (default port 826 | |
| CVE-2025-64301 | 7.8 | 0.01% | 1 | 0 | 2026-03-17T21:31:53 | An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Af | |
| CVE-2026-4269 | 7.5 | 0.05% | 1 | 0 | 2026-03-17T20:34:22 | ## Summary An issue has been identified in the Bedrock AgentCore Starter Toolkit | |
| CVE-2026-32256 | 7.5 | 0.01% | 2 | 0 | 2026-03-17T20:04:49 | # Summary music-metadata's ASF parser (`parseExtensionObject()` in `lib/asf/Asf | |
| CVE-2026-32600 | 8.2 | 0.02% | 1 | 0 | 2026-03-17T19:25:09.150000 | xml-security is a library that implements XML signatures and encryption. Prior t | |
| CVE-2026-32729 | 8.1 | 0.06% | 1 | 0 | 2026-03-17T19:01:54.250000 | Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/ | |
| CVE-2026-2922 | 7.8 | 0.06% | 1 | 0 | 2026-03-17T18:59:21.860000 | GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerabil | |
| CVE-2026-2921 | 7.8 | 0.06% | 1 | 0 | 2026-03-17T18:59:00.343000 | GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. Thi | |
| CVE-2026-3081 | 7.8 | 0.06% | 1 | 0 | 2026-03-17T18:58:06.030000 | GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution V | |
| CVE-2026-4276 | 7.5 | 0.06% | 2 | 0 | 2026-03-17T18:31:38 | LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that al | |
| CVE-2026-2673 | 7.5 | 0.03% | 1 | 0 | 2026-03-17T18:31:38 | Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected pref | |
| CVE-2026-32298 | 9.1 | 0.04% | 3 | 0 | 2026-03-17T18:30:43 | The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by | |
| CVE-2026-32297 | 7.5 | 0.03% | 4 | 0 | 2026-03-17T18:30:42 | The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary | |
| CVE-2026-32296 | 8.2 | 0.05% | 5 | 0 | 2026-03-17T18:30:42 | Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without prope | |
| CVE-2026-4148 | 8.8 | 0.04% | 2 | 0 | 2026-03-17T18:30:38 | A use-after-free vulnerability can be triggered in sharded clusters by an authen | |
| CVE-2026-28779 | 7.5 | 0.07% | 1 | 0 | 2026-03-17T17:42:17.580000 | Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is | |
| CVE-2026-31938 | 9.6 | 0.04% | 3 | 0 | 2026-03-17T17:08:01 | ### Impact User control of the `options` argument of the `output` function allo | |
| CVE-2026-31891 | 7.7 | 0.03% | 2 | 0 | 2026-03-17T17:07:43 | ### Impact This is a SQL Injection vulnerability in the MongoLite Aggregation O | |
| CVE-2026-30922 | 7.5 | 0.04% | 2 | 0 | 2026-03-17T16:17:33 | ### Summary The `pyasn1` library is vulnerable to a Denial of Service (DoS) atta | |
| CVE-2026-27980 | None | 0.01% | 2 | 0 | 2026-03-17T16:17:07 | ## Summary The default Next.js image optimization disk cache (`/_next/image`) di | |
| CVE-2026-27979 | None | 0.04% | 2 | 0 | 2026-03-17T16:16:52 | ## Summary A request containing the `next-resume: 1` header (corresponding with | |
| CVE-2026-28520 | 8.4 | 0.01% | 1 | 0 | 2026-03-17T15:39:38.403000 | arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vul | |
| CVE-2025-50881 | 8.8 | 0.20% | 2 | 1 | 2026-03-17T15:37:26 | The `flow/admin/moniteur.php` script in Use It Flow administration website befor | |
| CVE-2026-4177 | 9.1 | 0.01% | 2 | 0 | 2026-03-17T15:37:26 | YAML::Syck versions through 1.36 for Perl has several potential security vulnera | |
| CVE-2025-66687 | 7.5 | 0.36% | 2 | 0 | 2026-03-17T15:37:25 | Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file p | |
| CVE-2026-4318 | 8.8 | 0.04% | 1 | 0 | 2026-03-17T15:36:34 | A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is | |
| CVE-2025-69902 | 9.8 | 0.26% | 2 | 0 | 2026-03-17T15:36:22 | A command injection vulnerability in the minimal_wrapper.py component of kubectl | |
| CVE-2026-32267 | None | 0.03% | 3 | 0 | 2026-03-17T15:23:52 | ### Summary A low-privilege user (or an unauthenticated user who has been sent a | |
| CVE-2025-69783 | 7.8 | 0.01% | 2 | 0 | 2026-03-17T14:20:01.670000 | A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming | |
| CVE-2026-2579 | 7.5 | 0.07% | 1 | 0 | 2026-03-17T14:20:01.670000 | The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPre | |
| CVE-2026-4208 | 0 | 0.05% | 1 | 0 | 2026-03-17T14:20:01.670000 | The extension fails to properly reset the generated MFA code after successful au | |
| CVE-2026-4254 | 9.8 | 0.05% | 2 | 0 | 2026-03-17T14:20:01.670000 | A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerabilit | |
| CVE-2025-69809 | 9.8 | 0.04% | 2 | 0 | 2026-03-17T14:20:01.670000 | A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticat | |
| CVE-2025-69808 | 9.1 | 0.07% | 1 | 0 | 2026-03-17T14:20:01.670000 | An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unaut | |
| CVE-2026-23862 | 7.8 | 0.06% | 1 | 0 | 2026-03-17T14:20:01.670000 | Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutra | |
| CVE-2026-4312 | 9.8 | 0.13% | 2 | 0 | 2026-03-17T09:31:33 | GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulne | |
| CVE-2026-0708 | 8.3 | 0.16% | 1 | 0 | 2026-03-17T06:31:33 | A flaw was found in libucl. A remote attacker could exploit this by providing a | |
| CVE-2026-32313 | 8.2 | 0.02% | 1 | 0 | 2026-03-16T22:01:06 | ### Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256 | |
| CVE-2026-28498 | None | 0.01% | 2 | 0 | 2026-03-16T21:54:15 | ## 1. Executive Summary A critical library-level vulnerability was identified i | |
| CVE-2026-27962 | 9.1 | 0.06% | 2 | 0 | 2026-03-16T21:54:00 | ## Description ### Summary A JWK Header Injection vulnerability in `authlib`'s | |
| CVE-2025-69784 | 8.8 | 0.01% | 1 | 0 | 2026-03-16T21:35:35 | A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed | |
| CVE-2025-69768 | 7.5 | 0.04% | 2 | 0 | 2026-03-16T21:35:34 | SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker | |
| CVE-2026-4252 | 9.8 | 0.14% | 2 | 0 | 2026-03-16T18:32:15 | A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue | |
| CVE-2025-47813 | 4.3 | 20.96% | 2 | 0 | template | 2026-03-16T18:32:03 | loginok.html in Wing FTP Server before 7.4.4 discloses the full local installati |
| CVE-2026-32609 | 7.5 | 0.00% | 2 | 0 | 2026-03-16T16:26:55 | ## Summary The GHSA-gh4x fix (commit 5d3de60) addressed unauthenticated configu | |
| CVE-2026-32606 | 7.7 | 0.01% | 1 | 0 | 2026-03-16T16:26:01 | The default configuration of systemd-cryptenroll as used by IncusOS through mkos | |
| CVE-2026-32596 | None | 0.07% | 2 | 0 | 2026-03-16T16:23:59 | ### Summary Glances web server runs without authentication by default when start | |
| CVE-2026-29112 | 7.5 | 0.04% | 2 | 0 | 2026-03-16T16:15:34 | ### Impact The `ensureSize()` function in `@dicebear/converter` (versions < 9.4 | |
| CVE-2026-4188 | 8.8 | 0.04% | 1 | 0 | 2026-03-16T15:30:58 | A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected ele | |
| CVE-2026-3083 | 8.8 | 0.36% | 1 | 0 | 2026-03-16T15:30:57 | GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. | |
| CVE-2026-3558 | 8.1 | 0.03% | 1 | 0 | 2026-03-16T15:30:57 | Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authenticat | |
| CVE-2026-3556 | 8.8 | 0.07% | 1 | 0 | 2026-03-16T15:30:57 | Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Exe | |
| CVE-2026-3476 | 7.8 | 0.02% | 1 | 0 | 2026-03-16T15:30:57 | A Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 202 | |
| CVE-2026-3559 | 8.1 | 0.03% | 1 | 0 | 2026-03-16T15:30:57 | Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass | |
| CVE-2026-4163 | 9.8 | 0.16% | 1 | 0 | 2026-03-16T15:30:57 | A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects th | |
| CVE-2026-4184 | 9.8 | 0.06% | 1 | 0 | 2026-03-16T15:30:57 | A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulne | |
| CVE-2026-3085 | 8.8 | 0.25% | 1 | 0 | 2026-03-16T15:30:56 | GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerab | |
| CVE-2026-3082 | 7.8 | 0.06% | 1 | 0 | 2026-03-16T15:30:56 | GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerabi | |
| CVE-2026-3838 | 8.8 | 1.17% | 2 | 0 | 2026-03-16T15:30:56 | Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This v | |
| CVE-2026-3561 | 8.0 | 0.11% | 1 | 0 | 2026-03-16T15:30:56 | Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code | |
| CVE-2026-4181 | 9.8 | 0.06% | 2 | 0 | 2026-03-16T15:30:56 | A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an | |
| CVE-2026-4183 | 9.8 | 0.06% | 1 | 0 | 2026-03-16T15:30:56 | A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected | |
| CVE-2026-28521 | 7.7 | 0.01% | 1 | 0 | 2026-03-16T15:30:55 | arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vuln | |
| CVE-2026-28519 | 8.8 | 0.01% | 1 | 0 | 2026-03-16T15:30:55 | arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vuln | |
| CVE-2026-2493 | 7.5 | 10.28% | 1 | 0 | 2026-03-16T15:30:55 | IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. | |
| CVE-2026-2476 | 7.6 | 0.03% | 1 | 0 | 2026-03-16T15:30:55 | Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configurat | |
| CVE-2026-2920 | 7.8 | 0.06% | 1 | 0 | 2026-03-16T15:30:55 | GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerabi | |
| CVE-2026-2923 | 7.8 | 0.06% | 1 | 0 | 2026-03-16T15:30:55 | GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. | |
| CVE-2026-3086 | 7.8 | 0.06% | 1 | 2 | 2026-03-16T15:30:55 | GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerabi | |
| CVE-2026-3084 | 7.8 | 0.06% | 1 | 0 | 2026-03-16T15:30:55 | GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerabili | |
| CVE-2026-3557 | 8.0 | 0.14% | 1 | 0 | 2026-03-16T15:30:55 | Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Ove | |
| CVE-2026-32614 | 7.5 | 0.02% | 1 | 0 | 2026-03-16T14:53:07.390000 | Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library t | |
| CVE-2026-3555 | 8.0 | 0.05% | 1 | 0 | 2026-03-16T14:53:07.390000 | Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflo | |
| CVE-2026-4164 | 9.8 | 0.17% | 2 | 0 | 2026-03-16T14:53:07.390000 | A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Del | |
| CVE-2026-3560 | 8.8 | 0.07% | 1 | 0 | 2026-03-16T14:53:07.390000 | Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Re | |
| CVE-2026-4170 | 9.8 | 0.15% | 1 | 0 | 2026-03-16T14:53:07.390000 | A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerabil | |
| CVE-2026-4167 | 8.8 | 0.04% | 1 | 0 | 2026-03-16T14:53:07.390000 | A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the funct | |
| CVE-2026-3910 | 8.8 | 23.21% | 2 | 0 | 2026-03-13T22:00:01.403000 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allow | |
| CVE-2026-3909 | 8.8 | 33.06% | 2 | 0 | 2026-03-13T21:32:59 | Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a re | |
| CVE-2026-32621 | 9.9 | 0.03% | 1 | 0 | 2026-03-13T20:51:15 | ### Impact A vulnerability exists in query plan execution within the gateway th | |
| CVE-2026-32136 | 9.8 | 0.79% | 2 | 0 | 2026-03-13T20:19:00.987000 | AdGuard Home is a network-wide software for blocking ads and tracking. Prior to | |
| CVE-2026-31852 | 10.0 | 0.10% | 1 | 0 | 2026-03-12T21:08:22.643000 | Jellyfin is an open-source media system. The code-quality.yml GitHub Actions wor | |
| CVE-2026-1965 | 6.5 | 0.05% | 1 | 0 | 2026-03-11T15:32:59 | libcurl can in some circumstances reuse the wrong connection when asked to do an | |
| CVE-2025-15576 | 7.5 | 0.01% | 1 | 0 | 2026-03-10T21:33:20 | If two sibling jails are restricted to separate filesystem trees, which is to sa | |
| CVE-2026-20126 | 8.8 | 0.04% | 2 | 0 | 2026-03-04T21:21:49.053000 | A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, l | |
| CVE-2026-20122 | 5.4 | 0.04% | 2 | 0 | 2026-02-25T18:31:45 | A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authe | |
| CVE-2026-20128 | 7.6 | 0.02% | 2 | 0 | 2026-02-25T18:31:45 | A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD- | |
| CVE-2026-27205 | None | 0.03% | 1 | 0 | 2026-02-23T22:28:06 | When the `session` object is accessed, Flask should set the `Vary: Cookie` heade | |
| CVE-2026-25749 | 6.6 | 0.01% | 1 | 0 | 2026-02-20T15:45:19.210000 | Vim is an open source, command line text editor. Prior to version 9.1.2132, a he | |
| CVE-2025-32463 | 9.4 | 26.52% | 1 | 82 | 2025-10-22T00:34:26 | Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswi | |
| CVE-2025-59284 | 3.3 | 0.04% | 1 | 1 | 2025-10-14T18:30:47 | Exposure of sensitive information to an unauthorized actor in Windows NTLM allow | |
| CVE-2025-4517 | 9.4 | 0.10% | 2 | 10 | 2025-06-03T21:31:40 | Allows arbitrary filesystem writes outside the extraction directory during extra | |
| CVE-2026-28430 | 0 | 0.08% | 3 | 0 | N/A | ||
| CVE-2026-32321 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-27894 | 0 | 0.06% | 2 | 0 | N/A | ||
| CVE-2026-27811 | 0 | 0.21% | 3 | 0 | N/A | ||
| CVE-2026-29056 | 0 | 0.05% | 2 | 0 | N/A | ||
| CVE-2026-27135 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-33058 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-30884 | 0 | 0.02% | 5 | 0 | N/A | ||
| CVE-2026-32693 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-32692 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-0667 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-25770 | 0 | 0.09% | 1 | 0 | N/A | ||
| CVE-2026-25769 | 0 | 0.42% | 1 | 1 | N/A | ||
| CVE-2025-30201 | 0 | 0.28% | 1 | 0 | N/A | ||
| CVE-2026-23489 | 0 | 0.06% | 2 | 0 | N/A | ||
| CVE-2026-32628 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-30881 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-30875 | 0 | 0.15% | 1 | 0 | N/A | ||
| CVE-2026-32616 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-32627 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-32626 | 0 | 0.14% | 1 | 0 | N/A | ||
| CVE-2026-32708 | 0 | 0.02% | 1 | 0 | N/A |
updated 2026-03-19T02:16:02.810000
2 posts
🟠 CVE-2026-28461 - High (7.5)
OpenClaw versions prior to 2026.3.1 contain an unbounded memory growth vulnerability in the Zalo webhook endpoint that allows unauthenticated attackers to trigger in-memory key accumulation by varying query strings. Remote attackers can exploit th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28461/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28461 - High (7.5)
OpenClaw versions prior to 2026.3.1 contain an unbounded memory growth vulnerability in the Zalo webhook endpoint that allows unauthenticated attackers to trigger in-memory key accumulation by varying query strings. Remote attackers can exploit th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28461/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T00:16:18.003000
2 posts
🟠 CVE-2026-32255 - High (8.6)
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32255/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32255 - High (8.6)
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32255/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T23:17:29.543000
6 posts
1 repos
🔎 CVE-2026-32731 (CRITICAL, CVSS 10): Path traversal in ApostropheCMS import-export <3.5.3 lets attackers write files as Node.js user via crafted archives. Upgrade to 3.5.3+ and restrict permissions now! Details: https://radar.offseq.com/threat/cve-2026-32731-cwe-22-improper-limitation-of-a-pat-efa014e1 #OffSeq #CVE202632731 #infosec #cms
##🚨 CRITICAL: CVE-2026-32731 in ApostropheCMS import-export (<3.5.3) allows path traversal via crafted .tar.gz uploads — attackers can write files anywhere the Node.js process can. Upgrade to 3.5.3+ ASAP! https://radar.offseq.com/threat/cve-2026-32731-cwe-22-improper-limitation-of-a-pat-efa014e1 #OffSeq #CVE202632731 #ApostropheCMS #infosec
##🔴 CVE-2026-32731 - Critical (9.9)
ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of `@apostrophecms/import-export`,
The `extract()` function in `gzip.js` constructs file-write paths using `fs.createWriteStream(path.join(exportPath, header.name...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32731/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 CVE-2026-32731 (CRITICAL, CVSS 10): Path traversal in ApostropheCMS import-export <3.5.3 lets attackers write files as Node.js user via crafted archives. Upgrade to 3.5.3+ and restrict permissions now! Details: https://radar.offseq.com/threat/cve-2026-32731-cwe-22-improper-limitation-of-a-pat-efa014e1 #OffSeq #CVE202632731 #infosec #cms
##🚨 CRITICAL: CVE-2026-32731 in ApostropheCMS import-export (<3.5.3) allows path traversal via crafted .tar.gz uploads — attackers can write files anywhere the Node.js process can. Upgrade to 3.5.3+ ASAP! https://radar.offseq.com/threat/cve-2026-32731-cwe-22-improper-limitation-of-a-pat-efa014e1 #OffSeq #CVE202632731 #ApostropheCMS #infosec
##🔴 CVE-2026-32731 - Critical (9.9)
ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of `@apostrophecms/import-export`,
The `extract()` function in `gzip.js` constructs file-write paths using `fs.createWriteStream(path.join(exportPath, header.name...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32731/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T23:17:29.370000
2 posts
🟠 CVE-2026-32730 - High (8.1)
ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in `@apostrophecms/express/index.js` (lines 386-389) contains an incorrect MongoDB query that allows incomplete login...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32730/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32730 - High (8.1)
ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in `@apostrophecms/express/index.js` (lines 386-389) contains an incorrect MongoDB query that allows incomplete login...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32730/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T23:17:28.693000
2 posts
🟠 CVE-2025-15031 - High (8.1)
A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15031/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-15031 - High (8.1)
A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of `tarfile.extractall` without path validation enables crafted tar.gz files containing `...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15031/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T22:16:24.517000
6 posts
🚨 OpenProject CRITICAL XSS (CVE-2026-32703): Attackers with repo push access can inject persistent scripts via filenames, impacting all users viewing affected pages. Patch to 16.6.9/17.0.6/17.1.3/17.2.1+ now! https://radar.offseq.com/threat/cve-2026-32703-cwe-79-improper-neutralization-of-i-f2afc489 #OffSeq #XSS #OpenProject #infosec
##⚠️ CRITICAL: CVE-2026-32703 in OpenProject (<16.6.9, <17.0.6, <17.1.3, <17.2.1) enables persistent XSS via repo filenames. Attackers w/ push access can inject scripts — risk: session hijack, data theft. Patch now! https://radar.offseq.com/threat/cve-2026-32703-cwe-79-improper-neutralization-of-i-f2afc489 #OffSeq #XSS #OpenProject #Vuln
##🔴 CVE-2026-32703 - Critical (9)
OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1, the Repositories module did not properly escape filenames displayed from repositories. This allowed an attacker with pus...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32703/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 OpenProject CRITICAL XSS (CVE-2026-32703): Attackers with repo push access can inject persistent scripts via filenames, impacting all users viewing affected pages. Patch to 16.6.9/17.0.6/17.1.3/17.2.1+ now! https://radar.offseq.com/threat/cve-2026-32703-cwe-79-improper-neutralization-of-i-f2afc489 #OffSeq #XSS #OpenProject #infosec
##⚠️ CRITICAL: CVE-2026-32703 in OpenProject (<16.6.9, <17.0.6, <17.1.3, <17.2.1) enables persistent XSS via repo filenames. Attackers w/ push access can inject scripts — risk: session hijack, data theft. Patch now! https://radar.offseq.com/threat/cve-2026-32703-cwe-79-improper-neutralization-of-i-f2afc489 #OffSeq #XSS #OpenProject #Vuln
##🔴 CVE-2026-32703 - Critical (9)
OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1, the Repositories module did not properly escape filenames displayed from repositories. This allowed an attacker with pus...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32703/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T22:16:24.223000
4 posts
🚨 CRITICAL: CVE-2026-32698 in OpenProject (CVSS 9.1) enables SQL injection via admin-created custom fields, leading to potential RCE if chained with repo module bug. Patch to 16.6.9/17.0.6/17.1.3/17.2.1+ now! https://radar.offseq.com/threat/cve-2026-32698-cwe-89-improper-neutralization-of-s-a9afd70e #OffSeq #SQLInjection #OpenProject #InfoSec
##🔴 CVE-2026-32698 - Critical (9.1)
OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32698/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-32698 in OpenProject (CVSS 9.1) enables SQL injection via admin-created custom fields, leading to potential RCE if chained with repo module bug. Patch to 16.6.9/17.0.6/17.1.3/17.2.1+ now! https://radar.offseq.com/threat/cve-2026-32698-cwe-89-improper-neutralization-of-s-a9afd70e #OffSeq #SQLInjection #OpenProject #InfoSec
##🔴 CVE-2026-32698 - Critical (9.1)
OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32698/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T21:48:54
2 posts
🟠 CVE-2026-32634 - High (8.1)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connectio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32634/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32634 - High (8.1)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connectio...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32634/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T21:34:01
2 posts
🟠 CVE-2025-55040 - High (8.8)
The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious website...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-55040/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-55040 - High (8.8)
The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious website...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-55040/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T21:33:04
2 posts
🟠 CVE-2026-4396 - High (8.3)
Improper certificate validation in Devolutions Hub Reporting Service
2025.3.1.1 and earlier allows a network attacker to perform a
man-in-the-middle attack via disabled TLS certificate verification.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4396/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4396 - High (8.3)
Improper certificate validation in Devolutions Hub Reporting Service
2025.3.1.1 and earlier allows a network attacker to perform a
man-in-the-middle attack via disabled TLS certificate verification.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4396/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T21:33:04
2 posts
🔴 CVE-2026-25873 - Critical (9.8)
OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle de...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25873/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25873 - Critical (9.8)
OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests. Attackers can exploit insecure pickle de...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25873/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T21:32:58
2 posts
CVE ID: CVE-2026-20963
Vendor: Microsoft
Product: SharePoint
Date Added: 2026-03-18
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20963
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20963
CVE ID: CVE-2026-20963
Vendor: Microsoft
Product: SharePoint
Date Added: 2026-03-18
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20963 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20963
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20963
updated 2026-03-18T21:32:58
4 posts
As usual, Wired is… not great 🙄
Regarding DarkSword, the latest objectively bad exploit affecting iOS and Safari, Google has a more in depth analysis, with a lot more informations on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
##@agreenberg more in depth analysis from Google.
It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
##As usual, Wired is… not great 🙄
Regarding DarkSword, the latest objectively bad exploit affecting iOS and Safari, Google has a more in depth analysis, with a lot more informations on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
##@agreenberg more in depth analysis from Google.
It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
##updated 2026-03-18T20:20:40
4 posts
🚨 CVE-2026-22730: HIGH-severity SQL injection in VMware Spring AI (1.0.x, 1.1.x) lets users with limited privileges run arbitrary SQL via MariaDBFilterExpressionConverter. Patch ASAP & harden input validation! https://radar.offseq.com/threat/cve-2026-22730-vulnerability-in-vmware-spring-ai-ddcf48d5 #OffSeq #VMware #SQLi #Infosec
##🟠 CVE-2026-22730 - High (8.8)
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands.
The vulnerability exists due to missing input sanitization.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22730/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-22730: HIGH-severity SQL injection in VMware Spring AI (1.0.x, 1.1.x) lets users with limited privileges run arbitrary SQL via MariaDBFilterExpressionConverter. Patch ASAP & harden input validation! https://radar.offseq.com/threat/cve-2026-22730-vulnerability-in-vmware-spring-ai-ddcf48d5 #OffSeq #VMware #SQLi #Infosec
##🟠 CVE-2026-22730 - High (8.8)
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands.
The vulnerability exists due to missing input sanitization.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22730/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T20:17:34
1 posts
2 repos
https://github.com/mbanyamer/CVE-2026-26030-Microsoft-Semantic-Kernel-1.39.4-RCE
🟠 CVE-2026-2603 - High (8.1)
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to com...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2603/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T20:17:22
1 posts
🟠 CVE-2026-2092 - High (7.7)
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2092/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T20:13:37.087000
4 posts
🚨 [CISA-2026:0318] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0318)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-66376 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-66376)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-66376
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260318 #cisa20260318 #cve_2025_66376 #cve202566376
##CVE ID: CVE-2025-66376
Vendor: Synacor
Product: Zimbra Collaboration Suite (ZCS)
Date Added: 2026-03-18
Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-66376
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-66376
🚨 [CISA-2026:0318] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0318)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-66376 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-66376)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-66376
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260318 #cisa20260318 #cve_2025_66376 #cve202566376
##CVE ID: CVE-2025-66376
Vendor: Synacor
Product: Zimbra Collaboration Suite (ZCS)
Date Added: 2026-03-18
Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-66376
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-66376
updated 2026-03-18T19:47:59.707000
1 posts
🟠 CVE-2026-28500 - High (8.6)
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification m...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28500/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T19:16:05.347000
2 posts
🔴 CVE-2026-32633 - Critical (9.1)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the `/api/4/serverslist` endpoint returns raw server objects from `GlancesServersList.get_servers_list()`. Those objects are mutated ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32633/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32633 - Critical (9.1)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the `/api/4/serverslist` endpoint returns raw server objects from `GlancesServersList.get_servers_list()`. Those objects are mutated ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32633/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T19:16:03.810000
2 posts
🟠 CVE-2026-26740 - High (8.2)
Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26740/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26740 - High (8.2)
Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26740/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T18:31:24
2 posts
🟠 CVE-2026-24062 - High (7.8)
The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged act...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24062/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24062 - High (7.8)
The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged act...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24062/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T18:31:24
2 posts
🟠 CVE-2026-2992 - High (8.2)
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the `/wp-json/kivicare/v1/setup-wizard/clinic` REST API endpoint in all versions up to, and includ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2992/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2992 - High (8.2)
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the `/wp-json/kivicare/v1/setup-wizard/clinic` REST API endpoint in all versions up to, and includ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2992/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T18:31:24
2 posts
1 repos
🔴 CVE-2026-2991 - Critical (9.8)
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the `patientSocialLogin()` function not verifying the social provider...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2991/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-2991 - Critical (9.8)
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the `patientSocialLogin()` function not verifying the social provider...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2991/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T18:31:17
2 posts
🟠 CVE-2026-1463 - High (8.8)
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible f...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1463/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1463 - High (8.8)
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible f...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1463/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T18:26:49.927000
2 posts
🔴 CVE-2026-32640 - Critical (9.8)
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects (including modules) can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to Simple...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32640/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32640 - Critical (9.8)
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects (including modules) can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to Simple...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32640/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T17:16:06.947000
2 posts
🟠 CVE-2026-32610 - High (8.1)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets `allow_origins=["*"]` combined with `allow_credentials=True`. When both of t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32610/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32610 - High (8.1)
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets `allow_origins=["*"]` combined with `allow_credentials=True`. When both of t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32610/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T16:33:18
2 posts
🟠 CVE-2026-30911 - High (8.1)
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30911/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30911 - High (8.1)
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30911/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T16:16:26.527000
2 posts
🟠 CVE-2026-24063 - High (8.2)
When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninsta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24063/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24063 - High (8.2)
When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninsta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24063/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T16:16:25.990000
3 posts
🟠 CVE-2026-22729 - High (8.6)
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22729/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22729 - High (8.6)
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22729/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔒 HIGH: CVE-2026-22729 in VMware Spring AI (1.0.x, 1.1.x) enables JSONPath injection, letting authenticated users bypass access controls and access sensitive docs. Patch or sanitize input! https://radar.offseq.com/threat/cve-2026-22729-vulnerability-in-vmware-spring-ai-96356f4f #OffSeq #SpringAI #CVE202622729 #AppSec
##updated 2026-03-18T16:10:10
2 posts
🟠 CVE-2026-4258 - High (7.5)
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4258/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-4258 (HIGH): All sjcl versions affected by lack of public key validation could let remote attackers recover ECDH private keys. No patch yet — audit sjcl use, validate keys, avoid dhJavaEc()! https://radar.offseq.com/threat/cve-2026-4258-improper-verification-of-cryptograph-603f7543 #OffSeq #Vuln #sjcl #Cryptography #Infosec
##updated 2026-03-18T15:31:47
2 posts
🟠 CVE-2026-30707 - High (8.1)
An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this meth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30707/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30707 - High (8.1)
An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypass client-side restrictions and invoke this meth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30707/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T15:30:51
2 posts
🔴 CVE-2026-25449 - Critical (9.8)
Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: from n/a before 3.2.8.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25449/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25449 - Critical (9.8)
Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: from n/a before 3.2.8.1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25449/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T15:30:46
6 posts
1 repos
Apparently just affects the 26’s ?support.apple.com/en-us/126604 / CVE-2026-20643
##Apple has introduced a new update system called Background Security Improvements for delivering faster, lightweight security patches across its platforms.
The first update using this mechanism addressed CVE-2026-20643, a WebKit cross-origin vulnerability that could be exploited through malicious web content.
##The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit's Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted web content. https://thehackernews.com/2026/03/apple-fixes-webkit-vulnerability.html
##The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit's Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted web content. https://thehackernews.com/2026/03/apple-fixes-webkit-vulnerability.html
##“Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade.”
##Apple pushes first Background Security Improvements update to fix WebKit flaw
Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs...
🔗️ [Bleepingcomputer] https://link.is.it/9V9yPV
##updated 2026-03-18T15:16:27.927000
1 posts
1 repos
🔴 CVE-2026-21994 - Critical (9.8)
Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21994/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
3 posts
⛔ New security advisory:
CVE-2026-25534 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-25534-spinnaker-url-validation-bypass
🚨 CRITICAL: CVE-2026-25534 SSRF in Spinnaker clouddriver-artifacts. Versions <2025.2.4 & select 2025.x allow SSRF via URL validation bypass. Patch to 2025.2.4+, 2025.3.1, 2025.4.1, or 2026.0.0 ASAP! Details: https://radar.offseq.com/threat/cve-2026-25534-cwe-918-server-side-request-forgery-618622b4 #OffSeq #SSRF #Spinnaker
##🔴 CVE-2026-25534 - Critical (9.1)
### Impact
Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25534/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
2 posts
🟠 CVE-2026-22171 - High (8.2)
OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can con...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22171/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22171 - High (8.2)
OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can con...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22171/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
2 posts
1 repos
🟠 CVE-2026-31898 - High (8.1)
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsani...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31898/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31898 - High (8.1)
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsani...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31898/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
2 posts
🟠 CVE-2025-41258 - High (8)
LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41258/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-41258 - High (8)
LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41258/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
1 posts
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
##updated 2026-03-18T14:52:44.227000
1 posts
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
##updated 2026-03-18T14:52:44.227000
1 posts
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
##updated 2026-03-18T14:52:44.227000
2 posts
⚠️ CVE-2026-32292: CRITICAL vuln in GL-iNet Comet KVM (CVSS 9.3) — web UI lacks brute-force protections. No patch yet. Restrict access, use strong creds, monitor logs! Details: https://radar.offseq.com/threat/cve-2026-32292-cwe-307-improper-restriction-of-exc-7d4b6f55 #OffSeq #Vulnerability #Cybersecurity #BruteForce
##🟠 CVE-2026-32292 - High (7.5)
The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
3 posts
🟠 CVE-2026-24901 - High (8.1)
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownershi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24901/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24901 - High (8.1)
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownershi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24901/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24901 - High (8.1)
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownershi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24901/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
1 posts
🔴 CVE-2026-3564 - Critical (9)
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3564/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
1 posts
🟠 CVE-2025-66342 - High (7.8)
A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66342/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
1 posts
🟠 CVE-2026-32295 - High (7.5)
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32295/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:16:40.673000
12 posts
1 repos
CVE-2026-32746 GNU telnetd Buffer Overflow PoC - Critical (9.8) https://pwn.guide/free/other/cve-2026-32746
##Critical Unpatched Telnetd Flaw Enables Unauthenticated Root Remote Code Execution
GNU InetUtils telnetd contains a critical unpatched buffer overflow (CVE-2026-32746) that allow unauthenticated remote code execution.
**Another critical and trivial flaw in Telnet. Check if you are using Telnet anywhere in your network. It's urgent. Stop using Telnet and switch to SSH. Naturally, as a first step make sure to isolate the Telnet interface to trusted networks. But that's not a good long term approach, Telnet is inherently a lot less secure than SSH.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unpatched-telnetd-flaw-enables-unauthenticated-root-remote-code-execution-1-g-5-5-g/gD2P6Ple2L
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html
##CVE-2026-32746 : les serveurs Linux menacés par une nouvelle faille Telnet https://www.it-connect.fr/cve-2026-32746-les-serveurs-linux-menaces-par-une-nouvelle-faille-telnet/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Linux
##Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23 https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html
##CVE-2026-32746 GNU telnetd Buffer Overflow PoC - Critical (9.8) https://pwn.guide/free/other/cve-2026-32746
##Critical Unpatched Telnetd Flaw Enables Unauthenticated Root Remote Code Execution
GNU InetUtils telnetd contains a critical unpatched buffer overflow (CVE-2026-32746) that allow unauthenticated remote code execution.
**Another critical and trivial flaw in Telnet. Check if you are using Telnet anywhere in your network. It's urgent. Stop using Telnet and switch to SSH. Naturally, as a first step make sure to isolate the Telnet interface to trusted networks. But that's not a good long term approach, Telnet is inherently a lot less secure than SSH.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-unpatched-telnetd-flaw-enables-unauthenticated-root-remote-code-execution-1-g-5-5-g/gD2P6Ple2L
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html
##CVE-2026-32746 : les serveurs Linux menacés par une nouvelle faille Telnet https://www.it-connect.fr/cve-2026-32746-les-serveurs-linux-menaces-par-une-nouvelle-faille-telnet/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Linux
##Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23 https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html
##Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html
Short summary: https://hackerworkspace.com/article/critical-unpatched-telnetd-flaw-cve-2026-32746-enables-unauthenticated-root-rce-via-port-23
##updated 2026-03-18T12:58:46
2 posts
🟠 CVE-2026-30405 - High (7.5)
An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30405/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30405 - High (7.5)
An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30405/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T09:30:35
1 posts
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
##updated 2026-03-18T09:30:35
1 posts
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
##updated 2026-03-18T09:30:34
1 posts
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
##updated 2026-03-18T09:30:34
1 posts
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
##updated 2026-03-18T09:30:34
1 posts
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
##updated 2026-03-18T04:17:30.720000
28 posts
2 repos
https://github.com/Many-Hat-Group/Ubuntu-CVE-2026-3888-patcher
https://github.com/fevar54/CVE-2026-3888-POC-all-from-the-Qualys-platform.
CVE-2026-3888: Snap Flaw, Local Privilege Escalation to Root via @RunxiYu https://lobste.rs/s/ccys1t #security
https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
Link: https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
Discussion: https://news.ycombinator.com/item?id=47427208
Ubtuntu 24.04+ Snapd Local Privilege Escalation (CVE-2026-3888) https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
##CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
Link: https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
Discussion: https://news.ycombinator.com/item?id=47427208
📰 Today's Top 20 Hacker News Stories (Sorted by Score) 📰
----------------------------------------
🔖 Title: Rob Pike's Rules of Programming (1989)
🔗 URL: https://www.cs.unc.edu/~stotts/COMP590-059-f24/robsrules.html
👍 Score: [699]
💬 Discussion: https://news.ycombinator.com/item?id=47423647
----------------------------------------
🔖 Title: Nightingale – open-source karaoke app that works with any song on your computer
🔗 URL: https://nightingale.cafe/
👍 Score: [414]
💬 Discussion: https://news.ycombinator.com/item?id=47422942
----------------------------------------
🔖 Title: Federal Cyber Experts Called Microsoft's Cloud "A Pile of Shit", yet Approved It
🔗 URL: https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government
👍 Score: [360]
💬 Discussion: https://news.ycombinator.com/item?id=47426057
----------------------------------------
🔖 Title: Death to Scroll Fade
🔗 URL: https://dbushell.com/2026/01/09/death-to-scroll-fade/
👍 Score: [276]
💬 Discussion: https://news.ycombinator.com/item?id=47426932
----------------------------------------
🔖 Title: The pleasures of poor product design
🔗 URL: https://www.inconspicuous.info/p/the-pleasures-of-poor-product-design
👍 Score: [232]
💬 Discussion: https://news.ycombinator.com/item?id=47420432
----------------------------------------
🔖 Title: Write up of my homebrew CPU build
🔗 URL: https://willwarren.com/2026/03/12/building-my-own-cpu-part-3-from-simulation-to-hardware/
👍 Score: [209]
💬 Discussion: https://news.ycombinator.com/item?id=47389696
----------------------------------------
🔖 Title: AI coding is gambling
🔗 URL: https://notes.visaint.space/ai-coding-is-gambling/
👍 Score: [196]
💬 Discussion: https://news.ycombinator.com/item?id=47428541
----------------------------------------
🔖 Title: Snowflake AI Escapes Sandbox and Executes Malware
🔗 URL: https://www.promptarmor.com/resources/snowflake-ai-escapes-sandbox-and-executes-malware
👍 Score: [179]
💬 Discussion: https://news.ycombinator.com/item?id=47427017
----------------------------------------
🔖 Title: OpenRocket
🔗 URL: https://openrocket.info/
👍 Score: [164]
💬 Discussion: https://news.ycombinator.com/item?id=47386703
----------------------------------------
🔖 Title: Show HN: Hacker News archive (47M+ items, 11.6GB) as Parquet, updated every 5m
🔗 URL: https://huggingface.co/datasets/open-index/hacker-news
👍 Score: [148]
💬 Discussion: https://news.ycombinator.com/item?id=47378781
----------------------------------------
🔖 Title: Nvidia NemoClaw
🔗 URL: https://github.com/NVIDIA/NemoClaw
👍 Score: [138]
💬 Discussion: https://news.ycombinator.com/item?id=47427027
----------------------------------------
🔖 Title: Celebrating Tony Hoare's mark on computer science
🔗 URL: https://bertrandmeyer.com/2026/03/16/celebrating-tony-hoares-mark-on-computer-science/
👍 Score: [108]
💬 Discussion: https://news.ycombinator.com/item?id=47422228
----------------------------------------
🔖 Title: Machine Payments Protocol (MPP)
🔗 URL: https://stripe.com/blog/machine-payments-protocol
👍 Score: [98]
💬 Discussion: https://news.ycombinator.com/item?id=47426936
----------------------------------------
🔖 Title: Using calculus to do number theory
🔗 URL: https://hidden-phenomena.com/articles/hensels
👍 Score: [78]
💬 Discussion: https://news.ycombinator.com/item?id=47399330
----------------------------------------
🔖 Title: Google Engineers Launch "Sashiko" for Agentic AI Code Review of the Linux Kernel
🔗 URL: https://www.phoronix.com/news/Sashiko-Linux-AI-Code-Review
👍 Score: [62]
💬 Discussion: https://news.ycombinator.com/item?id=47427647
----------------------------------------
🔖 Title: Wander – A tiny, decentralised tool (just 2 files) to explore the small web
🔗 URL: https://susam.net/wander/
👍 Score: [56]
💬 Discussion: https://news.ycombinator.com/item?id=47427290
----------------------------------------
🔖 Title: A ngrok-style secure tunnel server written in Rust and Open Source
🔗 URL: https://github.com/joaoh82/rustunnel
👍 Score: [50]
💬 Discussion: https://news.ycombinator.com/item?id=47425918
----------------------------------------
🔖 Title: 2025 Turing award given for quantum information science
🔗 URL: https://awards.acm.org/about/2025-turing
👍 Score: [48]
💬 Discussion: https://news.ycombinator.com/item?id=47423694
----------------------------------------
🔖 Title: Wanter – A tiny, decentralised tool to explore the small web
🔗 URL: https://susam.net/wander/
👍 Score: [44]
💬 Discussion: https://news.ycombinator.com/item?id=47422759
----------------------------------------
🔖 Title: CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
🔗 URL: https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
👍 Score: [33]
💬 Discussion: https://news.ycombinator.com/item?id=47427208
----------------------------------------
CVE-2026-3888 en #Ubuntu: escalada a root aprovechando snap-confine y la limpieza de systemd-tmpfiles
##Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html
Short summary: https://hackerworkspace.com/article/ubuntu-cve-2026-3888-bug-lets-attackers-gain-root-via-systemd-cleanup-timing-exploit
##Alerte pour les bubuntuistes:
https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html
iOS/iPadOS 26.4 RC, GNOME 50 “Tokyo,” and FFmpeg 8.1.
- Linux security flaws (CVE-2026-3888) and open-source alternatives (e.g., Ageless Linux).
5. **Hardware & Gadgets**
- Samsung Galaxy Z TriFold discontinuation, BYD’s 1,500km solid-state battery, and Tesla Cybertruck safety concerns.
- Framework 16” laptop issues and retro computing (e.g., Commodore 64). [3/3]
CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
#CVE_2026_3888
https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
Global tensions heighten as the US-Iran conflict escalates, impacting oil markets via the Strait of Hormuz (March 18). Technology sees continued rapid AI advancement, with OpenAI's GPT-5.4 and Anthropic's Claude Sonnet 4.6 released (March 17). In cybersecurity, the EU sanctioned private cyber offensive groups (March 17), and a critical Ubuntu privilege escalation flaw (CVE-2026-3888) was discovered (March 18). AI-driven threats also increasingly impact M&A security.
##Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html
##Critical Ubuntu flaw (CVE-2026-3888) enables local root escalation via Snap.
Delayed exploit (10–30 days) makes detection harder.
Patch snapd immediately.
https://www.technadu.com/critical-cve-2026-3888-vulnerability-exposes-ubuntu-to-root-escalation/623670/
CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit https://securityaffairs.com/189614/security/cve-2026-3888-ubuntu-desktop-24-04-vulnerable-to-root-exploit.html
##[lien] CVE-2026-3888 : quand le nettoyage système d'Ubuntu offre un accès root #security #gik #deb #wtf
##CVE-2026-3888 : quand le nettoyage système d’Ubuntu offre un accès root https://www.it-connect.fr/cve-2026-3888-quand-le-nettoyage-systeme-dubuntu-offre-un-acces-root/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Linux
##CVE-2026-3888: Snap Flaw, Local Privilege Escalation to Root via @RunxiYu https://lobste.rs/s/ccys1t #security
https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
Link: https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
Discussion: https://news.ycombinator.com/item?id=47427208
Ubtuntu 24.04+ Snapd Local Privilege Escalation (CVE-2026-3888) https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
##CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
Link: https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
Discussion: https://news.ycombinator.com/item?id=47427208
Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html
Short summary: https://hackerworkspace.com/article/ubuntu-cve-2026-3888-bug-lets-attackers-gain-root-via-systemd-cleanup-timing-exploit
##CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
#CVE_2026_3888
https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
Global tensions heighten as the US-Iran conflict escalates, impacting oil markets via the Strait of Hormuz (March 18). Technology sees continued rapid AI advancement, with OpenAI's GPT-5.4 and Anthropic's Claude Sonnet 4.6 released (March 17). In cybersecurity, the EU sanctioned private cyber offensive groups (March 17), and a critical Ubuntu privilege escalation flaw (CVE-2026-3888) was discovered (March 18). AI-driven threats also increasingly impact M&A security.
##Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html
##Critical Ubuntu flaw (CVE-2026-3888) enables local root escalation via Snap.
Delayed exploit (10–30 days) makes detection harder.
Patch snapd immediately.
https://www.technadu.com/critical-cve-2026-3888-vulnerability-exposes-ubuntu-to-root-escalation/623670/
CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit https://securityaffairs.com/189614/security/cve-2026-3888-ubuntu-desktop-24-04-vulnerable-to-root-exploit.html
##CVE-2026-3888 : quand le nettoyage système d’Ubuntu offre un accès root https://www.it-connect.fr/cve-2026-3888-quand-le-nettoyage-systeme-dubuntu-offre-un-acces-root/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Linux
##🟠 CVE-2026-3888 - High (7.8)
Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LT...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3888/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T00:30:59
2 posts
⚠️ CRITICAL: Edimax GS-5008PL (≤1.00.54) has an auth bypass flaw (CVE-2026-32841). Attackers can gain admin access with no creds after any login. Isolate devices, restrict access, monitor logs — patch ASAP when available. https://radar.offseq.com/threat/cve-2026-32841-cwe-1108-excessive-reliance-on-glob-a4b3dee3 #OffSeq #CVE202632841 #IoTSecurity
##🟠 CVE-2026-32841 - High (8.1)
Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain adm...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32841/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T00:30:59
1 posts
🟠 CVE-2025-14031 - High (7.5)
IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14031/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T00:30:59
1 posts
🟠 CVE-2026-22727 - High (7.5)
Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22727/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T00:30:59
1 posts
🟠 CVE-2026-32838 - High (7.5)
Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32838/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T00:30:59
1 posts
🟠 CVE-2026-1376 - High (7.5)
IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1376/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T21:31:53
1 posts
🟠 CVE-2026-4064 - High (8.3)
Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4064/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T21:31:53
1 posts
🟠 CVE-2026-4295 - High (7.8)
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4295/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T21:31:53
1 posts
🟠 CVE-2026-32981 - High (7.5)
A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traver...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32981/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T21:31:53
1 posts
🟠 CVE-2025-64301 - High (7.8)
An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code exec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64301/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T20:34:22
1 posts
🟠 CVE-2026-4269 - High (7.5)
A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4269/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T20:04:49
2 posts
🟠 CVE-2026-32256 - High (7.5)
music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser (`parseExtensionObject()` in `lib/asf/AsfParser.ts:112-158`) enters an infinite loop when a sub-object inside the ASF Header...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32256/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32256 - High (7.5)
music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser (`parseExtensionObject()` in `lib/asf/AsfParser.ts:112-158`) enters an infinite loop when a sub-object inside the ASF Header...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32256/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T19:25:09.150000
1 posts
🟠 CVE-2026-32600 - High (8.2)
xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32600/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T19:01:54.250000
1 posts
🟠 CVE-2026-32729 - High (8.1)
Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials (...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32729/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T18:59:21.860000
1 posts
🟠 CVE-2026-2922 - High (7.8)
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T18:59:00.343000
1 posts
🟠 CVE-2026-2921 - High (7.8)
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vul...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2921/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T18:58:06.030000
1 posts
🟠 CVE-2026-3081 - High (7.8)
GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3081/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T18:31:38
2 posts
🟠 CVE-2026-4276 - High (7.5)
LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4276/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4276 - High (7.5)
LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4276/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T18:31:38
1 posts
Security-only OpenSSL tarball releases for CVE-2026-2673 https://lobste.rs/s/g7mczo #practices #security
https://blog.surgut.co.uk/2026/03/security-only-openssl-tarball-releases.html
updated 2026-03-17T18:30:43
3 posts
🔴 CVE-2026-32298 - Critical (9.1)
The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32298/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32298 - Critical (9.1)
The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32298/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32298 - Critical (9.1)
The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32298/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T18:30:42
4 posts
🚨 CVE-2026-32297 (CRITICAL, CVSS 9.3): ANGEET ES3 KVM allows unauthenticated remote file writes — attackers can take full control. Isolate & restrict access immediately. No patch yet. Details: https://radar.offseq.com/threat/cve-2026-32297-cwe-306-missing-authentication-for--72cb42a6 #OffSeq #CVE202632297 #KVM #Vuln #Infosec
##🟠 CVE-2026-32297 - High (7.5)
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32297/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32297 - High (7.5)
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32297/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32297 - High (7.5)
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32297/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T18:30:42
5 posts
🟠 CVE-2026-32296 - High (8.2)
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32296/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32296 - High (8.2)
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32296/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32296 - High (8.2)
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32296/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32296 - High (8.2)
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32296/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32296 - High (8.2)
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32296/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T18:30:38
2 posts
🟠 CVE-2026-4148 - High (8.8)
A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4148/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4148 - High (8.8)
A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4148/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T17:42:17.580000
1 posts
🟠 CVE-2026-28779 - High (7.5)
Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url.
This allows any application co-hosted under the same domain to capture valid Airfl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28779/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T17:08:01
3 posts
🔴 CVE-2026-31938 - Critical (9.6)
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the `output` function allows attackers to inject arbitrary HTML (such as scripts) into the browser context the created PDF is open...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31938/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31938 - Critical (9.6)
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the `output` function allows attackers to inject arbitrary HTML (such as scripts) into the browser context the created PDF is open...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31938/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL XSS (CVE-2026-31938) in parallax jsPDF <4.2.1 allows attackers to inject scripts via PDF options — exploited when victims open crafted PDFs. Upgrade to 4.2.1+ ASAP! https://radar.offseq.com/threat/cve-2026-31938-cwe-79-improper-neutralization-of-i-32085433 #OffSeq #XSS #jsPDF #Infosec
##updated 2026-03-17T17:07:43
2 posts
🟠 CVE-2026-31891 - High (7.7)
Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31891 - High (7.7)
Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T16:17:33
2 posts
🟠 CVE-2026-30922 - High (7.5)
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30922 - High (7.5)
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T16:17:07
2 posts
🟠 CVE-2026-27980 - High (7.5)
Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unb...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27980/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27980 - High (7.5)
Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unb...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27980/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T16:16:52
2 posts
🟠 CVE-2026-27979 - High (7.5)
Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, a request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27979/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27979 - High (7.5)
Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, a request containing the `next-resume: 1` header (corresponding with a PPR resume request) would buffer request bodies w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27979/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T15:39:38.403000
1 posts
🟠 CVE-2026-28520 - High (8.4)
arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28520/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T15:37:26
2 posts
1 repos
🟠 CVE-2025-50881 - High (8.8)
The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution. When handling GET requests, the script takes user-supplied input from the `action` URL parameter, performs insufficien...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50881/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-50881 - High (8.8)
The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution. When handling GET requests, the script takes user-supplied input from the `action` URL parameter, performs insufficien...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50881/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T15:37:26
2 posts
🔴 CVE-2026-4177 - Critical (9.1)
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.
The heap overflow occurs when class names exceed the initial 512-byte allocation.
The ba...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4177/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4177 - Critical (9.1)
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.
The heap overflow occurs when class names exceed the initial 512-byte allocation.
The ba...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4177/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T15:37:25
2 posts
🟠 CVE-2025-66687 - High (7.5)
Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66687/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-66687 - High (7.5)
Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66687/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T15:36:34
1 posts
🟠 CVE-2026-4318 - High (8.8)
A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buffer overflow. The attack can be initiated remot...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T15:36:22
2 posts
🔴 CVE-2025-69902 - Critical (9.8)
A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69902/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-69902 - Critical (9.8)
A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69902/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T15:23:52
3 posts
🔴 CVE-2026-32267 - Critical (9.8)
Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-RC1 to before version 5.9.12, a low-privilege user (or an unauthenticated user who has been sent a shared URL) can escalate thei...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32267/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32267 - Critical (9.8)
Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.6 and from version 5.0.0-RC1 to before version 5.9.12, a low-privilege user (or an unauthenticated user who has been sent a shared URL) can escalate thei...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32267/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-32267 in Craft CMS (4.x <4.17.6, 5.x <5.9.12) — incorrect auth allows privilege escalation to admin via shared URLs. Upgrade ASAP! Details: https://radar.offseq.com/threat/cve-2026-32267-cwe-863-incorrect-authorization-in--65bf3522 #OffSeq #CraftCMS #CVE202632267 #Vulnerability
##updated 2026-03-17T14:20:01.670000
2 posts
🟠 CVE-2025-69783 - High (7.8)
A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name (e.g., csrss.exe, edrsvc.exe, edrcon.exe). This allows unauthorized interaction with the OpenEDR kernel driver,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69783/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-69783 - High (7.8)
A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name (e.g., csrss.exe, edrsvc.exe, edrcon.exe). This allows unauthorized interaction with the OpenEDR kernel driver,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69783/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T14:20:01.670000
1 posts
🟠 CVE-2026-2579 - High (7.5)
The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.4.3 due to insufficient escaping on the user supplied parame...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2579/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T14:20:01.670000
1 posts
⚠️ HIGH severity: CVE-2026-4208 in TYPO3 "E-Mail MFA Provider" lets attackers bypass MFA by reusing/omitting codes due to faulty state reset. Patch or disable the extension and monitor logs for abuse. https://radar.offseq.com/threat/cve-2026-4208-cwe-639-in-typo3-extension-e-mail-mf-74236ea3 #OffSeq #TYPO3 #MFA #Vuln
##updated 2026-03-17T14:20:01.670000
2 posts
🚨 CRITICAL: CVE-2026-4254 in Tenda AC8 (fw ≤16.03.50.11) enables remote stack buffer overflow via /goform/SysToolChangePwd. Public exploit out — isolate & monitor! No patch yet. https://radar.offseq.com/threat/cve-2026-4254-stack-based-buffer-overflow-in-tenda-501e8b3e #OffSeq #CVE20264254 #RouterSecurity #Vuln
##🔴 CVE-2026-4254 - Critical (9.8)
A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local_2c causes stack-based b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4254/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T14:20:01.670000
2 posts
🔴 CVE-2025-69809 - Critical (9.8)
A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69809/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-69809 - Critical (9.8)
A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69809/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T14:20:01.670000
1 posts
🔴 CVE-2025-69808 - Critical (9.1)
An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to access sensitive information and cause a Denial of Service (DoS) via supplying a crafted packet.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69808/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T14:20:01.670000
1 posts
🟠 CVE-2026-23862 - High (7.8)
Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23862/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T09:31:33
2 posts
🔴 CVE-2026-4312 - Critical (9.8)
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-4312 (CRITICAL, CVSS 9.3) in DrangSoft GCB/FCB Audit Software: missing auth allows remote admin account creation & full compromise. No patch yet — restrict API access, monitor closely. https://radar.offseq.com/threat/cve-2026-4312-cwe-306-missing-authentication-for-c-6cd3271e #OffSeq #Vulnerability #InfoSec
##updated 2026-03-17T06:31:33
1 posts
🟠 CVE-2026-0708 - High (8.3)
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0708/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T22:01:06
1 posts
🟠 CVE-2026-32313 - High (8.2)
xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T21:54:15
2 posts
🟠 CVE-2026-28498 - High (7.5)
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specificall...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28498/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28498 - High (7.5)
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specificall...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28498/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T21:54:00
2 posts
🔴 CVE-2026-27962 - Critical (9.1)
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass sign...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27962/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-27962 - Critical (9.1)
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass sign...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27962/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T21:35:35
1 posts
🟠 CVE-2025-69784 - High (8.8)
A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69784/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T21:35:34
2 posts
🟠 CVE-2025-69768 - High (7.5)
SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69768/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-69768 - High (7.5)
SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69768/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T18:32:15
2 posts
🚩 CRITICAL: CVE-2026-4252 impacts Tenda AC8 (16.03.50.11). IP-based auth in IPv6 Handler lets remote attackers bypass login. Exploit is public. Disable remote mgmt, restrict access, monitor traffic. Details: https://radar.offseq.com/threat/cve-2026-4252-reliance-on-ip-address-for-authentic-a9de4650 #OffSeq #CVE #RouterSecurity #Infosec
##🔴 CVE-2026-4252 - Critical (9.8)
A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4252/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T18:32:03
2 posts
New KEV addition by CISA:
CVE-2025-47813 (Wing FTP Server)
• Information disclosure flaw
• Actively exploited
• High remediation priority
KEV = real-world threat signal.
Follow @technadu for updates.
##🚨 [CISA-2026:0316] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0316)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-47813 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-47813)
- Name: Wing FTP Server Information Disclosure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Wing FTP Server
- Product: Wing FTP Server
- Notes: https://www.wftpserver.com/serverhistory.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-47813
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260316 #cisa20260316 #cve_2025_47813 #cve202547813
##updated 2026-03-16T16:26:55
2 posts
🟠 CVE-2026-32609 - High (7.5)
Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix (commit 5d3de60) addressed unauthenticated configuration secrets exposure on the `/api/v4/config` endpoints by introducing `as_dict_secure()` redaction. However, th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32609/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32609 - High (7.5)
Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix (commit 5d3de60) addressed unauthenticated configuration secrets exposure on the `/api/v4/config` endpoints by introducing `as_dict_secure()` redaction. However, th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32609/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T16:26:01
1 posts
🟠 CVE-2026-32606 - High (7.6)
IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32606/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T16:23:59
2 posts
🟠 CVE-2026-32596 - High (7.5)
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensitive system information including process comman...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32596/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32596 - High (7.5)
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with `glances -w`, exposing REST API with sensitive system information including process comman...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32596/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T16:15:34
2 posts
🟠 CVE-2026-29112 - High (7.5)
DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the `ensureSize()` function in `@dicebear/converter` read the `width` and `height` attributes from the input SVG to determine the output canvas size for rasterizat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-29112 - High (7.5)
DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the `ensureSize()` function in `@dicebear/converter` read the `width` and `height` attributes from the input SVG to determine the output canvas size for rasterizat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:58
1 posts
🟠 CVE-2026-4188 - High (8.8)
A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4188/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:57
1 posts
🟠 CVE-2026-3083 - High (8.8)
GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3083/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:57
1 posts
🟠 CVE-2026-3558 - High (8.1)
Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3558/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:57
1 posts
🟠 CVE-2026-3556 - High (8.8)
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3556/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:57
1 posts
🟠 CVE-2026-3476 - High (7.8)
A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3476/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:57
1 posts
🟠 CVE-2026-3559 - High (8.1)
Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3559/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:57
1 posts
🔴 CVE-2026-4163 - Critical (9.8)
A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is pos...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4163/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:57
1 posts
🔴 CVE-2026-4184 - Critical (9.8)
A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4184/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:56
1 posts
🟠 CVE-2026-3085 - High (8.8)
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3085/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:56
1 posts
🟠 CVE-2026-3082 - High (7.8)
GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3082/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:56
2 posts
🟠 CVE-2026-3838 - High (8.8)
Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability.
The spec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3838/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3838 - High (8.8)
Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability.
The spec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3838/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:56
1 posts
🟠 CVE-2026-3561 - High (8)
Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although auth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3561/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:56
2 posts
🔴 CVE-2026-4181 - Critical (9.8)
A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4181/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4181 - Critical (9.8)
A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4181/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:56
1 posts
🔴 CVE-2026-4183 - Critical (9.8)
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer ov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4183/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:55
1 posts
🟠 CVE-2026-28521 - High (7.7)
arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-boun...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28521/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:55
1 posts
🟠 CVE-2026-28519 - High (8.8)
arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28519/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:55
1 posts
🟠 CVE-2026-2493 - High (7.5)
IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2493/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:55
1 posts
🟠 CVE-2026-2476 - High (7.6)
Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2476/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:55
1 posts
🟠 CVE-2026-2920 - High (7.8)
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2920/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:55
1 posts
🟠 CVE-2026-2923 - High (7.8)
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2923/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:55
1 posts
2 repos
🟠 CVE-2026-3086 - High (7.8)
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3086/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:55
1 posts
🟠 CVE-2026-3084 - High (7.8)
GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3084/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:55
1 posts
🟠 CVE-2026-3557 - High (8)
Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Brid...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3557/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
1 posts
🟠 CVE-2026-32614 - High (7.5)
Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32614/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
1 posts
🟠 CVE-2026-3555 - High (8)
Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3555/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
2 posts
🔴 CVE-2026-4164 - Critical (9.8)
A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4164/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4164 - Critical (9.8)
A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4164/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
1 posts
🟠 CVE-2026-3560 - High (8.8)
Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Auth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3560/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
1 posts
🔴 CVE-2026-4170 - Critical (9.8)
A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmc_sync.php of the component HTTP Request Handler. Executing a manipulation of the argument ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4170/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
1 posts
🟠 CVE-2026-4167 - High (8.8)
A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4167/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T22:00:01.403000
2 posts
⚪️ Google Fixes Two 0-Day Vulnerabilities in Chrome
🗨️ Google developers have released an emergency update for the Chrome browser that fixes two zero-day vulnerabilities, which were already being exploited in real-world attacks. “Google is aware that exploits exist for vulnerabilities CVE-2026-3909 and CVE-2026-3910,” according to the security bulletin…
##Google posted this yesterday, addressing CVE-2026-3909 and CVE-2026-3910.
Long Term Support Channel Update for ChromeOS https://chromereleases.googleblog.com/ #Google #Chrome #infosec
##updated 2026-03-13T21:32:59
2 posts
⚪️ Google Fixes Two 0-Day Vulnerabilities in Chrome
🗨️ Google developers have released an emergency update for the Chrome browser that fixes two zero-day vulnerabilities, which were already being exploited in real-world attacks. “Google is aware that exploits exist for vulnerabilities CVE-2026-3909 and CVE-2026-3910,” according to the security bulletin…
##Google posted this yesterday, addressing CVE-2026-3909 and CVE-2026-3910.
Long Term Support Channel Update for ChromeOS https://chromereleases.googleblog.com/ #Google #Chrome #infosec
##updated 2026-03-13T20:51:15
1 posts
🔴 CVE-2026-32621 - Critical (9.9)
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.pr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32621/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:19:00.987000
2 posts
Votre AdGuard Home est vulnérable à une compromission totale : CVE-2026-32136 https://www.it-connect.fr/votre-adguard-home-est-vulnerable-a-une-compromission-totale-cve-2026-32136/ #ActuCybersécurité #Cybersécurité #Vulnérabilité
##Votre AdGuard Home est vulnérable à une compromission totale : CVE-2026-32136 https://www.it-connect.fr/votre-adguard-home-est-vulnerable-a-une-compromission-totale-cve-2026-32136/ #ActuCybersécurité #Cybersécurité #Vulnérabilité
##updated 2026-03-12T21:08:22.643000
1 posts
This was a misconfiguration in Jellyfin's GitHub Actions. It has since been fixed. I'm kinda struggling to call this a "software vulnerability." Like...GitHub worked fine. The user (jellyfin) made insecure choices. This makes less sense than the rPi default credentials.
##updated 2026-03-11T15:32:59
1 posts
updated 2026-03-10T21:33:20
1 posts
Jail chroot escape via fd exchange with a different jail
CVE-2025-15576
"Note that in order to exploit this problem, an attacker requires control over processes in two jails which share a nullfs mount in which a unix socket can be installed."
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:04.jail.asc
##updated 2026-03-04T21:21:49.053000
2 posts
New advisory from Cisco addressing critical February 25 vulnerabilities:
"There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory."
CVE-2026-20122; CVE-2026-20126; CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #vulnerability
##New advisory from Cisco addressing critical February 25 vulnerabilities:
"There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory."
CVE-2026-20122; CVE-2026-20126; CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-02-25T18:31:45
2 posts
New advisory from Cisco addressing critical February 25 vulnerabilities:
"There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory."
CVE-2026-20122; CVE-2026-20126; CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #vulnerability
##New advisory from Cisco addressing critical February 25 vulnerabilities:
"There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory."
CVE-2026-20122; CVE-2026-20126; CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-02-25T18:31:45
2 posts
New advisory from Cisco addressing critical February 25 vulnerabilities:
"There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory."
CVE-2026-20122; CVE-2026-20126; CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #vulnerability
##New advisory from Cisco addressing critical February 25 vulnerabilities:
"There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory."
CVE-2026-20122; CVE-2026-20126; CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-02-23T22:28:06
1 posts
updated 2026-02-20T15:45:19.210000
1 posts
updated 2025-10-22T00:34:26
1 posts
82 repos
https://github.com/4f-kira/CVE-2025-32463
https://github.com/behnamvanda/CVE-2025-32463
https://github.com/0x00315732/musical-engine
https://github.com/yeremeu/CVE-2025-32463_chwoot
https://github.com/0xAkarii/CVE-2025-32463
https://github.com/MohamedKarrab/CVE-2025-32463
https://github.com/aexdyhaxor/CVE-2025-32463
https://github.com/hackingyseguridad/root
https://github.com/SpycioKon/CVE-2025-32463
https://github.com/morgenm/sudo-chroot-CVE-2025-32463
https://github.com/blackcat4347/CVE-2025-32463_PoC
https://github.com/D3ltaFormation/CVE-2025-32463-Sudo-Chroot-Escape
https://github.com/shazed-x/CVE-2025-32463
https://github.com/0xAshwesker/CVE-2025-32463
https://github.com/san8383/CVE-2025-32463
https://github.com/r3dBust3r/CVE-2025-32463
https://github.com/ill-deed/CVE-2025-32463_illdeed
https://github.com/Floodnut/CVE-2025-32463
https://github.com/robbert1978/CVE-2025-32463_POC
https://github.com/vpr-labs/CVE-2025-32463
https://github.com/Mikivirus0/sudoinjection
https://github.com/ChetanKomal/sudo_exploit
https://github.com/lowercasenumbers/CVE-2025-32463_sudo_chroot
https://github.com/Yuy0ung/CVE-2025-32463_chwoot
https://github.com/mihnasdsad/CVE-2025-32463
https://github.com/MAAYTHM/CVE-2025-32462_32463-Lab
https://github.com/Chocapikk/CVE-2025-32463-lab
https://github.com/ankitpandey383/CVE-2025-32463-Sudo-Privilege-Escalation
https://github.com/kh4sh3i/CVE-2025-32463
https://github.com/FreeDurok/CVE-2025-32463-PoC
https://github.com/Rajneeshkarya/CVE-2025-32463
https://github.com/zhaduchanhzz/CVE-2025-32463_POC
https://github.com/ricardomaia/CVE-2025-32463
https://github.com/zinzloun/CVE-2025-32463
https://github.com/aldoClau98/CVE-2025-32463
https://github.com/AdityaBhatt3010/Sudo-Privilege-Escalation-Linux-CVE-2025-32463-and-CVE-2025-32462
https://github.com/onniio/CVE-2025-32463
https://github.com/painoob/CVE-2025-32463
https://github.com/daryllundy/CVE-2025-32463
https://github.com/cybershaolin47/CVE-2025-32463_POC
https://github.com/Mr-Alperen/CVE-2025-32463
https://github.com/0xb0rn3/CVE-2025-32463-EXPLOIT
https://github.com/K1tt3h/CVE-2025-32463-POC
https://github.com/K3ysTr0K3R/CVE-2025-32463-EXPLOIT
https://github.com/hacieda/CVE-2025-32463
https://github.com/dr4xp/sudo-chroot
https://github.com/cybertechajju/CVE-2025-32463
https://github.com/harsh1verma/CVE-Analysis
https://github.com/Ghstxz/CVE-2025-32463
https://github.com/7r00t/cve-2025-32463-lab
https://github.com/krypton-0x00/CVE-2025-32463-Chwoot-POC
https://github.com/CIA911/sudo_patch_CVE-2025-32463
https://github.com/Nowafen/CVE-2025-32463
https://github.com/neko205-mx/CVE-2025-32463_Exploit
https://github.com/KaiHT-Ladiant/CVE-2025-32463
https://github.com/pevinkumar10/CVE-2025-32463
https://github.com/y4ney/CVE-2025-32463-lab
https://github.com/mirchr/CVE-2025-32463-sudo-chwoot
https://github.com/AC8999/CVE-2025-32463
https://github.com/abrewer251/CVE-2025-32463_Sudo_PoC
https://github.com/robbin0919/CVE-2025-32463
https://github.com/MGunturG/CVE-2025-32463
https://github.com/khoazero123/CVE-2025-32463
https://github.com/pr0v3rbs/CVE-2025-32463_chwoot
https://github.com/0x3c4dfa1/CVE-2025-32463
https://github.com/justjoeyking/CVE-2025-32463
https://github.com/gmh5225/Blackash-CVE-2025-32463
https://github.com/Maalfer/Sudo-CVE-2021-3156
https://github.com/0p5cur/CVE-2025-32463-POC
https://github.com/SpongeBob-369/cve-2025-32463
https://github.com/lakshan-sameera/CVE-2025-32462-and-CVE-2025-32463---Critical-Sudo-Vulnerabilities
https://github.com/yonathanpy/CVE-2025-32462-CVE-2025-32463-PoC-Lab
https://github.com/danilo1992-sys/CVE-2025-32463
https://github.com/ashardev002/CVE-2025-32463_chwoot
https://github.com/12bijaya/CVE-2025-32463
https://github.com/dr4x-c0d3r/sudo-chroot
https://github.com/SysMancer/CVE-2025-32463
https://github.com/wvverez/CVE-2025-32463
https://github.com/toohau/CVE-2025-32462-32463-Detection-Script-
https://github.com/NewComrade12211/CVE-2025-32463
Internal redteam, 8h, no tools except one exploit.
Result: VP account, full AD control. SOC: 0 alerts.
https://github.com/toxy4ny/semetsky---VP
Why it matters: PXE-boot Linux, unmonitored, unpatched since 2023.
CVE-2025-32463 → bash_history with plaintext creds → RDP hop →
custom AD delegation. All "legitimate" actions, no SOC triggers.
What's your "Yuri Semetsky" story? (obfuscated, of course)
##updated 2025-10-14T18:30:47
1 posts
1 repos
CVE-2025-59284: How reading a gnu manpage led to a Windows NetNTLM phishing exploit https://sec-fault.com/blog/cve-2025-59284/
##updated 2025-06-03T21:31:40
2 posts
10 repos
https://github.com/kyakei/CVE-2025-4138-poc
https://github.com/Rohitberiwala/PyPath-Escape-CVE-2025-4517-Exploit-Research
https://github.com/estebanzarate/CVE-2025-4517-Python-tarfile-filter-data-Bypass-PoC
https://github.com/StealthByte0/CVE-2025-4517-poc
https://github.com/DesertDemons/CVE-2025-4138-4517-POC
https://github.com/bgutowski/CVE-2025-4517-POC-Sudoers
https://github.com/AnimePrincess420/CVE-2025-4517-PoC
https://github.com/0xDTC/CVE-2025-4517-tarfile-PATH_MAX-bypass
The dizzying exercise of trying to wrap my head around the escape in CVE-2025-4517 made WingData an interesting box for me. 16 layers of symlinks just to read the root flag! https://labs.hackthebox.com/achievement/machine/1069235/835
##The dizzying exercise of trying to wrap my head around the escape in CVE-2025-4517 made WingData an interesting box for me. 16 layers of symlinks just to read the root flag! https://labs.hackthebox.com/achievement/machine/1069235/835
##🔴 CVE-2026-28430 - Critical (9.8)
Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the custom_dates parameter. By chaining this with a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28430/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-28430 - Critical (9.8)
Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the custom_dates parameter. By chaining this with a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28430/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Chamilo LMS < 1.11.34 has a CRITICAL SQL injection vuln (CVE-2026-28430, CVSS 9.3). Unauth attackers can hijack admin accounts & access PII. Upgrade to 1.11.34 ASAP. No public exploits yet. https://radar.offseq.com/threat/cve-2026-28430-cwe-89-improper-neutralization-of-s-36133b16 #OffSeq #SQLInjection #Chamilo #InfoSec
##🟠 CVE-2026-32321 - High (8.8)
ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 #80 within the `actions/ajax.php` endpoint. Due to insufficient input sanitization of the `us...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32321 - High (8.8)
ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 #80 within the `actions/ajax.php` endpoint. Due to insufficient input sanitization of the `us...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32321/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27894 - High (8.8)
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27894/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27894 - High (8.8)
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP fi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27894/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27811 - High (8.8)
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the `/config/compare///show` endpoint, allowed authenticated users to execute arbitrary sy...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27811/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔶 New security advisory:
CVE-2026-27811 affects multiple systems.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-27811-roxy-wi-command-injection-vulnerability
🟠 CVE-2026-27811 - High (8.8)
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the `/config/compare///show` endpoint, allowed authenticated users to execute arbitrary sy...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27811/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-29056 - High (8.8)
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint (`UserInviteController::register()`) accepts all POST parameters and passes them to `UserModel::create()` without ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29056/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-29056 - High (8.8)
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint (`UserInviteController::register()`) accepts all POST parameters and passes them to `UserModel::create()` without ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29056/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27135 - High (7.5)
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_termin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27135/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27135 - High (7.5)
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_termin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27135/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Published the writeup for the authenticated SQL injection vulnerability in Kanboard - CVE-2026-33058.
https://0dave.ch/posts/cve-2026-33058/
https://www.cve.org/CVERecord?id=CVE-2026-33058
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh
Published the writeup for the authenticated SQL injection vulnerability in Kanboard - CVE-2026-33058.
https://0dave.ch/posts/cve-2026-33058/
https://www.cve.org/CVERecord?id=CVE-2026-33058
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh
🔴 CVE-2026-30884 - Critical (9.6)
mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30884/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30884 - Critical (9.6)
mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30884/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30884 - Critical (9.6)
mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30884/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30884 - Critical (9.6)
mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30884/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CRITICAL: CVE-2026-30884 in mdjnelson moodle-mod_customcert (<4.4.9, 5.0.0 – 5.0.3) enables cross-course certificate tampering by teachers. Update to 4.4.9/5.0.3+ and review permissions. https://radar.offseq.com/threat/cve-2026-30884-cwe-639-authorization-bypass-throug-1e3f429f #OffSeq #Moodle #Infosec #Vulnerability
##🟠 CVE-2026-32693 - High (8.8)
In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool lo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32693/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32693 - High (8.8)
In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool lo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32693/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32692 - High (7.6)
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attack...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32692/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32692 - High (7.6)
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attack...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32692/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Schneider Electric Patches Critical RCE Vulnerability in SCADAPack RTUs
Schneider Electric disclosed a critical vulnerability (CVE-2026-0667) in its SCADAPack RTUs and RemoteConnect software that allows unauthenticated attackers to execute arbitrary code via Modbus TCP. The flaw poses a severe risk to critical infrastructure, potentially leading to full system takeover or denial of service.
**If you have SCADAPack x70 RTUs (47x, 47xi, or 57x series) or use RemoteConnect software, make sure all devices are isolated from the internet and accessible from trusted networks only. Then immediately update RemoteConnect to R3.4.2 and firmware to 9.12.2 on your 47x/47xi devices. If you can't patch right now, block unauthorized Modbus TCP access using the built-in firewall and disable the logic debug service.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/schneider-electric-patches-critical-rce-vulnerability-in-scadapack-rtus-b-7-l-u-g/gD2P6Ple2L
🔴 CVE-2026-25770 - Critical (9.1)
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protoco...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25770/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25769 - Critical (9.1)
Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using clu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25769/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Found a bypass in Wazuh's UNC path validation for Windows agents.
The existing mitigation (CVE-2025-30201) blocked standard UNC paths like \\server\share, but extended-length UNC paths using the \\?\UNC\ prefix slipped right through. This affects the OSQuery wodle's log_path and config_path fields.
Impact: An attacker who controls the centralized agent config can coerce domain-joined Windows agents into authenticating to an attacker-controlled SMB server, leaking the machine account's NetNTLMv2 hash. From there it's NTLM relay and potentially full Active Directory domain compromise.
Patched in Wazuh 4.14.3. CVSS 7.7 High.
Full writeup with technical details on my blog:
moltenbit.net/posts/wazuh-unc-mitigation-bypass-cve-2025-30201/
#infosec #bugbounty #wazuh #security #cybersecurity #vulnerabilityresearch
##🚨 CVE-2026-23489 (CRITICAL, CVSS 9.1): GLPI 'fields' plugin (<1.23.3) allows privileged users to execute arbitrary PHP code (RCE risk). Patch to 1.23.3+, review permissions, and monitor activity. https://radar.offseq.com/threat/cve-2026-23489-cwe-20-improper-input-validation-in-9483a14f #OffSeq #GLPI #CVE202623489 #infosec
##🔴 CVE-2026-23489 - Critical (9.1)
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23489/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32628 - High (8.8)
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the ag...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32628/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30881 - High (8.8)
Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters date_start and date_end from $_REQUEST are embedded directly into a raw SQL string withou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30881/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30875 - High (8.8)
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution (RCE). The H5P package validation...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30875/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32616 - High (8.2)
Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $_SERVER['HTTP_HOST'] without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host he...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32616/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32627 - High (8.7)
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and set_follow_location(true), any HTTPS redirect it follows will have TLS certificate and host...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32627/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32626 - Critical (9.6)
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32626/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32708 - High (7.8)
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32708/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##