| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-32049 | 7.5 | 0.10% | 1 | 0 | 2026-03-23T17:09:08.487000 | OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inb | |
| CVE-2026-33038 | 8.1 | 0.04% | 1 | 0 | 2026-03-23T16:24:08.187000 | WWBN AVideo is an open source video platform. Versions 25.0 and below are vulner | |
| CVE-2026-33039 | 8.6 | 0.01% | 1 | 0 | 2026-03-23T16:22:49.120000 | WWBN AVideo is an open source video platform. In versions 25.0 and below, the pl | |
| CVE-2026-32055 | 7.6 | 0.06% | 1 | 0 | 2026-03-23T16:22:12.563000 | OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in w | |
| CVE-2026-4437 | 7.5 | 0.02% | 2 | 0 | 2026-03-23T16:16:51.537000 | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that sp | |
| CVE-2026-4404 | 9.4 | 0.00% | 2 | 0 | 2026-03-23T16:16:50.840000 | Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allow | |
| CVE-2026-31903 | 7.5 | 0.07% | 1 | 0 | 2026-03-23T16:16:46.560000 | The WebSocket Application Programming Interface lacks restrictions on the number | |
| CVE-2026-24060 | 9.1 | 0.02% | 2 | 0 | 2026-03-23T16:16:43.553000 | Service information is not encrypted when transmitted as BACnet packets over th | |
| CVE-2026-4601 | 8.7 | 0.02% | 4 | 0 | 2026-03-23T16:10:01.390000 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Crypto | |
| CVE-2026-33297 | 9.1 | 0.00% | 4 | 0 | 2026-03-23T15:58:42.010000 | WWBN AVideo is an open source video platform. Prior to version 26.0, the `setPas | |
| CVE-2025-46597 | 7.5 | 0.02% | 2 | 0 | 2026-03-23T15:31:42 | Bitcoin Core 0.13.0 through 29.x has an integer overflow. | |
| CVE-2026-32746 | 9.8 | 0.03% | 1 | 4 | 2026-03-23T15:31:40 | telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMO | |
| CVE-2026-33043 | 8.1 | 0.03% | 2 | 0 | 2026-03-23T15:28:09.777000 | WWBN AVideo is an open source video platform. In versions 25.0 and below, /objec | |
| CVE-2026-4434 | 8.1 | 0.01% | 2 | 0 | 2026-03-23T15:16:35.523000 | Improper certificate validation in the PAM propagation WinRM connections allows | |
| CVE-2026-23554 | 7.8 | 0.02% | 4 | 0 | 2026-03-23T15:16:32.060000 | The Intel EPT paging code uses an optimization to defer flushing of any cached E | |
| CVE-2026-22163 | 7.8 | 0.02% | 4 | 0 | 2026-03-23T15:16:31.873000 | Requires malware code to misuse the DDK kernel module IOCTL interface. Such cod | |
| CVE-2026-21732 | 9.6 | 0.02% | 2 | 0 | 2026-03-23T15:16:31.653000 | A web page that contains unusual GPU shader code is loaded into the GPU compiler | |
| CVE-2025-67260 | 8.8 | 0.02% | 2 | 0 | 2026-03-23T15:16:29.550000 | The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated compon | |
| CVE-2025-63261 | 7.8 | 0.15% | 2 | 0 | 2026-03-23T15:16:29.387000 | AWStats 8.0 is vulnerable to Command Injection via the open function | |
| CVE-2026-4497 | 7.3 | 1.91% | 2 | 0 | 2026-03-23T14:32:02.800000 | A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. Affected | |
| CVE-2026-31904 | 7.5 | 0.08% | 1 | 0 | 2026-03-23T14:32:02.800000 | The WebSocket Application Programming Interface lacks restrictions on the number | |
| CVE-2026-33180 | 7.5 | 0.03% | 1 | 0 | 2026-03-23T14:32:02.800000 | HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare i | |
| CVE-2026-33243 | 8.2 | 0.01% | 1 | 0 | 2026-03-23T14:32:02.800000 | barebox is a bootloader. In barebox from version 2016.03.0 to before version 202 | |
| CVE-2026-32064 | 7.7 | 0.04% | 1 | 0 | 2026-03-23T14:32:02.800000 | OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc | |
| CVE-2026-1313 | 8.3 | 0.04% | 2 | 0 | 2026-03-23T14:32:02.800000 | The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Reque | |
| CVE-2026-2468 | 7.5 | 0.07% | 1 | 1 | 2026-03-23T14:32:02.800000 | The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntn_ | |
| CVE-2026-2941 | 8.8 | 0.04% | 1 | 0 | 2026-03-23T14:32:02.800000 | The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized | |
| CVE-2026-1648 | 7.2 | 0.04% | 1 | 0 | 2026-03-23T14:32:02.800000 | The Performance Monitor plugin for WordPress is vulnerable to Server-Side Reques | |
| CVE-2026-33172 | 8.7 | 0.01% | 2 | 0 | 2026-03-23T14:32:02.800000 | Statamic is a Laravel and Git powered content management system (CMS). Prior to | |
| CVE-2026-23536 | 7.5 | 0.07% | 1 | 0 | 2026-03-23T14:32:02.800000 | A security issue was discovered in the Feast Feature Server's `/read-document` e | |
| CVE-2026-33142 | 8.1 | 0.03% | 1 | 0 | 2026-03-23T14:32:02.800000 | OneUptime is a solution for monitoring and managing online services. Prior to ve | |
| CVE-2026-33156 | 7.8 | 0.01% | 1 | 0 | 2026-03-23T14:32:02.800000 | ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, Scree | |
| CVE-2026-32969 | 7.5 | 0.11% | 8 | 0 | 2026-03-23T14:31:37.267000 | An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vu | |
| CVE-2026-4565 | 8.8 | 0.09% | 4 | 0 | 2026-03-23T14:31:37.267000 | A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function | |
| CVE-2026-4534 | 8.8 | 0.05% | 5 | 0 | 2026-03-23T14:31:37.267000 | A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlE | |
| CVE-2026-4553 | 8.8 | 0.02% | 2 | 0 | 2026-03-23T14:31:37.267000 | A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function f | |
| CVE-2026-4555 | 8.8 | 0.04% | 2 | 0 | 2026-03-23T14:31:37.267000 | A weakness has been identified in D-Link DIR-513 1.10. The impacted element is t | |
| CVE-2026-4543 | 6.3 | 0.18% | 2 | 0 | 2026-03-23T14:31:37.267000 | A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is | |
| CVE-2026-4373 | 7.5 | 0.10% | 2 | 0 | 2026-03-23T14:31:37.267000 | The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via | |
| CVE-2026-4585 | 9.8 | 0.15% | 4 | 0 | 2026-03-23T12:30:36 | A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up | |
| CVE-2026-32968 | 9.8 | 0.11% | 6 | 0 | 2026-03-23T12:30:31 | Due to the improper neutralisation of special elements used in an OS command, an | |
| CVE-2026-3587 | 10.0 | 0.09% | 6 | 1 | 2026-03-23T09:30:29 | An unauthenticated remote attacker can exploit a hidden function in the CLI prom | |
| CVE-2026-4599 | 9.1 | 0.03% | 6 | 0 | 2026-03-23T06:30:40 | Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to | |
| CVE-2026-4598 | 7.5 | 0.04% | 4 | 0 | 2026-03-23T06:30:39 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop | |
| CVE-2026-4602 | 7.5 | 0.04% | 4 | 0 | 2026-03-23T06:30:39 | Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conv | |
| CVE-2026-4606 | None | 0.04% | 2 | 0 | 2026-03-23T03:31:45 | GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components wi | |
| CVE-2026-4566 | 8.8 | 0.04% | 4 | 0 | 2026-03-23T03:31:45 | A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the fun | |
| CVE-2026-4567 | 9.8 | 0.09% | 5 | 0 | 2026-03-23T03:31:41 | A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is | |
| CVE-2026-2580 | 7.5 | 0.07% | 4 | 1 | 2026-03-23T00:31:08 | The WP Maps β Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & | |
| CVE-2026-4558 | 8.8 | 0.15% | 3 | 0 | 2026-03-22T18:30:22 | A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function s | |
| CVE-2026-4552 | 8.8 | 0.05% | 2 | 0 | 2026-03-22T15:31:39 | A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the fun | |
| CVE-2026-4551 | 8.8 | 0.05% | 2 | 0 | 2026-03-22T15:31:39 | A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the | |
| CVE-2026-4540 | 7.3 | 0.03% | 2 | 0 | 2026-03-22T09:30:33 | A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. T | |
| CVE-2026-4314 | 8.8 | 0.04% | 2 | 0 | 2026-03-22T06:30:22 | The 'The Ultimate WordPress Toolkit β WP Extended' plugin for WordPress is vulne | |
| CVE-2026-4535 | 8.8 | 0.05% | 4 | 0 | 2026-03-22T06:30:22 | A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affect | |
| CVE-2026-4533 | 6.3 | 0.03% | 2 | 0 | 2026-03-22T03:30:31 | A vulnerability was detected in code-projects Simple Food Ordering System 1.0. A | |
| CVE-2026-3629 | 8.1 | 0.04% | 2 | 0 | 2026-03-22T00:30:33 | The Import and export users and customers plugin for WordPress is vulnerable to | |
| CVE-2026-4529 | 8.8 | 0.04% | 2 | 0 | 2026-03-22T00:30:33 | A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the fu | |
| CVE-2025-71263 | 7.4 | 0.02% | 1 | 0 | 2026-03-21T22:16:18.207000 | In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer o | |
| CVE-2026-4261 | 8.8 | 0.04% | 2 | 0 | 2026-03-21T06:30:39 | The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in a | |
| CVE-2026-3478 | 7.2 | 0.07% | 1 | 0 | 2026-03-21T06:30:38 | The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Sid | |
| CVE-2026-1800 | 7.5 | 0.07% | 1 | 0 | 2026-03-21T06:30:36 | The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-base | |
| CVE-2026-3334 | 8.8 | 0.03% | 1 | 0 | 2026-03-21T06:30:36 | The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'o | |
| CVE-2025-14037 | 8.1 | 0.04% | 1 | 0 | 2026-03-21T06:30:23 | The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file | |
| CVE-2026-32056 | 7.5 | 0.15% | 1 | 0 | 2026-03-21T03:32:18 | OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment | |
| CVE-2026-32042 | 8.8 | 0.10% | 1 | 0 | 2026-03-21T03:31:17 | OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vu | |
| CVE-2026-32048 | 7.5 | 0.04% | 1 | 0 | 2026-03-21T03:31:14 | OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during c | |
| CVE-2026-32051 | 8.8 | 0.06% | 1 | 0 | 2026-03-21T03:31:14 | OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerabil | |
| CVE-2026-3584 | 9.8 | 0.22% | 2 | 0 | 2026-03-21T00:32:48 | The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in al | |
| CVE-2026-25192 | 9.4 | 0.13% | 2 | 0 | 2026-03-21T00:32:47 | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to | |
| CVE-2026-29796 | 9.4 | 0.10% | 3 | 0 | 2026-03-21T00:31:52 | WebSocket endpoints lack proper authentication mechanisms, enabling attackers to | |
| CVE-2026-32666 | 7.5 | 0.04% | 1 | 0 | 2026-03-21T00:31:52 | WebCTRL systems that communicate over BACnet inherit the protocol's lack of net | |
| CVE-2026-25086 | 7.7 | 0.01% | 1 | 0 | 2026-03-21T00:31:51 | Under certain conditions, an attacker could bind to the same port used by WebCT | |
| CVE-2026-33154 | 7.5 | 0.04% | 1 | 0 | 2026-03-20T21:34:04 | ### Summary Dynaconf is vulnerable to Server-Side Template Injection (SSTI) due | |
| CVE-2026-33010 | 8.1 | 0.03% | 1 | 0 | 2026-03-20T21:32:24 | ### Summary When the HTTP server is enabled (`MCP_HTTP_ENABLED=true`), the appli | |
| CVE-2025-32432 | 10.0 | 89.44% | 1 | 4 | template | 2026-03-20T21:28:38 | ### Impact This is an additional fix for https://github.com/craftcms/cms/securi |
| CVE-2026-33128 | 7.5 | 0.01% | 1 | 0 | 2026-03-20T21:27:42 | ## Summary `createEventStream` in h3 is vulnerable to Server-Sent Events (SSE) | |
| CVE-2026-33068 | None | 0.14% | 2 | 0 | 2026-03-20T21:24:22 | Claude Code resolved the permission mode from settings files, including the repo | |
| CVE-2026-33057 | 9.8 | 0.12% | 1 | 0 | 2026-03-20T21:23:52 | #### Summary An explicit web endpoint inside the `ai/` testing module infrastruc | |
| CVE-2026-33054 | 10.0 | 0.02% | 1 | 0 | 2026-03-20T21:23:23 | #### Summary A Path Traversal vulnerability allows any user (or attacker) supply | |
| CVE-2026-33036 | 7.5 | 0.04% | 1 | 0 | 2026-03-20T21:22:16 | ## Summary The fix for CVE-2026-26278 added entity expansion limits (`maxTotalE | |
| CVE-2026-33012 | 7.5 | 0.10% | 1 | 0 | 2026-03-20T21:21:56 | `DefaultHtmlErrorResponseBodyProvider` in `io.micronaut:micronaut-http-server` s | |
| CVE-2026-32938 | 9.9 | 0.09% | 1 | 0 | 2026-03-20T21:21:06 | ### Summary In SiYuan, `/api/lute/html2BlockDOM` on the desktop copies local fi | |
| CVE-2026-22172 | 10.0 | 0.01% | 1 | 0 | 2026-03-20T21:04:19 | ### Summary A logic flaw in the OpenClaw gateway WebSocket connect path allowed | |
| CVE-2026-33485 | 7.5 | 0.00% | 2 | 0 | 2026-03-20T20:47:20 | ## Summary The RTMP `on_publish` callback at `plugin/Live/on_publish.php` is ac | |
| CVE-2026-33483 | 7.5 | 0.00% | 2 | 0 | 2026-03-20T20:46:52 | ## Summary The `aVideoEncoderChunk.json.php` endpoint is a completely standalon | |
| CVE-2026-33482 | 8.1 | 0.00% | 2 | 0 | 2026-03-20T20:46:42 | ## Summary The `sanitizeFFmpegCommand()` function in `plugin/API/standAlone/fun | |
| CVE-2026-33480 | 8.6 | 0.00% | 2 | 0 | 2026-03-20T20:44:12 | ## Summary The `isSSRFSafeURL()` function in AVideo can be bypassed using IPv4- | |
| CVE-2026-33479 | 8.8 | 0.00% | 2 | 0 | 2026-03-20T20:44:04 | ## Summary The Gallery plugin's `saveSort.json.php` endpoint passes unsanitized | |
| CVE-2026-33478 | 10.0 | 0.00% | 2 | 0 | 2026-03-20T20:43:52 | ## Summary Multiple vulnerabilities in AVideo's CloneSite plugin chain together | |
| CVE-2026-33476 | 7.5 | 0.89% | 1 | 0 | 2026-03-20T20:43:22 | ## Summary The Siyuan kernel exposes an unauthenticated file-serving endpoint | |
| CVE-2026-33135 | 9.3 | 0.03% | 1 | 0 | 2026-03-20T19:25:45.043000 | WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below hav | |
| CVE-2026-32890 | 9.6 | 0.05% | 1 | 0 | 2026-03-20T19:16:17.557000 | Anchorr is a Discord bot for requesting movies and TV shows and receiving notifi | |
| CVE-2026-32710 | 8.5 | 0.26% | 1 | 0 | 2026-03-20T19:16:16.670000 | MariaDB server is a community developed fork of MySQL server. An authenticated u | |
| CVE-2026-4447 | 8.8 | 0.09% | 2 | 0 | 2026-03-20T19:02:02.303000 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allo | |
| CVE-2025-31277 | 8.8 | 0.29% | 2 | 0 | 2026-03-20T18:53:35.083000 | The issue was addressed with improved memory handling. This issue is fixed in Sa | |
| CVE-2025-54068 | 9.8 | 45.98% | 1 | 5 | template | 2026-03-20T18:36:12.533000 | Livewire is a full-stack framework for Laravel. In Livewire v3 up to and includi |
| CVE-2025-43520 | 5.5 | 0.35% | 2 | 0 | 2026-03-20T18:32:19 | A memory corruption issue was addressed with improved memory handling. This issu | |
| CVE-2026-4493 | 8.8 | 0.05% | 1 | 0 | 2026-03-20T18:31:30 | A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted elemen | |
| CVE-2026-4490 | 8.8 | 0.05% | 1 | 0 | 2026-03-20T18:31:29 | A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the funct | |
| CVE-2026-4489 | 8.8 | 0.05% | 1 | 0 | 2026-03-20T18:31:27 | A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability af | |
| CVE-2026-4488 | 8.8 | 0.04% | 1 | 0 | 2026-03-20T18:31:27 | A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Af | |
| CVE-2026-4464 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T18:31:18 | Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a rem | |
| CVE-2025-43510 | 7.8 | 0.34% | 2 | 0 | 2026-03-20T18:31:15 | A memory corruption issue was addressed with improved lock state checking. This | |
| CVE-2026-4492 | 8.8 | 0.05% | 1 | 0 | 2026-03-20T18:16:17.383000 | A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is | |
| CVE-2026-32989 | 8.8 | 0.05% | 1 | 0 | 2026-03-20T18:16:16.773000 | Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability | |
| CVE-2026-31836 | 8.1 | 0.03% | 1 | 0 | 2026-03-20T18:16:13.540000 | Checkmate is an open-source, self-hosted tool designed to track and monitor serv | |
| CVE-2026-33001 | 8.8 | 0.11% | 1 | 0 | 2026-03-20T18:08:15.507000 | Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbol | |
| CVE-2026-4452 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T18:07:58.067000 | Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 al | |
| CVE-2026-4456 | 8.8 | 0.10% | 1 | 0 | 2026-03-20T17:59:23.127000 | Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.1 | |
| CVE-2026-4457 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T17:58:59.643000 | Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote a | |
| CVE-2026-4460 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T17:57:46.137000 | Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a re | |
| CVE-2026-4463 | 8.8 | 0.06% | 1 | 0 | 2026-03-20T17:57:06.217000 | Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed | |
| CVE-2026-4491 | 8.8 | 0.05% | 1 | 0 | 2026-03-20T17:17:00.240000 | A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the fun | |
| CVE-2026-32701 | 7.5 | 0.02% | 1 | 0 | 2026-03-20T15:56:45 | **Summary** Qwik City improperly inferred arrays from dotted form field names d | |
| CVE-2026-21992 | 9.8 | 0.03% | 11 | 1 | 2026-03-20T15:32:14 | Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware | |
| CVE-2026-4462 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T15:32:14 | Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a r | |
| CVE-2026-4446 | 8.8 | 0.09% | 2 | 0 | 2026-03-20T15:32:13 | Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remo | |
| CVE-2026-4445 | 8.8 | 0.09% | 1 | 0 | 2026-03-20T15:32:13 | Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remo | |
| CVE-2026-4444 | 8.8 | 0.06% | 1 | 0 | 2026-03-20T15:32:13 | Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed | |
| CVE-2026-4455 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T15:32:13 | Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed | |
| CVE-2026-4451 | 8.8 | 0.10% | 1 | 0 | 2026-03-20T15:32:13 | Insufficient validation of untrusted input in Navigation in Google Chrome prior | |
| CVE-2026-4486 | 8.8 | 0.08% | 1 | 0 | 2026-03-20T15:31:20 | A vulnerability was found in D-Link DIR-513 1.10. This affects the function form | |
| CVE-2026-4454 | 8.8 | 0.10% | 1 | 0 | 2026-03-20T15:31:12 | Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a rem | |
| CVE-2026-4461 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T15:31:12 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allo | |
| CVE-2026-4459 | 8.8 | 0.07% | 1 | 0 | 2026-03-20T15:31:12 | Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.15 | |
| CVE-2026-4458 | 8.8 | 0.03% | 1 | 0 | 2026-03-20T15:31:12 | Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an | |
| CVE-2026-4487 | 8.8 | 0.04% | 1 | 0 | 2026-03-20T15:16:23.850000 | A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impa | |
| CVE-2025-71257 | 7.3 | 3.58% | 2 | 1 | template | 2026-03-20T13:39:46.493000 | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentica |
| CVE-2026-33056 | 0 | 0.02% | 4 | 0 | 2026-03-20T13:37:50.737000 | tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and | |
| CVE-2026-32933 | 7.5 | 0.04% | 1 | 0 | 2026-03-20T13:37:50.737000 | AutoMapper is a convention-based object-object mapper in .NET. Versions prior to | |
| CVE-2026-32940 | 9.3 | 0.05% | 1 | 0 | 2026-03-20T13:37:50.737000 | SiYuan is a personal knowledge management system. In versions 3.6.0 and below, S | |
| CVE-2026-27625 | 8.1 | 0.06% | 1 | 0 | 2026-03-20T13:37:50.737000 | Stirling-PDF is a locally hosted web application that performs various operation | |
| CVE-2026-22324 | 8.1 | 0.11% | 1 | 0 | 2026-03-20T13:37:50.737000 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | |
| CVE-2026-4475 | 8.8 | 0.02% | 3 | 0 | 2026-03-20T09:32:16 | A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_201710241 | |
| CVE-2026-4478 | 8.1 | 0.01% | 1 | 0 | 2026-03-20T09:32:16 | A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_201710241 | |
| CVE-2026-4038 | 9.8 | 0.06% | 1 | 0 | 2026-03-20T06:31:39 | The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call th | |
| CVE-2026-33354 | 7.6 | 0.00% | 2 | 0 | 2026-03-19T19:34:07 | ## Summary `POST /objects/aVideoEncoder.json.php` accepts a requester-controlled | |
| CVE-2026-33352 | 9.8 | 0.00% | 2 | 0 | 2026-03-19T19:25:54 | ### Summary An unauthenticated SQL injection vulnerability exists in `objects/c | |
| CVE-2026-33351 | 9.1 | 0.00% | 2 | 0 | 2026-03-19T19:13:30 | ### Summary A Server-Side Request Forgery (SSRF) vulnerability exists in `plugi | |
| CVE-2026-28500 | 8.6 | 0.01% | 1 | 0 | 2026-03-19T18:36:41 | ### Summary A security control bypass exists in onnx.hub.load() due to improper | |
| CVE-2026-20131 | 10.0 | 0.65% | 3 | 3 | 2026-03-19T18:32:21 | A vulnerability in the web-based management interface of Cisco Secure Firewall M | |
| CVE-2026-24291 | 7.8 | 0.06% | 1 | 2 | 2026-03-19T18:31:15 | Incorrect permission assignment for critical resource in Windows Accessibility I | |
| CVE-2026-27459 | None | 0.02% | 1 | 0 | 2026-03-19T18:28:12 | If a user provided callback to `set_cookie_generate_callback` returned a cookie | |
| CVE-2026-33293 | 8.1 | 0.04% | 2 | 0 | 2026-03-19T17:12:05 | ## Summary The `deleteDump` parameter in `plugin/CloneSite/cloneServer.json.php | |
| CVE-2026-33292 | 7.5 | 0.04% | 2 | 0 | 2026-03-19T16:43:07 | ## Summary The HLS streaming endpoint (`view/hls.php`) is vulnerable to a path | |
| CVE-2025-71258 | 4.3 | 1.87% | 2 | 0 | template | 2026-03-19T15:31:28 | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind serve |
| CVE-2025-71259 | 4.3 | 1.87% | 2 | 0 | template | 2026-03-19T15:31:28 | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a blind serve |
| CVE-2025-71260 | 8.8 | 8.28% | 2 | 1 | 2026-03-19T15:31:27 | BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain a deserializa | |
| CVE-2026-22557 | 10.0 | 0.02% | 2 | 1 | 2026-03-19T15:31:22 | A malicious actor with access to the network could exploit a Path Traversal vuln | |
| CVE-2026-33236 | 8.1 | 0.04% | 1 | 0 | 2026-03-19T12:42:43 | ## Vulnerability Description The NLTK downloader does not validate the `subdir` | |
| CVE-2026-33231 | 7.5 | 0.04% | 1 | 0 | 2026-03-19T12:42:23 | ### Summary `nltk.app.wordnet_app` allows unauthenticated remote shutdown of the | |
| CVE-2026-33226 | 8.7 | 0.01% | 1 | 0 | 2026-03-18T20:22:12 | ### Summary The REST datasource query preview endpoint (`POST /api/queries/previ | |
| CVE-2026-22730 | 8.8 | 0.02% | 1 | 1 | 2026-03-18T20:20:40 | A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionCon | |
| CVE-2026-33204 | 7.5 | 0.04% | 1 | 0 | 2026-03-18T20:16:59 | ## Summary An unauthenticated attacker can perform a Denial of Service via JWE | |
| CVE-2025-66376 | 7.2 | 10.01% | 1 | 0 | 2026-03-18T20:13:37.087000 | Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Clas | |
| CVE-2026-33203 | 7.5 | 0.10% | 1 | 0 | 2026-03-18T20:11:01 | ## Summary The SiYuan kernel WebSocket server accepts unauthenticated connection | |
| CVE-2026-33186 | 9.1 | 0.01% | 1 | 0 | 2026-03-18T20:10:30 | ### Impact _What kind of vulnerability is it? Who is impacted?_ It is an **Auth | |
| CVE-2026-33166 | 8.6 | 0.01% | 2 | 0 | 2026-03-18T19:53:59 | ### Summary The Allure report generator is vulnerable to an arbitrary file read | |
| CVE-2026-32596 | 7.5 | 3.03% | 2 | 0 | template | 2026-03-18T18:33:12.503000 | Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, |
| CVE-2026-33053 | None | 0.02% | 2 | 0 | 2026-03-18T12:58:35 | **Detection Method:** Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | |
| CVE-2026-33017 | None | 0.46% | 8 | 3 | 2026-03-17T20:05:06 | ## Summary The `POST /api/v1/build_public_tmp/{flow_id}/flow` endpoint allows b | |
| CVE-2026-32583 | 5.3 | 2.73% | 2 | 0 | template | 2026-03-16T18:32:14 | Missing Authorization vulnerability in Webnus Inc. Modern Events Calendar allows |
| CVE-2026-32306 | 10.0 | 0.40% | 1 | 0 | 2026-03-16T17:06:59 | ### Summary The telemetry aggregation API accepts user-controlled `aggregationT | |
| CVE-2026-3838 | 8.8 | 1.57% | 2 | 0 | 2026-03-16T15:30:56 | Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This v | |
| CVE-2026-2493 | 7.5 | 15.24% | 2 | 0 | 2026-03-16T15:30:55 | IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. | |
| CVE-2025-15060 | 9.8 | 1.71% | 2 | 0 | 2026-03-16T15:30:53 | claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vuln | |
| CVE-2026-25896 | 9.3 | 0.01% | 1 | 0 | 2026-02-27T16:51:59 | # Entity encoding bypass via regex injection in DOCTYPE entity names ## Summary | |
| CVE-2025-61144 | 7.3 | 0.03% | 1 | 0 | 2026-02-24T21:31:41 | libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSepa | |
| CVE-2025-32711 | 9.3 | 4.12% | 1 | 1 | 2026-02-20T18:31:25 | Ai command injection in M365 Copilot allows an unauthorized attacker to disclose | |
| CVE-2026-1581 | 7.5 | 12.19% | 1 | 1 | template | 2026-02-19T18:32:09 | The wpForo Forum plugin for WordPress is vulnerable to time-based SQL Injection |
| CVE-2026-26119 | 8.8 | 0.05% | 2 | 0 | 2026-02-18T00:30:22 | Improper authentication in Windows Admin Center allows an authorized attacker to | |
| CVE-2026-25253 | 8.8 | 0.08% | 2 | 7 | 2026-02-13T17:41:02.987000 | OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value f | |
| CVE-2026-25487 | None | 0.02% | 1 | 0 | 2026-02-03T21:40:30 | ## Summary A stored XSS vulnerability in Craft Commerce allows attackers to exec | |
| CVE-2026-20817 | 7.8 | 0.02% | 3 | 1 | 2026-01-13T18:31:17 | Improper handling of insufficient permissions or privileges in Windows Error Rep | |
| CVE-2025-32975 | 10.0 | 0.13% | 2 | 0 | 2025-11-03T21:35:11 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x bef | |
| CVE-2024-4671 | 9.6 | 0.51% | 1 | 0 | 2025-10-24T14:07:21.820000 | Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a rem | |
| CVE-2025-20720 | 8.8 | 0.03% | 2 | 0 | 2025-10-15T18:45:23.107000 | In wlan AP driver, there is a possible out of bounds write due to an incorrect b | |
| CVE-2025-41241 | 4.4 | 0.05% | 1 | 0 | 2025-07-29T14:14:29.590000 | VMware vCenter contains a denial-of-service vulnerability.Β A malicious actor who | |
| CVE-2024-13448 | 9.8 | 3.02% | 1 | 0 | 2025-01-30T18:01:07.080000 | The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads | |
| CVE-2023-4567 | 0 | 0.00% | 1 | 0 | 2023-11-07T04:22:45.730000 | Rejected reason: Issue has been found to be non-reproducible, therefore not a vi | |
| CVE-2018-0204 | 7.5 | 1.69% | 2 | 0 | 2023-02-01T05:08:53 | A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning | |
| CVE-2026-4368 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-3055 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-28217 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-4645 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-31979 | 0 | 0.02% | 2 | 0 | N/A | ||
| CVE-2026-33134 | 0 | 0.03% | 5 | 0 | N/A | ||
| CVE-2026-32888 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-33250 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-32891 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-33037 | 0 | 0.23% | 2 | 0 | N/A | ||
| CVE-2026-33072 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-33136 | 0 | 0.03% | 1 | 0 | N/A | ||
| CVE-2026-33150 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-32303 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-32318 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-32317 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-33308 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-33307 | 0 | 0.00% | 1 | 0 | N/A |
updated 2026-03-23T17:09:08.487000
1 posts
π CVE-2026-32049 - High (7.5)
OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated me...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32049/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T16:24:08.187000
1 posts
π CVE-2026-33038 - High (8.1)
WWBN AVideo is an open source video platform. Versions 25.0 and below are vulnerable to unauthenticated application takeover through the install/checkConfiguration.php endpoint. install/checkConfiguration.php performs full application initializati...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33038/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T16:22:49.120000
1 posts
π CVE-2026-33039 - High (8.6)
WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL(), but only checks the initial URL. When the initi...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33039/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T16:22:12.563000
1 posts
π CVE-2026-32055 - High (7.6)
OpenClaw versions prior to 2026.2.26 contain a path traversal vulnerability in workspace boundary validation that allows attackers to write files outside the workspace through in-workspace symlinks pointing to non-existent out-of-root targets. The...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32055/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T16:16:51.537000
2 posts
π CVE-2026-4437 - High (7.5)
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violatio...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4437/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4437 - High (7.5)
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violatio...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4437/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T16:16:50.840000
2 posts
π΄ CVE-2026-4404 - Critical (9.4)
Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.
π https://www.thehackerwire.com/vulnerability/CVE-2026-4404/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-4404 - Critical (9.4)
Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.
π https://www.thehackerwire.com/vulnerability/CVE-2026-4404/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T16:16:46.560000
1 posts
π CVE-2026-31903 - High (7.5)
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-31903/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T16:16:43.553000
2 posts
π΄ CVE-2026-24060 - Critical (9.1)
Service information is not encrypted when transmitted as BACnet packets
over the wire, and can be sniffed, intercepted, and modified by an
attacker. Valuable information such as the File Start Position and File
Data can be sniffed from network ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-24060/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-24060 (CRITICAL): WebCTRL Premium Server sends BACnet data in cleartext, risking interception & modification. No patch yet β segment OT networks & use VPNs for BACnet traffic. Monitor for sniffing, restrict access. Details: https://radar.offseq.com/threat/cve-2026-24060-cwe-319-in-automated-logic-webctrl--ad487a9d #OffSeq #ICS #Vuln #BACnet
##updated 2026-03-23T16:10:01.390000
4 posts
π‘οΈ CVE-2026-4601: CRITICAL bug in jsrsasign <11.1.1 misses a vital DSA signing step, letting attackers recover private keys if exploited. No active attacks yet, but update ASAP! Details: https://radar.offseq.com/threat/cve-2026-4601-missing-cryptographic-step-in-jsrsas-1b19c447 #OffSeq #CVE20264601 #Crypto #Vuln
##π CVE-2026-4601 - High (8.7)
Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zer...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4601/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π‘οΈ CVE-2026-4601: CRITICAL bug in jsrsasign <11.1.1 misses a vital DSA signing step, letting attackers recover private keys if exploited. No active attacks yet, but update ASAP! Details: https://radar.offseq.com/threat/cve-2026-4601-missing-cryptographic-step-in-jsrsas-1b19c447 #OffSeq #CVE20264601 #Crypto #Vuln
##π CVE-2026-4601 - High (8.7)
Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zer...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4601/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:58:42.010000
4 posts
π΄ CVE-2026-33297 - Critical (9.1)
WWBN AVideo is an open source video platform. Prior to version 26.0, the `setPassword.json.php` endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password v...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33297/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-33297 - Critical (9.1)
WWBN AVideo is an open source video platform. Prior to version 26.0, the `setPassword.json.php` endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password v...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33297/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-33297 - Critical (9.1)
WWBN AVideo is an open source video platform. Prior to version 26.0, the `setPassword.json.php` endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password v...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33297/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-33297 - Critical (9.1)
WWBN AVideo is an open source video platform. Prior to version 26.0, the `setPassword.json.php` endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password v...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33297/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:31:42
2 posts
π CVE-2025-46597 - High (7.5)
Bitcoin Core 0.13.0 through 29.x has an integer overflow.
π https://www.thehackerwire.com/vulnerability/CVE-2025-46597/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2025-46597 - High (7.5)
Bitcoin Core 0.13.0 through 29.x has an integer overflow.
π https://www.thehackerwire.com/vulnerability/CVE-2025-46597/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:31:40
1 posts
4 repos
https://github.com/watchtowrlabs/watchtowr-vs-telnetd-CVE-2026-32746
https://github.com/jeffaf/cve-2026-32746
Posted yesterday, if you missed it:
WatchTower: A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE) https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/ #infosec #threatresearch
##updated 2026-03-23T15:28:09.777000
2 posts
π CVE-2026-33043 - High (8.1)
WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin() function reflects any Origin header back in Access-Contro...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33043/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33043 - High (8.1)
WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin() function reflects any Origin header back in Access-Contro...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33043/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:16:35.523000
2 posts
π CVE-2026-4434 - High (8.1)
Improper certificate validation in the PAM propagation WinRM connections
allows a network attacker to perform a man-in-the-middle attack via
disabled TLS certificate verification.
π https://www.thehackerwire.com/vulnerability/CVE-2026-4434/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4434 - High (8.1)
Improper certificate validation in the PAM propagation WinRM connections
allows a network attacker to perform a man-in-the-middle attack via
disabled TLS certificate verification.
π https://www.thehackerwire.com/vulnerability/CVE-2026-4434/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:16:32.060000
4 posts
π CVE-2026-23554 - High (7.8)
The Intel EPT paging code uses an optimization to defer flushing of any cached
EPT state until the p2m lock is dropped, so that multiple modifications done
under the same locked region only issue a single flush.
Freeing of paging structures howev...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23554/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-23554 - High (7.8)
The Intel EPT paging code uses an optimization to defer flushing of any cached
EPT state until the p2m lock is dropped, so that multiple modifications done
under the same locked region only issue a single flush.
Freeing of paging structures howev...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23554/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-23554 - High (7.8)
The Intel EPT paging code uses an optimization to defer flushing of any cached
EPT state until the p2m lock is dropped, so that multiple modifications done
under the same locked region only issue a single flush.
Freeing of paging structures howev...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23554/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-23554 - High (7.8)
The Intel EPT paging code uses an optimization to defer flushing of any cached
EPT state until the p2m lock is dropped, so that multiple modifications done
under the same locked region only issue a single flush.
Freeing of paging structures howev...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23554/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:16:31.873000
4 posts
π CVE-2026-22163 - High (7.8)
Requires malware code to misuse the DDK kernel module IOCTL interface.
Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages.
The product utilises a shared re...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22163/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-22163 - High (7.8)
Requires malware code to misuse the DDK kernel module IOCTL interface.
Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages.
The product utilises a shared re...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22163/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-22163 - High (7.8)
Requires malware code to misuse the DDK kernel module IOCTL interface.
Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages.
The product utilises a shared re...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22163/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-22163 - High (7.8)
Requires malware code to misuse the DDK kernel module IOCTL interface.
Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical memory pages.
The product utilises a shared re...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22163/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:16:31.653000
2 posts
π΄ CVE-2026-21732 - Critical (9.6)
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges th...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21732/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-21732 - Critical (9.6)
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges th...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21732/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:16:29.550000
2 posts
π CVE-2025-67260 - High (8.8)
The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.2020091...
π https://www.thehackerwire.com/vulnerability/CVE-2025-67260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2025-67260 - High (8.8)
The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.2020091...
π https://www.thehackerwire.com/vulnerability/CVE-2025-67260/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T15:16:29.387000
2 posts
π CVE-2025-63261 - High (7.8)
AWStats 8.0 is vulnerable to Command Injection via the open function
π https://www.thehackerwire.com/vulnerability/CVE-2025-63261/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2025-63261 - High (7.8)
AWStats 8.0 is vulnerable to Command Injection via the open function
π https://www.thehackerwire.com/vulnerability/CVE-2025-63261/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:32:02.800000
2 posts
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-23T14:32:02.800000
1 posts
π CVE-2026-31904 - High (7.5)
The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charge...
π https://www.thehackerwire.com/vulnerability/CVE-2026-31904/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:32:02.800000
1 posts
π CVE-2026-33180 - High (7.5)
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33180/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:32:02.800000
1 posts
π CVE-2026-33243 - High (8.2)
barebox is a bootloader. In barebox from version 2016.03.0 to before version 2025.09.3 and from version 2025.10.0 to before version 2026.03.1, when creating a FIT, mkimage(1) sets the hashed-nodes property of the FIT signature node to list which n...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33243/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:32:02.800000
1 posts
π CVE-2026-32064 - High (7.7)
OpenClaw versions prior to 2026.2.21 sandbox browser entrypoint launches x11vnc without authentication for noVNC observer sessions, allowing unauthenticated access to the VNC interface. Remote attackers on the host loopback interface can connect t...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32064/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:32:02.800000
2 posts
π CVE-2026-1313 - High (8.3)
The MimeTypes Link Icons plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.20. This is due to the plugin making outbound HTTP requests to user-controlled URLs without proper validation when...
π https://www.thehackerwire.com/vulnerability/CVE-2026-1313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##MimeTypes Link Icons plugin (β€3.2.20) hit by HIGH severity SSRF (CVE-2026-1313, CVSS 8.3). Contributor+ users can abuse "Show file size" to access internal resources. Disable the feature & check user roles. https://radar.offseq.com/threat/cve-2026-1313-cwe-918-server-side-request-forgery--530406e8 #OffSeq #WordPress #SSRF #CVE20261313
##updated 2026-03-23T14:32:02.800000
1 posts
1 repos
π CVE-2026-2468 - High (7.5)
The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntn_wp_access' cookie in all versions up to, and including, 1.2.12. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-2468/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:32:02.800000
1 posts
π CVE-2026-2941 - High (8.8)
The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'linksy_search_and_replace_item_details' function in all versions up to, and including, 1.0.4. This make...
π https://www.thehackerwire.com/vulnerability/CVE-2026-2941/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:32:02.800000
1 posts
π HIGH severity SSRF in qrolic Performance Monitor (WordPress, all versions). Unauthenticated attackers can craft internal requests via REST API β RCE possible if chained with Redis. Urgent patch/mitigation needed! CVE-2026-1648. https://radar.offseq.com/threat/cve-2026-1648-cwe-918-server-side-request-forgery--062101f6 #OffSeq #WordPress #SSRF
##updated 2026-03-23T14:32:02.800000
2 posts
π CVE-2026-33172 - High (8.7)
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and i...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33172/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33172 - High (8.7)
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and i...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33172/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:32:02.800000
1 posts
π CVE-2026-23536 - High (7.5)
A security issue was discovered in the Feast Feature Server's `/read-document` endpoint that allows an unauthenticated remote attacker to read any file accessible to the server process. By sending a specially crafted HTTP POST request, an attacker...
π https://www.thehackerwire.com/vulnerability/CVE-2026-23536/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:32:02.800000
1 posts
π CVE-2026-33142 - High (8.1)
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 (ClickHouse SQL injection via aggregate query parameters) added column name validation to the _aggregateBy method but did not...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33142/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:32:02.800000
1 posts
π CVE-2026-33156 - High (7.8)
ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33156/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:31:37.267000
8 posts
π CVE-2026-32969 - High (7.5)
An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpointβs authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total l...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-32969 - High (7.5)
An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpointβs authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total l...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-025
Helmholz: Multiple Vulnerabilities in myREX24V2 / myREX24V2.virtual
Multiple vulnerabilities have been discovered in Helmholz myREX24V2 / myREX24V2.virtual that could allow unauthenticated RCE or SQLi.
#CVE CVE-2026-32968, CVE-2026-32969
https://certvde.com/en/advisories/vde-2026-025/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-025.json
###OT #Advisory VDE-2026-024
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow unauthenticated RCE or SQLi.
#CVE CVE-2026-32968, CVE-2026-32969
https://certvde.com/en/advisories/vde-2026-024/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-024.json
##π CVE-2026-32969 - High (7.5)
An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpointβs authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total l...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-32969 - High (7.5)
An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpointβs authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total l...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32969/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-025
Helmholz: Multiple Vulnerabilities in myREX24V2 / myREX24V2.virtual
Multiple vulnerabilities have been discovered in Helmholz myREX24V2 / myREX24V2.virtual that could allow unauthenticated RCE or SQLi.
#CVE CVE-2026-32968, CVE-2026-32969
https://certvde.com/en/advisories/vde-2026-025/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-025.json
###OT #Advisory VDE-2026-024
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow unauthenticated RCE or SQLi.
#CVE CVE-2026-32968, CVE-2026-32969
https://certvde.com/en/advisories/vde-2026-024/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-024.json
##updated 2026-03-23T14:31:37.267000
4 posts
π¨ HIGH: CVE-2026-4565 β Tenda AC21 (16.03.08.16) has a remote buffer overflow in /goform/SetNetControlList. Public exploit out; full device compromise possible. Disable WAN admin, monitor, and segment networks ASAP. https://radar.offseq.com/threat/cve-2026-4565-buffer-overflow-in-tenda-ac21-5d23ce15 #OffSeq #Vulnerability #NetSec #Router
##π CVE-2026-4565 - High (8.8)
A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely....
π https://www.thehackerwire.com/vulnerability/CVE-2026-4565/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π¨ HIGH: CVE-2026-4565 β Tenda AC21 (16.03.08.16) has a remote buffer overflow in /goform/SetNetControlList. Public exploit out; full device compromise possible. Disable WAN admin, monitor, and segment networks ASAP. https://radar.offseq.com/threat/cve-2026-4565-buffer-overflow-in-tenda-ac21-5d23ce15 #OffSeq #Vulnerability #NetSec #Router
##π CVE-2026-4565 - High (8.8)
A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely....
π https://www.thehackerwire.com/vulnerability/CVE-2026-4565/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:31:37.267000
5 posts
π CVE-2026-4534 - High (8.8)
A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4534/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##β οΈ New security advisory:
CVE-2026-4534 affects multiple systems.
β’ Impact: Significant security breach potential
β’ Risk: Unauthorized access or data exposure
β’ Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-4534-tenda-fh451-buffer-overflow-update-firmware
π CVE-2026-4534 (HIGH, CVSS 8.7): Stack-based buffer overflow in Tenda FH451 (v1.0.0.9) lets remote attackers execute code. PoC exploit published. Patch/mitigate now β restrict access & monitor for attacks. Info: https://radar.offseq.com/threat/cve-2026-4534-stack-based-buffer-overflow-in-tenda-65a33e73 #OffSeq #Vulnerability #Tenda #InfoSec
##π CVE-2026-4534 - High (8.8)
A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4534/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4534 (HIGH, CVSS 8.7): Stack-based buffer overflow in Tenda FH451 (v1.0.0.9) lets remote attackers execute code. PoC exploit published. Patch/mitigate now β restrict access & monitor for attacks. Info: https://radar.offseq.com/threat/cve-2026-4534-stack-based-buffer-overflow-in-tenda-65a33e73 #OffSeq #Vulnerability #Tenda #InfoSec
##updated 2026-03-23T14:31:37.267000
2 posts
π CVE-2026-4553 - High (8.8)
A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possibl...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4553/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4553 - High (8.8)
A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possibl...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4553/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:31:37.267000
2 posts
π CVE-2026-4555 - High (8.8)
A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overf...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4555/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4555 - High (8.8)
A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overf...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4555/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T14:31:37.267000
2 posts
β οΈ CVE-2026-4543: Wavlink WL-WN578W2 (v221110) has a MEDIUM severity command injection flaw in /cgi-bin/firewall.cgi. No patch; public exploit exists. Isolate, restrict access, and monitor traffic urgently. https://radar.offseq.com/threat/cve-2026-4543-command-injection-in-wavlink-wl-wn57-50f96d33 #OffSeq #Infosec #Vulnerability #Router
##β οΈ CVE-2026-4543: Wavlink WL-WN578W2 (v221110) has a MEDIUM severity command injection flaw in /cgi-bin/firewall.cgi. No patch; public exploit exists. Isolate, restrict access, and monitor traffic urgently. https://radar.offseq.com/threat/cve-2026-4543-command-injection-in-wavlink-wl-wn57-50f96d33 #OffSeq #Infosec #Vulnerability #Router
##updated 2026-03-23T14:31:37.267000
2 posts
π CVE-2026-4373 - High (7.5)
The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'Uploaded_File::set_from_array' method accepting user-supplied file paths from the Me...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4373/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π¨ JetFormBuilder for WordPress is HIGH risk (CVE-2026-4373): Absolute path traversal in all versions allows unauth attackers to exfiltrate files via crafted Media Field form. Review & secure deployments! https://radar.offseq.com/threat/cve-2026-4373-cwe-36-absolute-path-traversal-in-je-12b1586f #OffSeq #WordPress #infosec
##updated 2026-03-23T12:30:36
4 posts
π΄ CVE-2026-4585 - Critical (9.8)
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4585/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-4585 - Critical (9.8)
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4585/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-4585 - Critical (9.8)
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4585/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-4585 - Critical (9.8)
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4585/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T12:30:31
6 posts
π΄ CVE-2026-32968 - Critical (9.8)
Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant at...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32968/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-025
Helmholz: Multiple Vulnerabilities in myREX24V2 / myREX24V2.virtual
Multiple vulnerabilities have been discovered in Helmholz myREX24V2 / myREX24V2.virtual that could allow unauthenticated RCE or SQLi.
#CVE CVE-2026-32968, CVE-2026-32969
https://certvde.com/en/advisories/vde-2026-025/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-025.json
###OT #Advisory VDE-2026-024
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow unauthenticated RCE or SQLi.
#CVE CVE-2026-32968, CVE-2026-32969
https://certvde.com/en/advisories/vde-2026-024/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-024.json
##π΄ CVE-2026-32968 - Critical (9.8)
Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant at...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32968/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-025
Helmholz: Multiple Vulnerabilities in myREX24V2 / myREX24V2.virtual
Multiple vulnerabilities have been discovered in Helmholz myREX24V2 / myREX24V2.virtual that could allow unauthenticated RCE or SQLi.
#CVE CVE-2026-32968, CVE-2026-32969
https://certvde.com/en/advisories/vde-2026-025/
#CSAF https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-025.json
###OT #Advisory VDE-2026-024
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24
Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow unauthenticated RCE or SQLi.
#CVE CVE-2026-32968, CVE-2026-32969
https://certvde.com/en/advisories/vde-2026-024/
#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-024.json
##updated 2026-03-23T09:30:29
6 posts
1 repos
WAGO 852-1812 switch hit with CRITICAL CVE-2026-3587 (CVSS 10.0): hidden CLI lets remote attackers gain root with no auth. No patch yet. Isolate, restrict access, & monitor closely. https://radar.offseq.com/threat/cve-2026-3587-cwe-912-hidden-functionality-in-wago-a4c55a72 #OffSeq #ICS #Infosec #Vulnerability
##π΄ CVE-2026-3587 - Critical (10)
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device.
π https://www.thehackerwire.com/vulnerability/CVE-2026-3587/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-020
WAGO: Vulnerability in managed switches
A vulnerability has been found affecting the Managed Switches of WAGO. An unauthenticated attacker can fully compromise the device via an undocumented function.
#CVE CVE-2026-3587
https://certvde.com/en/advisories/vde-2026-020/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-020.json
##WAGO 852-1812 switch hit with CRITICAL CVE-2026-3587 (CVSS 10.0): hidden CLI lets remote attackers gain root with no auth. No patch yet. Isolate, restrict access, & monitor closely. https://radar.offseq.com/threat/cve-2026-3587-cwe-912-hidden-functionality-in-wago-a4c55a72 #OffSeq #ICS #Infosec #Vulnerability
##π΄ CVE-2026-3587 - Critical (10)
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device.
π https://www.thehackerwire.com/vulnerability/CVE-2026-3587/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
###OT #Advisory VDE-2026-020
WAGO: Vulnerability in managed switches
A vulnerability has been found affecting the Managed Switches of WAGO. An unauthenticated attacker can fully compromise the device via an undocumented function.
#CVE CVE-2026-3587
https://certvde.com/en/advisories/vde-2026-020/
#CSAF https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-020.json
##updated 2026-03-23T06:30:40
6 posts
π₯ CRITICAL: CVE-2026-4599 in jsrsasign 7.0.0 β 11.1.1 lets attackers recover private keys via DSA nonce bias. No auth needed β patch ASAP or add nonce checks! https://radar.offseq.com/threat/cve-2026-4599-incomplete-comparison-with-missing-f-9aee8aa7 #OffSeq #Vulnerability #Cryptography #CVE20264599
##π΄ CVE-2026-4599 - Critical (9.1)
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recove...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4599/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-4599 - Critical (9.1)
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recove...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4599/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π₯ CRITICAL: CVE-2026-4599 in jsrsasign 7.0.0 β 11.1.1 lets attackers recover private keys via DSA nonce bias. No auth needed β patch ASAP or add nonce checks! https://radar.offseq.com/threat/cve-2026-4599-incomplete-comparison-with-missing-f-9aee8aa7 #OffSeq #Vulnerability #Cryptography #CVE20264599
##π΄ CVE-2026-4599 - Critical (9.1)
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recove...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4599/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-4599 - Critical (9.1)
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recove...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4599/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T06:30:39
4 posts
π CVE-2026-4598 - High (7.5)
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4598/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4598 - High (7.5)
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4598/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4598 - High (7.5)
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4598/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4598 - High (7.5)
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4598/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T06:30:39
4 posts
π CVE-2026-4602 - High (7.5)
Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signatur...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4602/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4602 - High (7.5)
Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signatur...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4602/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4602 - High (7.5)
Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signatur...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4602/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4602 - High (7.5)
Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signatur...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4602/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T03:31:45
2 posts
π¨ CRITICAL: CVE-2026-4606 in GeoVision GV-Edge Recording Manager 2.3.1 allows any local user to escalate to SYSTEM privileges (CVSS 10.0). Patch or restrict local access now! https://radar.offseq.com/threat/cve-2026-4606-cwe-250-execution-with-unnecessary-p-39d565c1 #OffSeq #Vulnerability #WindowsSecurity #GeoVision
##π¨ CRITICAL: CVE-2026-4606 in GeoVision GV-Edge Recording Manager 2.3.1 allows any local user to escalate to SYSTEM privileges (CVSS 10.0). Patch or restrict local access now! https://radar.offseq.com/threat/cve-2026-4606-cwe-250-execution-with-unnecessary-p-39d565c1 #OffSeq #Vulnerability #WindowsSecurity #GeoVision
##updated 2026-03-23T03:31:45
4 posts
π CVE-2026-4566 - High (8.8)
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched r...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4566/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4566 - High (8.8)
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched r...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4566/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4566 - High (8.8)
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched r...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4566/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4566 - High (8.8)
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched r...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4566/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-23T03:31:41
5 posts
π΄ New security advisory:
CVE-2026-4567 affects multiple systems.
β’ Impact: Remote code execution or complete system compromise possible
β’ Risk: Attackers can gain full control of affected systems
β’ Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-4567-tenda-a15-buffer-overflow-vulnerability-update-firmware-now
π΄ CVE-2026-4567 - Critical (9.8)
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotel...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4567/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π₯ CVE-2026-4567: Critical stack buffer overflow in Tenda A15 (v15.13.07.13). Remote, unauthenticated code execution possible via /cgi-bin/UploadCfg. Patch or restrict access immediately! https://radar.offseq.com/threat/cve-2026-4567-stack-based-buffer-overflow-in-tenda-27ff1845 #OffSeq #infosec #routersecurity #CVE20264567
##π΄ CVE-2026-4567 - Critical (9.8)
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotel...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4567/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π₯ CVE-2026-4567: Critical stack buffer overflow in Tenda A15 (v15.13.07.13). Remote, unauthenticated code execution possible via /cgi-bin/UploadCfg. Patch or restrict access immediately! https://radar.offseq.com/threat/cve-2026-4567-stack-based-buffer-overflow-in-tenda-27ff1845 #OffSeq #infosec #routersecurity #CVE20264567
##updated 2026-03-23T00:31:08
4 posts
1 repos
π CVE-2026-2580 - High (7.5)
The WP Maps β Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the βorderbyβ parameter in all versions up to, and including, 4.9.1 due to insufficie...
π https://www.thehackerwire.com/vulnerability/CVE-2026-2580/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##β οΈ HIGH severity alert: CVE-2026-2580 β SQL Injection in flippercode WP Maps plugin for WordPress (all versions). Unauthenticated attackers can exfiltrate data via 'orderby'. Patch or mitigate ASAP. https://radar.offseq.com/threat/cve-2026-2580-cwe-89-improper-neutralization-of-sp-b93f1b1b #OffSeq #WordPress #Vuln #SQLi
##π CVE-2026-2580 - High (7.5)
The WP Maps β Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the βorderbyβ parameter in all versions up to, and including, 4.9.1 due to insufficie...
π https://www.thehackerwire.com/vulnerability/CVE-2026-2580/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##β οΈ HIGH severity alert: CVE-2026-2580 β SQL Injection in flippercode WP Maps plugin for WordPress (all versions). Unauthenticated attackers can exfiltrate data via 'orderby'. Patch or mitigate ASAP. https://radar.offseq.com/threat/cve-2026-2580-cwe-89-improper-neutralization-of-sp-b93f1b1b #OffSeq #WordPress #Vuln #SQLi
##updated 2026-03-22T18:30:22
3 posts
π New security advisory:
CVE-2026-4558 affects multiple systems.
β’ Impact: Significant security breach potential
β’ Risk: Unauthorized access or data exposure
β’ Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-4558-linksys-mr9600-os-command-injection-update-now
π CVE-2026-4558 - High (8.8)
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4558/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4558 - High (8.8)
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4558/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-22T15:31:39
2 posts
π CVE-2026-4552 - High (8.8)
A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer o...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4552/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4552 - High (8.8)
A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer o...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4552/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-22T15:31:39
2 posts
π CVE-2026-4551 - High (8.8)
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go resul...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4551/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4551 - High (8.8)
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go resul...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4551/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-22T09:30:33
2 posts
π‘οΈ CVE-2026-4540: MEDIUM-severity SQL Injection in projectworlds Online Notes Sharing System v1.0. Exploit code is public, no active attacks yet. Patch or mitigate β focus on the 'Benutzer' param in /login.php. More info: https://radar.offseq.com/threat/cve-2026-4540-sql-injection-in-projectworlds-onlin-4351ab2e #OffSeq #SQLInjection #Vuln
##π‘οΈ CVE-2026-4540: MEDIUM-severity SQL Injection in projectworlds Online Notes Sharing System v1.0. Exploit code is public, no active attacks yet. Patch or mitigate β focus on the 'Benutzer' param in /login.php. More info: https://radar.offseq.com/threat/cve-2026-4540-sql-injection-in-projectworlds-onlin-4351ab2e #OffSeq #SQLInjection #Vuln
##updated 2026-03-22T06:30:22
2 posts
π CVE-2026-4314 - High (8.8)
The 'The Ultimate WordPress Toolkit β WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the `isDashboardOrProfileRequest()` method in the Menu Editor module using ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4314/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4314 - High (8.8)
The 'The Ultimate WordPress Toolkit β WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the `isDashboardOrProfileRequest()` method in the Menu Editor module using ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4314/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-22T06:30:22
4 posts
π CVE-2026-4535 - High (8.8)
A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based buffer overflow. The attack can be launched rem...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4535/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##β οΈ HIGH severity: CVE-2026-4535 in Tenda FH451 (v1.0.0.9) β stack-based buffer overflow in /goform/WrlclientSet. Remote, unauthenticated code execution possible. Patch or mitigate now! https://radar.offseq.com/threat/cve-2026-4535-stack-based-buffer-overflow-in-tenda-8f2fc263 #OffSeq #vulnerability #IoT #bufferOverflow
##π CVE-2026-4535 - High (8.8)
A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based buffer overflow. The attack can be launched rem...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4535/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##β οΈ HIGH severity: CVE-2026-4535 in Tenda FH451 (v1.0.0.9) β stack-based buffer overflow in /goform/WrlclientSet. Remote, unauthenticated code execution possible. Patch or mitigate now! https://radar.offseq.com/threat/cve-2026-4535-stack-based-buffer-overflow-in-tenda-8f2fc263 #OffSeq #vulnerability #IoT #bufferOverflow
##updated 2026-03-22T03:30:31
2 posts
β οΈ MEDIUM: CVE-2026-4533 in code-projects Simple Food Ordering System v1.0 allows unauthenticated SQL injection via 'Status' in all-tickets.php. Public exploit code exists β patch or mitigate now! https://radar.offseq.com/threat/cve-2026-4533-sql-injection-in-code-projects-simpl-c9dcca98 #OffSeq #Infosec #SQLInjection #CVE2026_4533
##β οΈ MEDIUM: CVE-2026-4533 in code-projects Simple Food Ordering System v1.0 allows unauthenticated SQL injection via 'Status' in all-tickets.php. Public exploit code exists β patch or mitigate now! https://radar.offseq.com/threat/cve-2026-4533-sql-injection-in-code-projects-simpl-c9dcca98 #OffSeq #Infosec #SQLInjection #CVE2026_4533
##updated 2026-03-22T00:30:33
2 posts
β οΈ CVE-2026-3629: HIGH severity in carazo's 'Import and export users and customers' WP plugin (β€1.29.7). Privilege escalation to admin possible if 'Show fields in profile' is on and CSV with 'wp_capabilities' imported. Mitigate now! https://radar.offseq.com/threat/cve-2026-3629-cwe-269-improper-privilege-managemen-61196a39 #OffSeq #WordPress #Infosec
##π CVE-2026-3629 - High (8.1)
The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.29.7. This is due to the 'save_extra_user_profile_fields' function not properly restricting which user met...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3629/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-22T00:30:33
2 posts
π¨ CVE-2026-4529: HIGH severity stack-based buffer overflow in D-Link DHP-1320 (1.00WWB04) via SOAP Handler. Public exploit out. Device is EOL, no patch β isolate or replace now! https://radar.offseq.com/threat/cve-2026-4529-stack-based-buffer-overflow-in-d-lin-7f100378 #OffSeq #Vulnerability #DLink #BufferOverflow #InfoSec
##π CVE-2026-4529 - High (8.8)
A vulnerability was identified in D-Link DHP-1320 1.00WWB04. This affects the function redirect_count_down_page of the component SOAP Handler. Such manipulation leads to stack-based buffer overflow. The attack can be executed remotely. The exploit...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4529/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T22:16:18.207000
1 posts
https://www.cve.org/CVERecord?id=CVE-2025-71263
#CVE being used as intended.
##updated 2026-03-21T06:30:39
2 posts
π CVE-2026-4261 - High (8.8)
The Expire Users plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.2. This is due to the plugin allowing a user to update the 'on_expire_default_to_role' meta through the 'save_extra_user_profile_...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4261/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π₯ HIGH severity: CVE-2026-4261 in Expire Users (WordPress, all versions) lets Subscribers escalate to Admin via missing authorization in 'save_extra_user_profile_fields'. Patch urgently or mitigate! https://radar.offseq.com/threat/cve-2026-4261-cwe-862-missing-authorization-in-hus-fa4ebb4d #OffSeq #WordPress #Vuln #Security
##updated 2026-03-21T06:30:38
1 posts
π CVE-2026-3478: HIGH severity SSRF in benmoody Content Syndication Toolkit (WordPress, all versions). Unauthenticated AJAX endpoint lets attackers proxy requests, risking internal data exposure. Disable plugin or block endpoint! https://radar.offseq.com/threat/cve-2026-3478-cwe-918-server-side-request-forgery--aeeaf0a3 #OffSeq #WordPress #SSRF
##updated 2026-03-21T06:30:36
1 posts
π CVE-2026-1800 - High (7.5)
The Fonts Manager | Custom Fonts plugin for WordPress is vulnerable to time-based SQL Injection via the βfmcfIdSelectedFntβ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lac...
π https://www.thehackerwire.com/vulnerability/CVE-2026-1800/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T06:30:36
1 posts
π CVE-2026-3334 - High (8.8)
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'or_blogname', 'or_blogdescription', and 'or_admin_email' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user suppli...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3334/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T06:30:23
1 posts
π CVE-2025-14037 - High (8.1)
The Invelity Product Feeds plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 1.2.6. This is due to missing validation and sanitization in the 'createManageFeedPage' function. Thi...
π https://www.thehackerwire.com/vulnerability/CVE-2025-14037/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T03:32:18
1 posts
π CVE-2026-32056 - High (7.5)
OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32056/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T03:31:17
1 posts
π CVE-2026-32042 - High (8.8)
OpenClaw versions 2026.2.22 prior to 2026.2.25 contain a privilege escalation vulnerability allowing unpaired device identities to bypass operator pairing requirements and self-assign elevated operator scopes including operator.admin. Attackers wi...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32042/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T03:31:14
1 posts
π CVE-2026-32048 - High (7.5)
OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed sessions to create child processes under unsandboxed agents. An attacker with a sandboxed session can exploit ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32048/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T03:31:14
1 posts
π CVE-2026-32051 - High (8.8)
OpenClaw versions prior to 2026.3.1 contain an authorization mismatch vulnerability that allows authenticated callers with operator.write scope to invoke owner-only tool surfaces including gateway and cron through agent runs in scoped-token deploy...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32051/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T00:32:48
2 posts
π΄ CVE-2026-3584 - Critical (9.8)
The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'form_process' function. This is due to the 'prepare_post_data' function mapping user-supplied keys directly into intern...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3584/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-3584 - Critical (9.8)
The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'form_process' function. This is due to the 'prepare_post_data' function mapping user-supplied keys directly into intern...
π https://www.thehackerwire.com/vulnerability/CVE-2026-3584/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T00:32:47
2 posts
π΄ CVE-2026-25192 - Critical (9.4)
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a kno...
π https://www.thehackerwire.com/vulnerability/CVE-2026-25192/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##β οΈ CVE-2026-25192 (CRITICAL, CVSS 9.4): All CTEK Chargeportal versions lack authentication on OCPP WebSocket endpoints. Enables remote station impersonation & command injection. Restrict network access and monitor closely! https://radar.offseq.com/threat/cve-2026-25192-cwe-306-in-ctek-chargeportal-a1a8a9ed #OffSeq #EVSecurity #CVE202625192
##updated 2026-03-21T00:31:52
3 posts
π΄ CVE-2026-29796 - Critical (9.4)
WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a kno...
π https://www.thehackerwire.com/vulnerability/CVE-2026-29796/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##β οΈ CRITICAL: CVE-2026-29796 affects all IGL-Technologies eParking.fi versions. Missing WebSocket auth allows attackers to impersonate charging stations, disrupt operations, and corrupt data. Restrict access, monitor traffic, and secure now! https://radar.offseq.com/threat/cve-2026-29796-cwe-306-in-igl-technologies-eparkin-fcf429f8 #OffSeq #EVCharging #Infosec
##IGL-Technologies Patches Critical Authentication Bypass in eParking.fi Platform
IGL-Technologies patched four vulnerabilities in its eParking.fi platform, including a critical authentication bypass (CVE-2026-29796) that allows attackers to impersonate EV charging stations and gain administrative control.
**Isolate your EV charging infrastructure as much as possible from the public internet and public network access. Verify that your hardware supports the vendor's new security profiles. Since station identifiers were leaked on public maps, you should treat existing IDs as compromised and implement device whitelisting.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/igl-technologies-patches-critical-authentication-bypass-in-eparking-fi-platform-a-5-9-c-q/gD2P6Ple2L
updated 2026-03-21T00:31:52
1 posts
π CVE-2026-32666 - High (7.5)
WebCTRL systems that communicate over BACnet inherit the protocol's lack
of network layer authentication. WebCTRL does not implement additional
validation of BACnet traffic so an attacker with network access could
spoof BACnet packets directed ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32666/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-21T00:31:51
1 posts
π CVE-2026-25086 - High (7.7)
Under certain conditions, an attacker could bind to the same port used
by WebCTRL. This could allow the attacker to craft and send malicious
packets and impersonate the WebCTRL service without requiring code
injection into the WebCTRL software.
π https://www.thehackerwire.com/vulnerability/CVE-2026-25086/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:34:04
1 posts
π CVE-2026-33154 - High (7.5)
dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection (SSTI) due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaco...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33154/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:32:24
1 posts
π CVE-2026-33010 - High (8.1)
mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI's CORSMiddleware with allow_origins=['*'], allow_cre...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33010/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:28:38
1 posts
4 repos
https://github.com/bambooqj/CVE-2025-32432
https://github.com/Chocapikk/CVE-2025-32432
π¨ [CISA-2026:0320] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0320)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2025-31277 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-31277)
- Name: Apple Multiple Products Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277
β οΈ CVE-2025-32432 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32432)
- Name: Craft CMS Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Craft CMS
- Product: Craft CMS
- Notes: https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432
β οΈ CVE-2025-43510 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43510)
- Name: Apple Multiple Products Improper Locking Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43510
β οΈ CVE-2025-43520 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43520)
- Name: Apple Multiple Products Classic Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43520
β οΈ CVE-2025-54068 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-54068)
- Name: Laravel Livewire Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Laravel
- Product: Livewire
- Notes: https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 ; https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc ; https://nvd.nist.gov/vuln/detail/CVE-2025-54068
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260320 #cisa20260320 #cve_2025_31277 #cve_2025_32432 #cve_2025_43510 #cve_2025_43520 #cve_2025_54068 #cve202531277 #cve202532432 #cve202543510 #cve202543520 #cve202554068
##updated 2026-03-20T21:27:42
1 posts
π CVE-2026-33128 - High (7.5)
H3 is a minimal H(TTP) framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14, createEventStream is vulnerable to Server-Sent Events (SSE) injection due to missing newline sanitization in formatEventStreamMessage() and format...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33128/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:24:22
2 posts
RAXE-2026-040: Claude Code Workspace Trust Dialog Bypass via Repository Settings (CVE-2026-33068) | RAXE Labs
##Claude Code workspace trust dialog bypass via repository settings loading order [CVE-2026-33068, CVSS 7.7]. Settings resolved before trust dialog shown. https://raxe.ai/labs/advisories/RAXE-2026-040
##updated 2026-03-20T21:23:52
1 posts
π΄ CVE-2026-33057 - Critical (9.8)
Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally wit...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33057/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:23:23
1 posts
π΄ CVE-2026-33054 - Critical (10)
Mesop is a Python-based UI framework that allows users to build web applications. Versions 1.2.2 and below contain a Path Traversal vulnerability that allows any user supplying an untrusted state_token through the UI stream payload to arbitrarily ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33054/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:22:16
1 posts
π CVE-2026-33036 - High (7.5)
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references (&#NNN;, &#xHH;) and standard XML entities...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33036/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:21:56
1 posts
π CVE-2026-33012 - High (7.5)
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlError...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33012/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:21:06
1 posts
π΄ CVE-2026-32938 - Critical (9.9)
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths ag...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32938/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T21:04:19
1 posts
π΄ CVE-2026-22172 - Critical (9.9)
OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket connect path that allows shared-token or password-authenticated connections to self-declare elevated scopes without server-side binding. Attackers ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-22172/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T20:47:20
2 posts
π CVE-2026-33485 - High (7.5)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the RTMP `on_publish` callback at `plugin/Live/on_publish.php` is accessible without authentication. The `$_POST['name']` parameter (stream key) is interpolated di...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33485/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33485 - High (7.5)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the RTMP `on_publish` callback at `plugin/Live/on_publish.php` is accessible without authentication. The `$_POST['name']` parameter (stream key) is interpolated di...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33485/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T20:46:52
2 posts
π CVE-2026-33483 - High (7.5)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `aVideoEncoderChunk.json.php` endpoint is a completely standalone PHP script with no authentication, no framework includes, and no resource limits. An unauthen...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33483/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33483 - High (7.5)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `aVideoEncoderChunk.json.php` endpoint is a completely standalone PHP script with no authentication, no framework includes, and no resource limits. An unauthen...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33483/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T20:46:42
2 posts
π CVE-2026-33482 - High (8.1)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `sanitizeFFmpegCommand()` function in `plugin/API/standAlone/functions.php` is designed to prevent OS command injection in ffmpeg commands by stripping dangero...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33482/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33482 - High (8.1)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `sanitizeFFmpegCommand()` function in `plugin/API/standAlone/functions.php` is designed to prevent OS command injection in ffmpeg commands by stripping dangero...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33482/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T20:44:12
2 posts
π CVE-2026-33480 - High (8.6)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `isSSRFSafeURL()` function in AVideo can be bypassed using IPv4-mapped IPv6 addresses (`::ffff:x.x.x.x`). The unauthenticated `plugin/LiveLinks/proxy.php` endp...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33480/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33480 - High (8.6)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `isSSRFSafeURL()` function in AVideo can be bypassed using IPv4-mapped IPv6 addresses (`::ffff:x.x.x.x`). The unauthenticated `plugin/LiveLinks/proxy.php` endp...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33480/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T20:44:04
2 posts
π CVE-2026-33479 - High (8.8)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plugin's `saveSort.json.php` endpoint passes unsanitized user input from `$_REQUEST['sections']` array values directly into PHP's `eval()` function. Wh...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33479/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33479 - High (8.8)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plugin's `saveSort.json.php` endpoint passes unsanitized user input from `$_REQUEST['sections']` array values directly into PHP's `eval()` function. Wh...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33479/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T20:43:52
2 posts
π΄ CVE-2026-33478 - Critical (10)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnerabilities in AVideo's CloneSite plugin chain together to allow a completely unauthenticated attacker to achieve remote code execution. The `clones.j...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33478/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-33478 - Critical (10)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnerabilities in AVideo's CloneSite plugin chain together to allow a completely unauthenticated attacker to achieve remote code execution. The `clones.j...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33478/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T20:43:22
1 posts
π CVE-2026-33476 - High (7.5)
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the Siyuan kernel exposes an unauthenticated file-serving endpoint under `/appearance/*filepath.` Due to improper path sanitization, attackers can perform directory traversa...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33476/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T19:25:45.043000
1 posts
π΄ CVE-2026-33135 - Critical (9.3)
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the novo_memorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, wh...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33135/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T19:16:17.557000
1 posts
π΄ CVE-2026-32890 - Critical (9.6)
Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting (XSS) vulnerability in the web dashboard's User Mapping drop...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32890/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T19:16:16.670000
1 posts
π CVE-2026-32710 - High (8.5)
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to t...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32710/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T19:02:02.303000
2 posts
π CVE-2026-4447 - High (8.8)
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4447/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4447 - High (8.8)
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4447/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:53:35.083000
2 posts
π¨ [CISA-2026:0320] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0320)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2025-31277 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-31277)
- Name: Apple Multiple Products Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277
β οΈ CVE-2025-32432 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32432)
- Name: Craft CMS Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Craft CMS
- Product: Craft CMS
- Notes: https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432
β οΈ CVE-2025-43510 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43510)
- Name: Apple Multiple Products Improper Locking Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43510
β οΈ CVE-2025-43520 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43520)
- Name: Apple Multiple Products Classic Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43520
β οΈ CVE-2025-54068 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-54068)
- Name: Laravel Livewire Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Laravel
- Product: Livewire
- Notes: https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 ; https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc ; https://nvd.nist.gov/vuln/detail/CVE-2025-54068
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260320 #cisa20260320 #cve_2025_31277 #cve_2025_32432 #cve_2025_43510 #cve_2025_43520 #cve_2025_54068 #cve202531277 #cve202532432 #cve202543510 #cve202543520 #cve202554068
##CVE ID: CVE-2025-31277
Vendor: Apple
Product: Multiple Products
Date Added: 2026-03-20
Notes: https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-31277
updated 2026-03-20T18:36:12.533000
1 posts
5 repos
https://github.com/Jenderal92/livewire-vuln-scanner
https://github.com/flame-11/CVE-2025-54068-livewire
https://github.com/synacktiv/Livepyre
π¨ [CISA-2026:0320] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0320)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2025-31277 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-31277)
- Name: Apple Multiple Products Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277
β οΈ CVE-2025-32432 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32432)
- Name: Craft CMS Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Craft CMS
- Product: Craft CMS
- Notes: https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432
β οΈ CVE-2025-43510 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43510)
- Name: Apple Multiple Products Improper Locking Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43510
β οΈ CVE-2025-43520 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43520)
- Name: Apple Multiple Products Classic Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43520
β οΈ CVE-2025-54068 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-54068)
- Name: Laravel Livewire Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Laravel
- Product: Livewire
- Notes: https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 ; https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc ; https://nvd.nist.gov/vuln/detail/CVE-2025-54068
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260320 #cisa20260320 #cve_2025_31277 #cve_2025_32432 #cve_2025_43510 #cve_2025_43520 #cve_2025_54068 #cve202531277 #cve202532432 #cve202543510 #cve202543520 #cve202554068
##updated 2026-03-20T18:32:19
2 posts
π¨ [CISA-2026:0320] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0320)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2025-31277 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-31277)
- Name: Apple Multiple Products Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277
β οΈ CVE-2025-32432 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32432)
- Name: Craft CMS Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Craft CMS
- Product: Craft CMS
- Notes: https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432
β οΈ CVE-2025-43510 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43510)
- Name: Apple Multiple Products Improper Locking Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43510
β οΈ CVE-2025-43520 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43520)
- Name: Apple Multiple Products Classic Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43520
β οΈ CVE-2025-54068 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-54068)
- Name: Laravel Livewire Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Laravel
- Product: Livewire
- Notes: https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 ; https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc ; https://nvd.nist.gov/vuln/detail/CVE-2025-54068
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260320 #cisa20260320 #cve_2025_31277 #cve_2025_32432 #cve_2025_43510 #cve_2025_43520 #cve_2025_54068 #cve202531277 #cve202532432 #cve202543510 #cve202543520 #cve202554068
##CVE ID: CVE-2025-43520
Vendor: Apple
Product: Multiple Products
Date Added: 2026-03-20
Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43520
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-43520
updated 2026-03-20T18:31:30
1 posts
π CVE-2026-4493 - High (8.8)
A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted element is the function sub_423B50 of the file /goform/setMacFilterCfg of the component MAC Filtering Configuration Endpoint. Executing a manipulation of the argument device...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4493/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:31:29
1 posts
π CVE-2026-4490 - High (8.8)
A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. This manipulation causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit ha...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4490/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:31:27
1 posts
π CVE-2026-4489 - High (8.8)
A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation results in stack-based buffer overflow. The attack may be lau...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4489/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:31:27
1 posts
π CVE-2026-4488 - High (8.8)
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to buffer overflow. It is possible to launch the attack ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4488/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:31:18
1 posts
π CVE-2026-4464 - High (8.8)
Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4464/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:31:15
2 posts
π¨ [CISA-2026:0320] CISA Adds 5 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0320)
CISA has added 5 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
β οΈ CVE-2025-31277 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-31277)
- Name: Apple Multiple Products Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277
β οΈ CVE-2025-32432 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32432)
- Name: Craft CMS Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Craft CMS
- Product: Craft CMS
- Notes: https://craftcms.com/knowledge-base/craft-cms-cve-2025-32432 ; https://github.com/craftcms/cms/security/advisories/GHSA-f3gw-9ww9-jmc3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32432
β οΈ CVE-2025-43510 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43510)
- Name: Apple Multiple Products Improper Locking Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43510
β οΈ CVE-2025-43520 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-43520)
- Name: Apple Multiple Products Classic Buffer Overflow Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Apple
- Product: Multiple Products
- Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43520
β οΈ CVE-2025-54068 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-54068)
- Name: Laravel Livewire Code Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Laravel
- Product: Livewire
- Notes: https://github.com/livewire/livewire/security/advisories/GHSA-29cq-5w36-x7w3 ; https://github.com/livewire/livewire/commit/ef04be759da41b14d2d129e670533180a44987dc ; https://nvd.nist.gov/vuln/detail/CVE-2025-54068
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260320 #cisa20260320 #cve_2025_31277 #cve_2025_32432 #cve_2025_43510 #cve_2025_43520 #cve_2025_54068 #cve202531277 #cve202532432 #cve202543510 #cve202543520 #cve202554068
##CVE ID: CVE-2025-43510
Vendor: Apple
Product: Multiple Products
Date Added: 2026-03-20
Notes: https://support.apple.com/en-us/125632 ; https://support.apple.com/en-us/125633 ; https://support.apple.com/en-us/125634 ; https://support.apple.com/en-us/125635 ; https://support.apple.com/en-us/125636 ; https://support.apple.com/en-us/125637 ; https://support.apple.com/en-us/125638 ; https://support.apple.com/en-us/125639 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43510
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-43510
updated 2026-03-20T18:16:17.383000
1 posts
π CVE-2026-4492 - High (8.8)
A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. The attack is p...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4492/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:16:16.773000
1 posts
π CVE-2026-32989 - High (8.8)
Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to uploa...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32989/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:16:13.540000
1 posts
π CVE-2026-31836 - High (8.1)
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Che...
π https://www.thehackerwire.com/vulnerability/CVE-2026-31836/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T18:08:15.507000
1 posts
Deep Dive into CVE-2026-33001 : Arbitrary File Creation leading to RCE via Symlink attack in Jenkins Core https://fancy-amber-76a.notion.site/Deep-Dive-into-CVE-2026-33001-Arbitrary-File-Creation-leading-to-RCE-via-Symlink-attack-in-Jenkins-328751512b3380049b3dfa3b934a9a12
##updated 2026-03-20T18:07:58.067000
1 posts
π CVE-2026-4452 - High (8.8)
Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4452/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T17:59:23.127000
1 posts
π CVE-2026-4456 - High (8.8)
Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4456/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T17:58:59.643000
1 posts
π CVE-2026-4457 - High (8.8)
Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4457/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T17:57:46.137000
1 posts
π CVE-2026-4460 - High (8.8)
Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4460/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T17:57:06.217000
1 posts
π CVE-2026-4463 - High (8.8)
Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4463/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T17:17:00.240000
1 posts
π CVE-2026-4491 - High (8.8)
A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remote...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4491/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:56:45
1 posts
π CVE-2026-32701 - High (7.5)
Qwik is a performance-focused JavaScript framework. Versions prior to 1.19.2 improperly inferred arrays from dotted form field names during FormData parsing. By submitting mixed array-index and object-property keys for the same path, an attacker c...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32701/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:32:14
11 posts
1 repos
π° URGENT: Oracle Patches Critical 9.8 CVSS Unauthenticated RCE Flaw
π’ URGENT PATCH: Oracle has issued an emergency fix for CVE-2026-21992, a critical 9.8 CVSS unauthenticated RCE flaw in Identity Manager. Unpatched systems can be fully compromised. Patch immediately! π¨ #Oracle #CyberSecurity #RCE #PatchNow
##Oracle alert π¨
CVE-2026-21992 β unauth RCE (9.8)
Identity systems = high-value target
Emergency patch released
Assume breach? π
Follow @technadu
π΄ CRITICAL: Oracle Identity Manager RCE (CVE-2026-21992) allows unauthenticated remote code execution. No active exploitation reported yet, but patch now to avoid full compromise. Review deployments and restrict access. https://radar.offseq.com/threat/oracle-releases-emergency-patch-for-critical-ident-3d33a815 #OffSeq #Oracle #Vuln #Patch
##π’ Oracle publie un correctif d'urgence pour une faille RCE critique dans Identity Manager
π ## π Correctif d'urgence Oracle β CVE-2026-21992
**Source :** BleepingComputer...
π cyberveille : https://cyberveille.ch/posts/2026-03-21-oracle-publie-un-correctif-d-urgence-pour-une-faille-rce-critique-dans-identity-manager/
π source : https://www.bleepingcomputer.com/news/security/oracle-pushes-emergency-fix-for-critical-identity-manager-rce-flaw/
#CVE_2026_21992 #IOC #Cyberveille
New Episode: SANS Stormcast Monday, March 23rd, 2026: GSocket Backdoor in Bash; Oracle Security Alert; Rockwell Attacks
Shownotes:
GSocket Backdoor Delivered Through Bash Script
https://isc.sans.edu/diary/GSocket+Backdoor+Delivered+Through+Bash+Script/32816/#comments
Oracle Security Alert CVE-2026-21992 Released
https://blogs.oracle.com/security/alert-cve-2026-219
AntennaPod | Anytime Player | Apple Podcasts | Castamatic | CurioCaster | Fountain | gPodder | Overcast | Pocket Casts | Podcast Addict | Podcast Guru | Podnews | Podverse | Truefans
Or Listen right here.
##Oracle alert π¨
CVE-2026-21992 β unauth RCE (9.8)
Identity systems = high-value target
Emergency patch released
Assume breach? π
Follow @technadu
π΄ CRITICAL: Oracle Identity Manager RCE (CVE-2026-21992) allows unauthenticated remote code execution. No active exploitation reported yet, but patch now to avoid full compromise. Review deployments and restrict access. https://radar.offseq.com/threat/oracle-releases-emergency-patch-for-critical-ident-3d33a815 #OffSeq #Oracle #Vuln #Patch
##π΄ CVE-2026-21992 - Critical (9.8)
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) and Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are aff...
π https://www.thehackerwire.com/vulnerability/CVE-2026-21992/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
https://thehackernews.com/2026/03/oracle-patches-critical-cve-2026-21992.html
Short summary: https://hackerworkspace.com/article/oracle-patches-critical-cve-2026-21992-enabling-unauthenticated-rce-in-identity-manager
##Geopolitical tensions remain high as the Iran conflict disrupts the Strait of Hormuz, impacting oil prices and global tech supply chains due to halted helium output from Qatar (Mar 20-21, 2026). In technology, Google introduced a mandatory 24-hour wait for Android sideloading from unverified developers (Mar 20, 2026), while Nvidia showcased new AI chips at GTC 2026 (Mar 20, 2026). Cybersecurity saw Oracle patch a critical RCE vulnerability (CVE-2026-21992) (Mar 21, 2026), and Iranian-linked hackers targeted medical tech firm Stryker, wiping devices (Mar 20, 2026). A Trivy supply chain attack also deployed 'CanisterWorm' across npm packages (Mar 20, 2026).
##Oracle Issues Emergency Patch for Critical Vulnerability in Identity Manager, Web Services Manager
Oracle released an emergency patch for a critical remote code execution vulnerability (CVE-2026-21992) in Identity Manager and Web Services Manager that allows unauthenticated attackers to take over systems.
**If you're running Oracle Fusion Middleware , Oracle Identity Manager or Oracle Web Services Manager, this is important and probably urgent. If posssible, isolate the system to trusted networks only and use a Web Application Firewall with custom rules for this endoint. Then patch ASAP, because this flaw will be exploited, very soon.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/oracle-issues-emergency-patch-for-critical-vulnerability-in-identity-manager-web-services-manager-g-u-z-h-t/gD2P6Ple2L
updated 2026-03-20T15:32:14
1 posts
π CVE-2026-4462 - High (8.8)
Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4462/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:32:13
2 posts
π CVE-2026-4446 - High (8.8)
Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4446/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4446 - High (8.8)
Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4446/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:32:13
1 posts
π CVE-2026-4445 - High (8.8)
Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4445/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:32:13
1 posts
π CVE-2026-4444 - High (8.8)
Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4444/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:32:13
1 posts
π CVE-2026-4455 - High (8.8)
Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4455/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:32:13
1 posts
π CVE-2026-4451 - High (8.8)
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium securit...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4451/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:31:20
1 posts
π CVE-2026-4486 - High (8.8)
A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/formEasySetPassword of the component Web Service. The manipulation of the argument curTime results in stack-based buffer overflow. ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4486/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:31:12
1 posts
π CVE-2026-4454 - High (8.8)
Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4454/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:31:12
1 posts
π CVE-2026-4461 - High (8.8)
Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4461/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:31:12
1 posts
π CVE-2026-4459 - High (8.8)
Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4459/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:31:12
1 posts
π CVE-2026-4458 - High (8.8)
Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
π https://www.thehackerwire.com/vulnerability/CVE-2026-4458/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T15:16:23.850000
1 posts
π CVE-2026-4487 - High (8.8)
A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/websHostFilter. This manipulation causes buffer overflow. It is possible to initiate the attack remotely. The exploit has b...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4487/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T13:39:46.493000
2 posts
1 repos
https://github.com/watchtowrlabs/watchTowr-vs-BMC-Footprints-RCE-CVE-2025-71257-CVE-2025-71260
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-20T13:37:50.737000
4 posts
Code does not become better out of thin air just because you rewrite it in #rustlang. TOCTOUs are typically language agnostic. Here's one for tar: https://blog.rust-lang.org/2026/03/21/cve-2026-33056/ #security
##Security advisory for Cargo https://lobste.rs/s/hmb3mz #rust #security
https://blog.rust-lang.org/2026/03/21/cve-2026-33056/
Code does not become better out of thin air just because you rewrite it in #rustlang. TOCTOUs are typically language agnostic. Here's one for tar: https://blog.rust-lang.org/2026/03/21/cve-2026-33056/ #security
##Security advisory for Cargo https://lobste.rs/s/hmb3mz #rust #security
https://blog.rust-lang.org/2026/03/21/cve-2026-33056/
updated 2026-03-20T13:37:50.737000
1 posts
π CVE-2026-32933 - High (7.5)
AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service (DoS) attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforc...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T13:37:50.737000
1 posts
π΄ CVE-2026-32940 - Critical (9.3)
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an incomplete blocklist β it blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml, both o...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32940/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T13:37:50.737000
1 posts
π CVE-2026-27625 - High (8.1)
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user ca...
π https://www.thehackerwire.com/vulnerability/CVE-2026-27625/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T13:37:50.737000
1 posts
π CVE-2026-22324 - High (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Melania allows PHP Local File Inclusion.This issue affects Melania: from n/a through 2.5.0.
π https://www.thehackerwire.com/vulnerability/CVE-2026-22324/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T09:32:16
3 posts
π CVE-2026-4475 - High (8.8)
A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4475/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4475 - High (8.8)
A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4475/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4475 - High (8.8)
A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4475/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T09:32:16
1 posts
π CVE-2026-4478 - High (8.1)
A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1_20171024151200. This impacts an unknown function of the file home/web/ipc of the component HTTP Firmware Update Handler. The manipulation leads to improper verification of cryp...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4478/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-20T06:31:39
1 posts
π΄ CVE-2026-4038 - Critical (9.8)
The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Function Call that can lead to privilege escalation due to a missing capability check on the 'aiomatic_call_ai_function_realtime' function in all versions up to, and including, 2.7.5....
π https://www.thehackerwire.com/vulnerability/CVE-2026-4038/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T19:34:07
2 posts
π CVE-2026-33354 - High (7.6)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, `POST /objects/aVideoEncoder.json.php` accepts a requester-controlled `chunkFile` parameter intended for staged upload chunks. Instead of restricting that path to ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33354/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33354 - High (7.6)
WWBN AVideo is an open source video platform. In versions up to and including 26.0, `POST /objects/aVideoEncoder.json.php` accepts a requester-controlled `chunkFile` parameter intended for staged upload chunks. Instead of restricting that path to ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33354/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T19:25:54
2 posts
π΄ CVE-2026-33352 - Critical (9.8)
WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthenticated SQL injection vulnerability exists in `objects/category.php` in the `getAllCategories()` method. The `doNotShowCats` request parameter is sanitized only by str...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33352/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-33352 - Critical (9.8)
WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthenticated SQL injection vulnerability exists in `objects/category.php` in the `getAllCategories()` method. The `doNotShowCats` request parameter is sanitized only by str...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33352/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T19:13:30
2 posts
π΄ CVE-2026-33351 - Critical (9.1)
WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery (SSRF) vulnerability exists in `plugin/Live/standAloneFiles/saveDVR.json.php`. When the AVideo Live plugin is deployed in standalone mode (the inten...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33351/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-33351 - Critical (9.1)
WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery (SSRF) vulnerability exists in `plugin/Live/standAloneFiles/saveDVR.json.php`. When the AVideo Live plugin is deployed in standalone mode (the inten...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33351/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T18:36:41
1 posts
ONNX Hub silent=True suppresses all trust verification, enabling supply chain attacks on ML model loading (CVE-2026-28500, CVSS 9.1, no patch available) https://raxe.ai/labs/advisories/RAXE-2026-039
##updated 2026-03-19T18:32:21
3 posts
3 repos
https://github.com/sak110/CVE-2026-20131
Cisco Zero-Day 36 Tage vor Update ausgenutzt
Am 2026-03-04 hat Cisco ein Update gegen die SicherheitslΓΌcke CVE-2026-20131 verΓΆffentlicht. Sie hat die Einstufung 10 von 10 erhalten: die schlimmste aller vorstellbaren Schwachstellen. FallsΒΉ die Verwaltungs-OberflΓ€che (Management Interface) der Secure Firewall Management Center (FMC) Software und Security Cloud Control (SCC) Firewall Management Software aus dem Internet erreichbar ist, kann ein entfernter Angreifer ohne Autorisierung beliebigen Code mit Administrator-Rechten auf den betroffenen GerΓ€ten ausfΓΌhren (RCE). Sehr angemessen fΓΌr GerΓ€te, die
https://www.pc-fluesterer.info/wordpress/2026/03/21/cisco-zero-day-36-tage-vor-update-ausgenutzt/
#Allgemein #Empfehlung #Hintergrund #Warnung #0day #closedsource #cybercrime #erpresser #exploits #firewall #hersteller #hintertΓΌr #sicherheit #UnplugTrump #vorfΓ€lle
##"CISA orders feds to patch max-severity Cisco flaw by Sunday"
"[...] The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22."
##The campaign is exploiting "critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC), enabling unauthenticated remote code execution as root. The campaign combines edge-device exploitation, custom malware tooling, and double extortion tactics, indicating a mature and targeted ransomware operation."
FortiGuard's outbreak alerts listed a critical Interlock ransomware attack yesterday: https://fortiguard.fortinet.com/outbreak-alert/interlock-ransomware @FortiGuardLabs #infosec #ransomware #Cisco #cyberattack
##updated 2026-03-19T18:31:15
1 posts
2 repos
π¨ CVE-2026-24291 (RegPwn)
Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability
Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.
##updated 2026-03-19T18:28:12
1 posts
updated 2026-03-19T17:12:05
2 posts
π CVE-2026-33293 - High (8.1)
WWBN AVideo is an open source video platform. Prior to version 26.0, the `deleteDump` parameter in `plugin/CloneSite/cloneServer.json.php` is passed directly to `unlink()` without any path sanitization. An attacker with valid clone credentials can...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33293/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33293 - High (8.1)
WWBN AVideo is an open source video platform. Prior to version 26.0, the `deleteDump` parameter in `plugin/CloneSite/cloneServer.json.php` is passed directly to `unlink()` without any path sanitization. An attacker with valid clone credentials can...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33293/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T16:43:07
2 posts
π CVE-2026-33292 - High (7.5)
WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint (`view/hls.php`) is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33292 - High (7.5)
WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint (`view/hls.php`) is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T15:31:28
2 posts
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-19T15:31:28
2 posts
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-19T15:31:27
2 posts
1 repos
https://github.com/watchtowrlabs/watchTowr-vs-BMC-Footprints-RCE-CVE-2025-71257-CVE-2025-71260
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-19T15:31:22
2 posts
1 repos
https://github.com/GarethMSheldon/cve-2026-22557-unifi-detection
π’ Ubiquiti : faille critique CVE-2026-22557 (CVSS 10) dans UniFi Network β patch disponible
π ## π° Contexte
PubliΓ© le 20 mars 2026 sur IT-Connect par Florian Burnel, cet article ra...
π cyberveille : https://cyberveille.ch/posts/2026-03-22-ubiquiti-faille-critique-cve-2026-22557-cvss-10-dans-unifi-network-patch-disponible/
π source : https://www.it-connect.fr/ubiquiti-cve-2026-22557-cette-faille-critique-menace-votre-reseau-unifi/
#CVE_2026_22557 #CVE_2026_22558 #Cyberveille
Ubiquiti β CVE-2026-22557 : cette faille critique menace votre rΓ©seau UniFi https://www.it-connect.fr/ubiquiti-cve-2026-22557-cette-faille-critique-menace-votre-reseau-unifi/ #ActuCybersΓ©curitΓ© #CybersΓ©curitΓ© #VulnΓ©rabilitΓ©
##updated 2026-03-19T12:42:43
1 posts
π CVE-2026-33236 - High (8.1)
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the `subdir` ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33236/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-19T12:42:23
1 posts
π CVE-2026-33231 - High (7.5)
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` allows unauthenticated remot...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33231/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T20:22:12
1 posts
π CVE-2026-33226 - High (8.7)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and prior, the REST datasource query preview endpoint (POST /api/queries/preview) makes server-side HTTP requests to any URL supplied...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33226/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T20:20:40
1 posts
1 repos
π’ CVE-2026-22730 : Injection SQL dans Spring AI MariaDB permettant un contournement du contrΓ΄le d'accΓ¨s
π ## π Contexte
PubliΓ© le 19 mars 2026 par SecureLayer7 (Sandeep Kamble, outil Bugdazz /...
π cyberveille : https://cyberveille.ch/posts/2026-03-22-cve-2026-22730-injection-sql-dans-spring-ai-mariadb-permettant-un-contournement-du-controle-d-acces/
π source : https://blog.securelayer7.net/cve-2026-22730-sql-injection-spring-ai-mariadb/
#Bugdazz #CVE_2026_22730 #Cyberveille
updated 2026-03-18T20:16:59
1 posts
π CVE-2026-33204 - High (7.5)
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt() on atta...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33204/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T20:13:37.087000
1 posts
π’ APT28 exploite la faille XSS Zimbra CVE-2025-66376 contre des entitΓ©s ukrainiennes
π ## ποΈ Contexte
Selon un rapport publiΓ© par **Seqrite Labs** et relayΓ© par Security Affairs...
π cyberveille : https://cyberveille.ch/posts/2026-03-22-apt28-exploite-la-faille-xss-zimbra-cve-2025-66376-contre-des-entites-ukrainiennes/
π source : https://securityaffairs.com/189673/security/russian-apt-targets-ukraine-via-zimbra-xss-flaw-cve-2025-66376.html
#APT28 #CVE_2025_66376 #Cyberveille
updated 2026-03-18T20:11:01
1 posts
π CVE-2026-33203 - High (7.5)
SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are p...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33203/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T20:10:30
1 posts
π΄ CVE-2026-33186 - Critical (9.1)
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepti...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33186/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T19:53:59
2 posts
π CVE-2026-33166 - High (8.6)
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33166/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33166 - High (8.6)
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33166/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T18:33:12.503000
2 posts
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-18T12:58:35
2 posts
π CVE-2026-33053 - High (8.8)
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_curren...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33053/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33053 - High (8.8)
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the delete_api_key_route() endpoint accepts an api_key_id path parameter and deletes it with only a generic authentication check (get_curren...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33053/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T20:05:06
8 posts
3 repos
https://github.com/SimoesCTT/Sovereign-Echo-33017
https://github.com/omer-efe-curkus/CVE-2026-33017-Langflow-RCE-PoC
CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours
#CVE_2026_33017
https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours
π’ CVE-2026-33017 : exploitation de Langflow en moins de 20h sans PoC public
π ## ποΈ Contexte
Source : Infosecurity Magazine, article de Phil Muncaster publiΓ© le 20 mars 2026, basΓ© sur un blog post de Sysdig.
π cyberveille : https://cyberveille.ch/posts/2026-03-22-cve-2026-33017-exploitation-de-langflow-en-moins-de-20h-sans-poc-public/
π source : https://www.infosecurity-magazine.com/news/hackers-exploit-critical-langflow/
#CVE_2026_33017 #IOC #Cyberveille
Langflow Got Hacked Twice Through the Same exec() Call - CVE-2026-33017 (CVSS 9.3) exploited in 20 hours with no public PoC https://blog.barrack.ai/langflow-exec-rce-cve-2026-33017/
##CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours
#CVE_2026_33017
https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours
Langflow Got Hacked Twice Through the Same exec() Call - CVE-2026-33017 (CVSS 9.3) exploited in 20 hours with no public PoC https://blog.barrack.ai/langflow-exec-rce-cve-2026-33017/
##CVE-2026β33017: How I Found an Unauthenticated RCE in Langflow by Reading the Code They Already Fixed
#CVE_2026β33017
https://medium.com/@aviral23/cve-2026-33017-how-i-found-an-unauthenticated-rce-in-langflow-by-reading-the-code-they-already-dc96cdce5896
Critical Langflow RCE Vulnerability CVE-2026-33017 Exploited Within Hours
Researchers report active exploitation of a critical RCE vulnerability (CVE-2026-33017) in Langflow that allows unauthenticated attackers to execute arbitrary Python code and steal sensitive API keys. The flaw was weaponized within 20 hours of disclosure, targeting exposed AI orchestration pipelines to harvest credentials and environment variables.
**If you're running Langflow, this is urgent. Update immediately to version 1.9.0.dev8 or later to patch CVE-2026-33017, and disable the AUTO_LOGIN=true default setting. Until you can update, restrict network access to the vulnerable endpoint, place Langflow behind a reverse proxy with authentication. Regardless if you patch or isolate, make sure to rotate all API keys and credentials the platform uses after isolating.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-langflow-rce-vulnerability-cve-2026-33017-exploited-within-hours-q-n-c-a-6/gD2P6Ple2L
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
https://thehackernews.com/2026/03/critical-langflow-flaw-cve-2026-33017.html
Short summary: https://hackerworkspace.com/article/critical-langflow-flaw-cve-2026-33017-triggers-attacks-within-20-hours-of-disclosure
##updated 2026-03-16T18:32:14
2 posts
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-16T17:06:59
1 posts
π CVE-2026-33142 - High (8.1)
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 (ClickHouse SQL injection via aggregate query parameters) added column name validation to the _aggregateBy method but did not...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33142/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:56
2 posts
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-16T15:30:55
2 posts
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-03-16T15:30:53
2 posts
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
π CVE Published in last 7 days (2026-03-16 - 2026-03-23)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1444
Severity:
- Critical: 89
- High: 472
- Medium: 648
- Low: 83
- None: 152
Status:
- : 57
- Analyzed: 366
- Awaiting Analysis: 475
- Modified: 12
- Received: 339
- Rejected: 13
- Undergoing Analysis: 182
Top CNAs:
- GitHub, Inc.: 376
- VulnCheck: 209
- VulDB: 151
- Wordfence: 133
- MITRE: 72
- N/A: 57
- kernel.org: 45
- Patchstack: 39
- Chrome: 26
- Zero Day Initiative: 23
Top Affected Products:
- UNKNOWN: 994
- Openclaw: 79
- Google Chrome: 26
- Mattermost Server: 20
- Canva Affinity: 19
- Dlink Dns-321 Firmware: 15
- Dlink Dns-320 Firmware: 15
- Dlink Dns-345 Firmware: 15
- Dlink Dns-326 Firmware: 15
- Dlink Dns-1100-4 Firmware: 15
Top EPSS Score:
- CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493)
- CVE-2025-71260 - 6.54 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)
- CVE-2025-71257 - 3.58 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71257)
- CVE-2026-32596 - 2.26 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32596)
- CVE-2026-32583 - 2.09 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32583)
- CVE-2026-4497 - 1.91 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4497)
- CVE-2025-71259 - 1.87 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71259)
- CVE-2025-15060 - 1.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-15060)
- CVE-2025-71258 - 1.62 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71258)
- CVE-2026-3838 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3838)
updated 2026-02-27T16:51:59
1 posts
New advisory. Login is needed for details.
Broadcom: Critical: Software Toolkit Plugin for z/OSMF 1.0 - Vulnerability in fast-xml-parser (CVE-2026-25896) https://support.broadcom.com/web/ecx/security-advisory #infosec #vulnerability #Broadcom
##updated 2026-02-24T21:31:41
1 posts
Oh good, a critical update for libtiff6. Ancient formats certainly carry a lot of baggage. https://nvd.nist.gov/vuln/detail/CVE-2025-61144
##updated 2026-02-20T18:31:25
1 posts
1 repos
updated 2026-02-19T18:32:09
1 posts
1 repos
https://github.com/rootdirective-sec/CVE-2026-1581-Analysis-Lab
wpForo Forum <= 2.4.14 - SQL Injection (CVE-2026-1581)
https://pentest-tools.com/vulnerabilities-exploits/wpforo-forum-2414-sql-injection_29049
Short summary: https://hackerworkspace.com/article/wpforo-forum-2-4-14-sql-injection-cve-2026-1581
##updated 2026-02-18T00:30:22
2 posts
What You Need to Know: Windows Admin Center Remote Privilege Escalation (CVE-2026-26119) https://www.semperis.com/blog/what-you-need-to-know-windows-admin-center-remote-privilege-escalation-cve-2026-26119/
##What You Need to Know: Windows Admin Center Remote Privilege Escalation (CVE-2026-26119) https://www.semperis.com/blog/what-you-need-to-know-windows-admin-center-remote-privilege-escalation-cve-2026-26119/
##updated 2026-02-13T17:41:02.987000
2 posts
7 repos
https://github.com/Ckokoski/moatbot-security
https://github.com/adibirzu/openclaw-security-monitor
https://github.com/ethiack/moltbot-1click-rce
https://github.com/Joseph19820124/openclaw-vuln-report
https://github.com/EQSTLab/CVE-2026-25253
https://github.com/al4n4n/CVE-2026-25253-research
https://github.com/FrigateCaptain/openclaw_vulnerabilities_and_solutions
OpenClaw CVE-2026-25253 is worse than it looks (quick security checklist) https://blink.new/blog/openclaw-security-audit-checklist-2026
##OpenClaw CVE-2026-25253 is worse than it looks (quick security checklist) https://blink.new/blog/openclaw-security-audit-checklist-2026
##updated 2026-02-03T21:40:30
1 posts
π° CISA KEV Catalog Updated: Federal Agencies Must Patch Exploited Flaws in Apple, Laravel, Craft CMS
π’ CISA KEV UPDATE: Actively exploited flaws in Apple visionOS (CVE-2026-28217), Laravel (CVE-2024-4671), & Craft CMS (CVE-2026-25487) added to catalog. Federal agencies must patch by April 12. All orgs urged to patch NOW! β οΈ #KEV #CISA
##updated 2026-01-13T18:31:17
3 posts
1 repos
CVE-2026-20817 - Windows Error Reporting Service EoP https://itm4n.github.io/cve-2026-20817-wersvc-eop/
##This is my analysis (and PoC) for CVE-2026-20817, a privilege escalation in the Windows Error Reporting service.
π https://itm4n.github.io/cve-2026-20817-wersvc-eop/
Credit goes to Denis Faiustov and Ruslan Sayfiev for the discovery.
TL;DR A low privilege user could send an ALPC message to the WER service and coerce it to start a WerFault.exe process as SYSTEM with user-controlled arguments and options. I did not achieve arbitrary code execution, but perhaps someone knows how this can be done? π€·ββοΈ
##This is my analysis (and PoC) for CVE-2026-20817, a privilege escalation in the Windows Error Reporting service.
π https://itm4n.github.io/cve-2026-20817-wersvc-eop/
Credit goes to Denis Faiustov and Ruslan Sayfiev for the discovery.
TL;DR A low privilege user could send an ALPC message to the WER service and coerce it to start a WerFault.exe process as SYSTEM with user-controlled arguments and options. I did not achieve arbitrary code execution, but perhaps someone knows how this can be done? π€·ββοΈ
##updated 2025-11-03T21:35:11
2 posts
π° Warning: Critical 10.0 CVSS Quest KACE Flaw from 2025 Now Actively Exploited
π₯ ACTIVE EXPLOITATION: A year-old, 10.0 CVSS flaw in Quest KACE SMA (CVE-2025-32975) is now being actively exploited. Attackers are gaining full admin control, deploying Mimikatz, and moving laterally. Patch and isolate from the internet NOW! #CVE
##β οΈ CRITICAL: Quest KACE vuln (CVE-2025-32975) under active exploitation, mainly in education. No patch yet β segment networks, monitor KACE activity, and restrict access. Global risk. Details: https://radar.offseq.com/threat/critical-quest-kace-vulnerability-potentially-expl-c5cd699f #OffSeq #Vulnerability #QuestKACE #Education
##updated 2025-10-24T14:07:21.820000
1 posts
π° CISA KEV Catalog Updated: Federal Agencies Must Patch Exploited Flaws in Apple, Laravel, Craft CMS
π’ CISA KEV UPDATE: Actively exploited flaws in Apple visionOS (CVE-2026-28217), Laravel (CVE-2024-4671), & Craft CMS (CVE-2026-25487) added to catalog. Federal agencies must patch by April 12. All orgs urged to patch NOW! β οΈ #KEV #CISA
##updated 2025-10-15T18:45:23.107000
2 posts
PolyShell Vulnerability Exposes Adobe Commerce and Magento to Remote Code Execution
Sansec reports "PolyShell," an unrestricted file upload vulnerability (CVE-2025-20720) in Magento and Adobe Commerce that allows unauthenticated attackers to achieve remote code execution via the REST API.
**If you are using Adobe Commerce and Magento Open Source, restrict web server access to the pub/media/custom_options/ directory to prevent the execution of uploaded malicious scripts. Since a production patch is currently not afailable, deploy a web application firewall to block exploit attempts in real-time.**
#cybersecurity #infosec #advisory #databreach
https://beyondmachines.net/event_details/polyshell-vulnerability-exposes-adobe-commerce-and-magento-to-remote-code-execution-9-b-r-8-z/gD2P6Ple2L
PolyShell Vulnerability Exposes Adobe Commerce and Magento to Remote Code Execution
Sansec reports "PolyShell," an unrestricted file upload vulnerability (CVE-2025-20720) in Magento and Adobe Commerce that allows unauthenticated attackers to achieve remote code execution via the REST API.
**If you are using Adobe Commerce and Magento Open Source, restrict web server access to the pub/media/custom_options/ directory to prevent the execution of uploaded malicious scripts. Since a production patch is currently not afailable, deploy a web application firewall to block exploit attempts in real-time.**
#cybersecurity #infosec #advisory #databreach
https://beyondmachines.net/event_details/polyshell-vulnerability-exposes-adobe-commerce-and-magento-to-remote-code-execution-9-b-r-8-z/gD2P6Ple2L
updated 2025-07-29T14:14:29.590000
1 posts
Svelte best practices, Next.js AI integration.
- **Security vulnerabilities**: VMware vCenter DoS (CVE-2025-41241), Trivy supply-chain attack (47 npm packages), McKinsey AI platform hack (SQL injection), OpenClaw security flaws.
- **Open-source tools**: Librebootβs `mkhtemp` hardening, libdvd-package for DVD playback, Floci (AWS emulator), Grafeo (graph database), Regex Blaster, human.json protocol.
- **Retro computing & niche projects**: AmigaOS updates (atrace, amigactl), [2/3]
updated 2025-01-30T18:01:07.080000
1 posts
π¨ EUVD-2026-14361
π Score: n/a
π¦ Product: trx_addons
π’ Vendor: Unknown
π
Updated: 2026-03-23
π The trx_addons WordPress plugin before 2.38.5 does not correctly validate file types in one of its AJAX action, allowing unauthenticated users to upload arbitrary file. This is due to an incorrect fix of CVE-2024-13448
π https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-14361
##updated 2023-11-07T04:22:45.730000
1 posts
updated 2023-02-01T05:08:53
2 posts
From a Silent Math Error to Certificate Bypass: Uncovering an Integer Overflow in a TLS Parser
This article details an integer overflow vulnerability within a Transport Layer Security (TLS) parser. The flaw allowed attackers to bypass certificate checks due to improper validation of parsed values. When the server received maliciously crafted client hello messages containing excessively large extensions, it failed to handle the unexpected data size. As a result, an integer overflow occurred, leading to buffer overflows and arbitrary code execution. The researcher exploited this vulnerability by sending a specially crafted TLS handshake request with extended client hello payloads that contained large, incorrectly parsed values. By modifying the length of extension fields, they tricked the parser into interpreting non-existent data as valid, causing unintended execution of malicious code and certificate bypass. The exploit resulted in a high severity vulnerability (CVE-2018-0204) with a CVSS score of 9.8. The researcher was awarded $36,000 for their findings, and the vendor promptly released patches to address this issue. To prevent similar issues, developers should perform rigorous input validation and limit the size of parsed values during TLS handshake processing. Key lesson: Proper input validation is crucial in TLS parsing to avoid buffer overflows and other security vulnerabilities #BugBounty #Cryptography #TLS #IntegerOverflow #BufferOverFlow
From a Silent Math Error to Certificate Bypass: Uncovering an Integer Overflow in a TLS Parser
This article details an integer overflow vulnerability within a Transport Layer Security (TLS) parser. The flaw allowed attackers to bypass certificate checks due to improper validation of parsed values. When the server received maliciously crafted client hello messages containing excessively large extensions, it failed to handle the unexpected data size. As a result, an integer overflow occurred, leading to buffer overflows and arbitrary code execution. The researcher exploited this vulnerability by sending a specially crafted TLS handshake request with extended client hello payloads that contained large, incorrectly parsed values. By modifying the length of extension fields, they tricked the parser into interpreting non-existent data as valid, causing unintended execution of malicious code and certificate bypass. The exploit resulted in a high severity vulnerability (CVE-2018-0204) with a CVSS score of 9.8. The researcher was awarded $36,000 for their findings, and the vendor promptly released patches to address this issue. To prevent similar issues, developers should perform rigorous input validation and limit the size of parsed values during TLS handshake processing. Key lesson: Proper input validation is crucial in TLS parsing to avoid buffer overflows and other security vulnerabilities #BugBounty #Cryptography #TLS #IntegerOverflow #BufferOverFlow
β‘οΈ CVE-2026-3055 π
π
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300
CVE-2026-3055 - Out-of-Bounds Read vulnerability - CVSSv4 base score: 9.3
Note: Citrix NetScaler ADC or Citrix Gateway must be configured as SAML IDP to be vulnerable to CVE-2026-3055.
β‘οΈ CVE-2026-3055 π
π
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300
CVE-2026-3055 - Out-of-Bounds Read vulnerability - CVSSv4 base score: 9.3
Note: Citrix NetScaler ADC or Citrix Gateway must be configured as SAML IDP to be vulnerable to CVE-2026-3055.
β‘οΈ CVE-2026-3055 π
π
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300
CVE-2026-3055 - Out-of-Bounds Read vulnerability - CVSSv4 base score: 9.3
Note: Citrix NetScaler ADC or Citrix Gateway must be configured as SAML IDP to be vulnerable to CVE-2026-3055.
β‘οΈ CVE-2026-3055 π
π
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300
CVE-2026-3055 - Out-of-Bounds Read vulnerability - CVSSv4 base score: 9.3
Note: Citrix NetScaler ADC or Citrix Gateway must be configured as SAML IDP to be vulnerable to CVE-2026-3055.
π° CISA KEV Catalog Updated: Federal Agencies Must Patch Exploited Flaws in Apple, Laravel, Craft CMS
π’ CISA KEV UPDATE: Actively exploited flaws in Apple visionOS (CVE-2026-28217), Laravel (CVE-2024-4671), & Craft CMS (CVE-2026-25487) added to catalog. Federal agencies must patch by April 12. All orgs urged to patch NOW! β οΈ #KEV #CISA
##π CVE-2026-4645 - High (7.5)
A flaw was found in the `github.com/antchfx/xpath` component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the `logicalQuery.Select` fu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4645/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-4645 - High (7.5)
A flaw was found in the `github.com/antchfx/xpath` component. A remote attacker could exploit this vulnerability by submitting crafted Boolean XPath expressions that evaluate to true. This can cause an infinite loop in the `logicalQuery.Select` fu...
π https://www.thehackerwire.com/vulnerability/CVE-2026-4645/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##A vulnerability in a Linux enterprise app can allow attackers root access over devices
The issue impacts Himmelblau, an interoperability suite to integrate Linux with Entra ID and Intune networks.
##A vulnerability in a Linux enterprise app can allow attackers root access over devices
The issue impacts Himmelblau, an interoperability suite to integrate Linux with Entra ID and Intune networks.
##π¨ New security advisory:
CVE-2026-33134 affects Wegia Wegia.
β’ Impact: Remote code execution or complete system compromise possible
β’ Risk: Attackers can gain full control of affected systems
β’ Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-33134-wegia-sql-injection-vulnerability-update-now
πΊ https://peer.adalta.social/w/wg6KobEvvKKJLWMzqGDZtq
π [π©πͺπΊπΈπ«π·](https://adalta.info/articles/prstn_security_116266728422046419_fr)
π [βΉοΈ](https://www.redpacketsecurity.com/cve-alert-cve-2026-33134-labredescefetrj-wegia/")
Une injection SQL authentifiΓ©e dans WeGIA compromet l'intΓ©gralitΓ© des bases de donnΓ©es des institutions.
##πΊ https://peer.adalta.social/w/vUPVbxbkikKKbXfJUWY7un
π [π©πͺπΊπΈπ«π·](https://adalta.info/articles/prstn_security_116266728422046419_en)
π [βΉοΈ](https://www.redpacketsecurity.com/cve-alert-cve-2026-33134-labredescefetrj-wegia/")
An authenticated SQL injection in WeGIA enables full database compromise, demanding immediate remediation for high-risk organizations.
##πΊ https://peer.adalta.social/w/gG6EiykmeMqKds94uYjSvn
π [π©πͺπΊπΈπ«π·](https://adalta.info/articles/prstn_security_116266728422046419_de)
π [βΉοΈ](https://www.redpacketsecurity.com/cve-alert-cve-2026-33134-labredescefetrj-wegia/")
Authentifizierte SQL-Injektion in einer WohltΓ€tigkeitssoftware ermΓΆglicht vollstΓ€ndige Datenbankkompromittierung.
##π΄ CVE-2026-33134 - Critical (9.3)
WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurar_produto.php endpoint. The vulnerability allows an authenticated attacker to inject arbit...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33134/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-32888 - High (8.8)
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled (search_custom ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32888/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-32891 - Critical (9)
Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. Versions 1.4.1 and below contain a stored XSS vulnerability in the Jellyseerr user selector. Jellyseerr allows any acco...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33037 - High (8.1)
WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files (docker-compose.yml, env.example) ship with the admin password set to "password", which is automatically used to seed the admin account ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33037/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33037 - High (8.1)
WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files (docker-compose.yml, env.example) ship with the admin password set to "password", which is automatically used to seed the admin account ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33037/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33072 - High (8.2)
FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key (default_please_change_this_key) is used for all cryptographic operations β HMAC token generation, AES config encryption, ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33072/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π΄ CVE-2026-33136 - Critical (9.3)
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability in the listar_memorandos_ativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the ...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33136/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-33150 - High (7.8)
libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to crash FUSE filesystem processes and potentially...
π https://www.thehackerwire.com/vulnerability/CVE-2026-33150/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-32303 - High (7.6)
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vulnerability allows an attacker to tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loadin...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32303/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-32318 - High (7.6)
Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middl...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##π CVE-2026-32317 - High (7.6)
Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 1.12.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-...
π https://www.thehackerwire.com/vulnerability/CVE-2026-32317/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##New.
Tenable research advisories: High-severity CVE-2026-33307 and CVE-2026-33308: mod_gnutls Multiple Vulnerabilities https://www.tenable.com/security/research/tra-2026-20 @tenable #infosec #vulnerability
##New.
Tenable research advisories: High-severity CVE-2026-33307 and CVE-2026-33308: mod_gnutls Multiple Vulnerabilities https://www.tenable.com/security/research/tra-2026-20 @tenable #infosec #vulnerability
##