| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-3826 | 9.8 | 0.00% | 2 | 0 | 2026-03-11T09:32:00 | IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing | |
| CVE-2026-29515 | None | 0.00% | 2 | 0 | 2026-03-11T06:31:47 | MiCode FileExplorer contains an authentication bypass vulnerability in the embed | |
| CVE-2026-27842 | 9.8 | 0.00% | 2 | 0 | 2026-03-11T06:31:41 | Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow | |
| CVE-2026-2631 | 0 | 0.00% | 2 | 0 | 2026-03-11T06:17:14.467000 | The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an una | |
| CVE-2026-24448 | 9.8 | 0.00% | 2 | 0 | 2026-03-11T06:17:13.697000 | Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which m | |
| CVE-2026-0124 | None | 0.00% | 2 | 0 | 2026-03-11T00:31:32 | There is a possible out of bounds write due to a missing bounds check. This coul | |
| CVE-2026-30966 | 10.0 | 0.00% | 2 | 0 | 2026-03-11T00:21:09 | ### Impact Parse Server's internal tables, which store Relation field mappings | |
| CVE-2026-26738 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T21:33:20 | Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows | |
| CVE-2026-26801 | 7.5 | 0.00% | 1 | 0 | 2026-03-10T21:32:24 | Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta. | |
| CVE-2026-27276 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T21:32:24 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free | |
| CVE-2026-27273 | 7.8 | 0.00% | 2 | 0 | 2026-03-10T21:32:24 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds | |
| CVE-2026-27274 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T21:32:24 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds | |
| CVE-2026-27280 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T21:32:24 | DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write v | |
| CVE-2026-27277 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T21:32:17 | Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free | |
| CVE-2026-27279 | 7.8 | 0.00% | 2 | 0 | 2026-03-10T21:32:17 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds | |
| CVE-2025-11158 | 9.1 | 0.04% | 1 | 0 | 2026-03-10T21:32:14 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, i | |
| CVE-2026-24457 | 9.1 | 0.19% | 1 | 0 | 2026-03-10T19:52:11.887000 | An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read ar | |
| CVE-2025-13476 | 9.8 | 0.05% | 1 | 0 | 2026-03-10T19:49:55.930000 | Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 u | |
| CVE-2025-14675 | 7.2 | 0.68% | 1 | 0 | 2026-03-10T19:34:20 | The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due t | |
| CVE-2026-27826 | 8.2 | 0.00% | 2 | 1 | 2026-03-10T19:17:20.670000 | MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (C | |
| CVE-2026-27275 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T19:17:19.560000 | Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds | |
| CVE-2026-27269 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T19:17:18.980000 | Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vul | |
| CVE-2025-69219 | 8.8 | 0.03% | 1 | 2 | 2026-03-10T18:58:35.607000 | A user with access to the DB could craft a database entry that would result in e | |
| CVE-2026-3630 | 9.8 | 0.04% | 3 | 0 | 2026-03-10T18:48:52.193000 | Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability. | |
| CVE-2026-3631 | 7.5 | 0.04% | 1 | 0 | 2026-03-10T18:48:42.673000 | Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability. | |
| CVE-2026-3823 | 8.8 | 0.14% | 3 | 0 | 2026-03-10T18:46:53.270000 | EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Ov | |
| CVE-2026-30944 | 8.8 | 0.00% | 2 | 1 | 2026-03-10T18:45:50 | ## Summary The /studiocms_api/dashboard/api-tokens endpoint allows any authentic | |
| CVE-2026-30957 | 10.0 | 0.00% | 3 | 0 | 2026-03-10T18:45:14 | ### Summary OneUptime Synthetic Monitors allow a low-privileged authenticated p | |
| CVE-2026-30956 | 10.0 | 0.00% | 1 | 0 | 2026-03-10T18:45:04 | ### Summary A low‑privileged user can bypass authorization and tenant isolation | |
| CVE-2026-30921 | 10.0 | 0.01% | 2 | 0 | 2026-03-10T18:44:25 | Summary OneUptime Synthetic Monitors allow low-privileged project users to subm | |
| CVE-2026-30869 | 9.3 | 0.43% | 1 | 0 | 2026-03-10T18:43:20 | ### Summary A path traversal vulnerability in the `/export` endpoint allows an a | |
| CVE-2026-28292 | 9.8 | 0.00% | 3 | 0 | 2026-03-10T18:38:58 | ### Summary The `blockUnsafeOperationsPlugin` in `simple-git` fails to block gi | |
| CVE-2026-26128 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:31:31 | Improper authentication in Windows SMB Server allows an authorized attacker to e | |
| CVE-2026-26130 | 7.5 | 0.00% | 3 | 0 | 2026-03-10T18:31:31 | Allocation of resources without limits or throttling in ASP.NET Core allows an u | |
| CVE-2026-26117 | 7.8 | 0.00% | 5 | 0 | 2026-03-10T18:31:30 | Authentication bypass using an alternate path or channel in Azure Windows Virtua | |
| CVE-2026-26113 | 8.4 | 0.00% | 1 | 0 | 2026-03-10T18:31:30 | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacke | |
| CVE-2026-26127 | 7.5 | 0.00% | 1 | 0 | 2026-03-10T18:31:30 | Out-of-bounds read in .NET allows an unauthorized attacker to deny service over | |
| CVE-2026-26132 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:31:30 | Use after free in Windows Kernel allows an authorized attacker to elevate privil | |
| CVE-2026-26131 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:31:30 | Incorrect default permissions in .NET allows an authorized attacker to elevate p | |
| CVE-2026-2339 | 7.5 | 0.00% | 1 | 0 | 2026-03-10T18:31:30 | Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Sof | |
| CVE-2026-3843 | 9.8 | 0.46% | 2 | 0 | 2026-03-10T18:31:30 | Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux conta | |
| CVE-2026-24289 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:31:26 | Use after free in Windows Kernel allows an authorized attacker to elevate privil | |
| CVE-2026-1261 | 7.2 | 0.07% | 1 | 0 | 2026-03-10T18:31:26 | The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scriptin | |
| CVE-2026-21262 | 8.8 | 0.00% | 1 | 0 | 2026-03-10T18:31:25 | Improper access control in SQL Server allows an authorized attacker to elevate p | |
| CVE-2026-24291 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:31:25 | Incorrect permission assignment for critical resource in Windows Accessibility I | |
| CVE-2026-3585 | 7.5 | 0.06% | 2 | 0 | 2026-03-10T18:31:24 | The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in | |
| CVE-2026-2364 | 7.3 | 0.01% | 2 | 0 | 2026-03-10T18:31:24 | If a legitimate user confirms a self-update prompt or initiate an installation o | |
| CVE-2026-1508 | 4.3 | 0.00% | 1 | 0 | 2026-03-10T18:31:24 | The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check i | |
| CVE-2025-41711 | 5.3 | 0.02% | 2 | 0 | 2026-03-10T18:31:24 | An unauthenticated remote attacker can use firmware images to extract password h | |
| CVE-2025-41710 | 6.5 | 0.03% | 2 | 0 | 2026-03-10T18:31:24 | An unauthenticated remote attacker may use hardcodes credentials to get access t | |
| CVE-2026-0953 | 9.8 | 0.04% | 1 | 0 | 2026-03-10T18:31:24 | The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in | |
| CVE-2026-3847 | 8.8 | 0.00% | 2 | 0 | 2026-03-10T18:19:05.837000 | Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidenc | |
| CVE-2026-3845 | 8.8 | 0.00% | 2 | 0 | 2026-03-10T18:19:05.507000 | Heap buffer overflow in the Audio/Video: Playback component in Firefox for Andro | |
| CVE-2026-3483 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:19:01.720000 | An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local | |
| CVE-2026-30985 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:18:57.663000 | iccDEV provides a set of libraries and tools for working with ICC color manageme | |
| CVE-2026-30978 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:18:56.537000 | iccDEV provides a set of libraries and tools for working with ICC color manageme | |
| CVE-2026-30934 | 8.9 | 0.00% | 1 | 0 | 2026-03-10T18:18:53.257000 | FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3 | |
| CVE-2026-30910 | 7.5 | 0.01% | 1 | 0 | 2026-03-10T18:18:51.633000 | Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overf | |
| CVE-2026-26148 | 8.1 | 0.00% | 1 | 0 | 2026-03-10T18:18:43.270000 | External initialization of trusted variables or data stores in Azure Entra ID al | |
| CVE-2026-26144 | 7.5 | 0.00% | 4 | 0 | 2026-03-10T18:18:43.110000 | Improper neutralization of input during web page generation ('cross-site scripti | |
| CVE-2026-26141 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:18:42.957000 | Improper authentication in Azure Arc allows an authorized attacker to elevate pr | |
| CVE-2026-26134 | 7.8 | 0.00% | 1 | 0 | 2026-03-10T18:18:42.803000 | Integer overflow or wraparound in Microsoft Office allows an authorized attacker | |
| CVE-2026-26121 | 7.5 | 0.00% | 1 | 0 | 2026-03-10T18:18:41.347000 | Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized | |
| CVE-2026-26118 | 8.8 | 0.00% | 1 | 0 | 2026-03-10T18:18:41.180000 | Server-side request forgery (ssrf) in Azure MCP Server allows an authorized atta | |
| CVE-2025-41712 | 6.5 | 0.03% | 2 | 0 | 2026-03-10T18:17:56.543000 | An unauthenticated remote attacker who tricks a user to upload a manipulated HTM | |
| CVE-2025-41709 | 9.8 | 0.05% | 2 | 0 | 2026-03-10T18:17:55.980000 | [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allo | |
| CVE-2026-27944 | 9.8 | 0.05% | 4 | 3 | template | 2026-03-10T18:11:27.450000 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3. |
| CVE-2026-30920 | 8.6 | 0.01% | 2 | 0 | 2026-03-10T17:40:16 | OneUptime is a solution for monitoring and managing online services. Prior to 10 | |
| CVE-2026-27685 | 9.1 | 0.04% | 1 | 0 | 2026-03-10T17:38:10.980000 | SAP NetWeaver Enterprise Portal Administration is vulnerable if a privileged use | |
| CVE-2026-30863 | 9.8 | 0.07% | 1 | 1 | 2026-03-10T16:50:58.427000 | Parse Server is an open source backend that can be deployed to any infrastructur | |
| CVE-2026-3814 | 8.8 | 0.04% | 2 | 0 | 2026-03-10T14:28:37.057000 | A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected | |
| CVE-2026-1603 | 8.6 | 67.72% | 5 | 0 | template | 2026-03-10T13:11:30.467000 | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allo |
| CVE-2025-26399 | 9.8 | 34.23% | 6 | 1 | 2026-03-10T13:11:15.553000 | SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxP | |
| CVE-2026-3288 | 8.8 | 0.04% | 2 | 1 | 2026-03-10T09:32:52 | A security issue was discovered in ingress-nginx where the `nginx.ingress.kubern | |
| CVE-2026-30929 | 7.7 | 0.01% | 1 | 0 | 2026-03-10T07:44:57.127000 | ImageMagick is free and open-source software used for editing and manipulating d | |
| CVE-2025-70238 | 7.5 | 0.04% | 1 | 0 | 2026-03-09T21:32:45 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2025-70363 | 7.5 | 0.05% | 1 | 0 | 2026-03-09T21:32:40 | Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ci | |
| CVE-2026-3638 | 5.9 | 0.03% | 1 | 0 | 2026-03-09T21:31:49 | Improper access control in user and role restore API endpoints in Devolutions Se | |
| CVE-2025-61612 | 7.5 | 0.15% | 1 | 0 | 2026-03-09T21:31:37 | In nr modem, there is a possible system crash due to improper input validation. | |
| CVE-2025-61611 | 7.5 | 0.28% | 1 | 0 | 2026-03-09T21:31:37 | In modem, there is a possible improper input validation. This could lead to remo | |
| CVE-2025-69279 | 7.5 | 0.15% | 1 | 0 | 2026-03-09T21:31:37 | In nr modem, there is a possible system crash due to improper input validation. | |
| CVE-2025-61616 | 7.5 | 0.15% | 1 | 0 | 2026-03-09T21:31:37 | In nr modem, there is a possible system crash due to improper input validation. | |
| CVE-2025-61615 | 7.5 | 0.15% | 1 | 0 | 2026-03-09T21:31:37 | In nr modem, there is a possible system crash due to improper input validation. | |
| CVE-2025-61613 | 7.5 | 0.15% | 1 | 0 | 2026-03-09T21:31:37 | In nr modem, there is a possible system crash due to improper input validation. | |
| CVE-2021-22054 | 7.5 | 93.74% | 3 | 1 | template | 2026-03-09T21:31:33 | VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20. |
| CVE-2026-28802 | 9.8 | 0.04% | 1 | 0 | 2026-03-09T21:20:56.980000 | Authlib is a Python library which builds OAuth and OpenID Connect servers. From | |
| CVE-2025-61614 | 7.5 | 0.15% | 1 | 0 | 2026-03-09T21:16:12.060000 | In nr modem, there is a possible system crash due to improper input validation. | |
| CVE-2026-0846 | 8.6 | 0.08% | 2 | 0 | 2026-03-09T20:16:05.703000 | A vulnerability in the `filestring()` function of the `nltk.util` module in nltk | |
| CVE-2025-69278 | 7.5 | 0.15% | 1 | 0 | 2026-03-09T20:16:02.127000 | In nr modem, there is a possible system crash due to improper input validation. | |
| CVE-2026-30933 | 7.5 | 0.00% | 4 | 0 | 2026-03-09T19:48:12 | ### Summary The remediation for CVE-2026-27611 appears incomplete. Password pro | |
| CVE-2026-3038 | 7.5 | 0.04% | 1 | 0 | 2026-03-09T18:32:49 | The rtsock_msg_buffer() function serializes routing information into a buffer. | |
| CVE-2026-3588 | 7.5 | 0.02% | 1 | 0 | 2026-03-09T18:31:50 | A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 all | |
| CVE-2025-70047 | 7.5 | 0.04% | 1 | 0 | 2026-03-09T18:31:49 | An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered | |
| CVE-2026-25866 | 7.8 | 0.01% | 1 | 0 | 2026-03-09T18:31:49 | MobaXterm versions prior to 26.1 contain an uncontrolled search path element vul | |
| CVE-2026-29191 | 9.3 | 0.03% | 1 | 0 | 2026-03-09T15:48:28 | ### Summary A vulnerability was discovered in Zitadel's login V2 interface that | |
| CVE-2026-2919 | 4.3 | 0.01% | 1 | 0 | 2026-03-09T15:30:48 | Malicious scripts could display attacker-controlled web content under spoofed do | |
| CVE-2025-14769 | 7.5 | 0.01% | 1 | 0 | 2026-03-09T15:30:47 | In some cases, the `tcp-setmss` handler may free the packet data and throw an er | |
| CVE-2026-2219 | 7.5 | 0.01% | 1 | 0 | 2026-03-09T15:30:43 | It was discovered that dpkg-deb (a component of dpkg, the Debian package managem | |
| CVE-2026-3809 | 8.8 | 0.08% | 1 | 0 | 2026-03-09T15:30:24.130000 | A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the | |
| CVE-2026-3768 | 8.8 | 0.08% | 2 | 0 | 2026-03-09T15:17:08.960000 | A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by th | |
| CVE-2026-3803 | 8.8 | 0.08% | 1 | 0 | 2026-03-09T15:09:33.580000 | A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the funct | |
| CVE-2025-41761 | 7.8 | 0.02% | 2 | 0 | 2026-03-09T13:35:07.393000 | A low‑privileged local attacker who gains access to the UBR service account (e.g | |
| CVE-2025-41756 | 8.1 | 0.10% | 1 | 0 | 2026-03-09T13:35:07.393000 | A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.c | |
| CVE-2026-3815 | 8.8 | 0.04% | 2 | 0 | 2026-03-09T12:31:49 | A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects | |
| CVE-2025-41758 | 8.8 | 0.18% | 1 | 0 | 2026-03-09T09:30:37 | A low-privileged remote attacker can exploit an arbitrary file write vulnerabili | |
| CVE-2025-41764 | 9.1 | 0.10% | 2 | 0 | 2026-03-09T09:30:37 | Due to insufficient authorization enforcement, an unauthorized remote attacker c | |
| CVE-2025-41765 | 9.1 | 0.06% | 1 | 0 | 2026-03-09T09:30:37 | Due to insufficient authorization enforcement, an unauthorized remote attacker c | |
| CVE-2025-41772 | 7.5 | 0.03% | 1 | 0 | 2026-03-09T09:30:37 | An unauthenticated remote attacker can obtain valid session tokens because they | |
| CVE-2025-41766 | 8.8 | 0.39% | 1 | 0 | 2026-03-09T09:30:37 | A low-privileged remote attacker can trigger a stack-based buffer overflow via a | |
| CVE-2026-3811 | 8.8 | 0.08% | 2 | 0 | 2026-03-09T09:30:37 | A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the functi | |
| CVE-2025-41757 | 8.8 | 0.22% | 1 | 0 | 2026-03-09T09:30:36 | A low-privileged remote attacker can abuse the backup restore functionality of U | |
| CVE-2026-3810 | 8.8 | 0.08% | 1 | 0 | 2026-03-09T09:30:36 | A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the f | |
| CVE-2026-3808 | 8.8 | 0.09% | 1 | 0 | 2026-03-09T09:30:30 | A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element | |
| CVE-2026-3807 | 8.8 | 0.08% | 1 | 0 | 2026-03-09T09:30:30 | A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impact | |
| CVE-2026-3802 | 8.8 | 0.08% | 1 | 0 | 2026-03-09T06:31:20 | A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue | |
| CVE-2026-30896 | 7.8 | 0.01% | 1 | 0 | 2026-03-09T06:31:19 | The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic L | |
| CVE-2026-3804 | 8.8 | 0.08% | 2 | 0 | 2026-03-09T06:31:19 | A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerabilit | |
| CVE-2026-3799 | 8.8 | 0.08% | 1 | 0 | 2026-03-09T06:31:19 | A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the function formS | |
| CVE-2026-3801 | 8.8 | 0.09% | 1 | 0 | 2026-03-09T06:31:19 | A vulnerability was found in Tenda i3 1.0.0.6(2204). Affected by this vulnerabil | |
| CVE-2026-3787 | 7.0 | 0.01% | 1 | 0 | 2026-03-09T00:30:19 | A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an u | |
| CVE-2026-3769 | 8.8 | 0.08% | 2 | 0 | 2026-03-08T21:30:22 | A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is th | |
| CVE-2026-3732 | 8.8 | 0.08% | 1 | 0 | 2026-03-08T12:30:35 | A security vulnerability has been detected in Tenda F453 1.0.0.3. This affects t | |
| CVE-2026-3729 | 8.8 | 0.08% | 1 | 0 | 2026-03-08T12:30:34 | A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the funct | |
| CVE-2026-25070 | None | 1.03% | 1 | 0 | 2026-03-07T03:30:29 | XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain | |
| CVE-2026-30227 | None | 1.01% | 1 | 0 | 2026-03-06T22:52:51 | ### Summary A CRLF Injection vulnerability in MimeKit 4.15.0 allows an attacker | |
| CVE-2025-45691 | 7.5 | 0.05% | 1 | 0 | 2026-03-06T22:23:33 | An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in | |
| CVE-2026-29058 | 9.8 | 0.10% | 1 | 0 | 2026-03-06T21:56:51 | ## Impact An unauthenticated attacker can execute arbitrary OS commands on the | |
| CVE-2026-24105 | 9.8 | 1.69% | 1 | 0 | 2026-03-06T21:05:36.243000 | An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.1 | |
| CVE-2025-70229 | 9.8 | 0.06% | 1 | 0 | 2026-03-06T17:38:28.367000 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2018-25181 | 7.5 | 0.57% | 1 | 0 | 2026-03-06T15:31:36 | Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticate | |
| CVE-2026-25921 | 9.3 | 0.02% | 1 | 0 | 2026-03-06T14:02:02.117000 | Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwri | |
| CVE-2025-70231 | 9.8 | 0.08% | 1 | 0 | 2026-03-06T12:31:36 | D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When proces | |
| CVE-2025-70230 | 9.8 | 0.06% | 1 | 0 | 2026-03-06T12:31:36 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2025-70616 | 7.8 | 0.01% | 1 | 0 | 2026-03-06T12:31:36 | A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys | |
| CVE-2025-70233 | 9.8 | 0.06% | 1 | 0 | 2026-03-06T12:30:31 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2025-70232 | 9.8 | 0.06% | 1 | 0 | 2026-03-06T12:30:31 | Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime para | |
| CVE-2026-26478 | 9.8 | 1.22% | 1 | 0 | 2026-03-04T18:32:01 | A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012 | |
| CVE-2026-2256 | 6.5 | 2.31% | 1 | 1 | 2026-03-03T21:52:29.877000 | A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 an | |
| CVE-2026-21385 | 7.8 | 0.38% | 3 | 1 | 2026-03-03T21:31:13 | Memory corruption while using alignments for memory allocation. | |
| CVE-2024-47886 | 7.2 | 0.89% | 1 | 0 | 2026-03-03T19:11:21.227000 | Chamilo is a learning management system. Chamillo is affected by a post-authenti | |
| CVE-2026-24107 | 9.8 | 1.13% | 1 | 0 | 2026-03-03T03:33:44 | An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the | |
| CVE-2026-24101 | 9.8 | 1.13% | 1 | 0 | 2026-03-02T18:31:44 | An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_mul | |
| CVE-2026-27611 | 6.5 | 0.03% | 4 | 0 | 2026-02-27T21:42:55 | ### Summary When users share password-protected files, the recipient can complet | |
| CVE-2026-27739 | 0 | 0.05% | 1 | 1 | 2026-02-27T14:06:59.787000 | The Angular SSR is a server-rise rendering tool for Angular applications. Versio | |
| CVE-2026-20127 | 10.0 | 2.60% | 3 | 5 | 2026-02-25T18:31:45 | A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controlle | |
| CVE-2026-20841 | 7.8 | 0.11% | 1 | 12 | 2026-02-25T14:32:14.467000 | Improper neutralization of special elements used in a command ('command injectio | |
| CVE-2026-2138 | 8.8 | 0.08% | 1 | 0 | 2026-02-10T19:28:57.427000 | A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the | |
| CVE-2026-25253 | 8.8 | 0.05% | 1 | 7 | 2026-02-02T23:41:06 | ## Summary The Control UI trusts `gatewayUrl` from the query string without val | |
| CVE-2025-13154 | 5.5 | 0.03% | 2 | 0 | 2026-01-16T15:55:33.063000 | An improper link following vulnerability was reported in the SmartPerformanceAdd | |
| CVE-2025-66005 | 0 | 0.02% | 1 | 0 | 2026-01-14T16:25:12.057000 | Lack of authorization of the InputManager D-Bus interface in InputPlumber versio | |
| CVE-2025-14338 | None | 0.01% | 1 | 0 | 2026-01-14T12:31:48 | Polkit authentication dis isabled by default and a race condition in the Polkit | |
| CVE-2025-0037 | 6.6 | 0.03% | 1 | 0 | 2025-06-10T00:30:36 | In AMD Versal Adaptive SoC devices, the lack of address validation when executin | |
| CVE-2022-25912 | 8.1 | 43.30% | 1 | 0 | 2025-04-22T21:15:42.690000 | The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RC | |
| CVE-2022-25860 | 9.8 | 41.35% | 1 | 0 | 2025-04-01T23:03:12 | Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code E | |
| CVE-2026-1717 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-1716 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-1715 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-0866 | 0 | 0.00% | 5 | 0 | N/A | ||
| CVE-2026-3805 | 0 | 0.00% | 3 | 0 | N/A | ||
| CVE-2026-3784 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-3783 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-1965 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-28806 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-28514 | 0 | 0.11% | 2 | 0 | N/A | ||
| CVE-2026-30983 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-30979 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-30987 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-31795 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-31792 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-31796 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-30918 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-27603 | 0 | 0.07% | 1 | 0 | N/A | ||
| CVE-2026-27005 | 0 | 0.12% | 1 | 0 | N/A | ||
| CVE-2026-28693 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-28691 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-30862 | 0 | 0.04% | 1 | 1 | N/A | ||
| CVE-2026-28431 | 0 | 0.04% | 1 | 0 | N/A | ||
| CVE-2026-30240 | 0 | 0.03% | 2 | 0 | N/A | ||
| CVE-2026-31816 | 0 | 0.10% | 2 | 0 | N/A | ||
| CVE-2026-25737 | 0 | 0.05% | 1 | 0 | N/A | ||
| CVE-2025-62166 | 0 | 0.08% | 1 | 0 | N/A |
updated 2026-03-11T09:32:00
2 posts
🚨 CVE-2026-3826 (CRITICAL): WellChoose IFTOP PHP LFI lets unauthenticated attackers execute remote code. No patch yet. Isolate affected systems & monitor for LFI attempts. Act now to avoid full compromise! https://radar.offseq.com/threat/cve-2026-3826-cwe-98-improper-control-of-filename--e68c5a28 #OffSeq #Infosec #PHP #Vulnerability
##🚨 CVE-2026-3826 (CRITICAL): WellChoose IFTOP PHP LFI lets unauthenticated attackers execute remote code. No patch yet. Isolate affected systems & monitor for LFI attempts. Act now to avoid full compromise! https://radar.offseq.com/threat/cve-2026-3826-cwe-98-improper-control-of-filename--e68c5a28 #OffSeq #Infosec #PHP #Vulnerability
##updated 2026-03-11T06:31:47
2 posts
🚨 CRITICAL vuln: CVE-2026-29515 in MiCode FileExplorer (all versions). FTP auth bypass via SwiFTP — any credentials grant access to read, write, or delete files. No patch; restrict FTP access ASAP! https://radar.offseq.com/threat/cve-2026-29515-cwe-303-incorrect-implementation-of-ff84fc0e #OffSeq #Vuln #MiCode #CVE202629515
##🚨 CRITICAL vuln: CVE-2026-29515 in MiCode FileExplorer (all versions). FTP auth bypass via SwiFTP — any credentials grant access to read, write, or delete files. No patch; restrict FTP access ASAP! https://radar.offseq.com/threat/cve-2026-29515-cwe-303-incorrect-implementation-of-ff84fc0e #OffSeq #Vuln #MiCode #CVE202629515
##updated 2026-03-11T06:31:41
2 posts
🚩 CVE-2026-27842 (CRITICAL, CVSS 9.8): Auth bypass in Micro Research MR-GM5L-S1 & MR-GM5A-L1 (pre-v2.01.04N1_02). Remote attackers can reconfigure devices. Patch ASAP & segment networks! Details: https://radar.offseq.com/threat/cve-2026-27842-authentication-bypass-using-an-alte-4a1f7ba8 #OffSeq #Vulnerability #IoTSecurity
##🚩 CVE-2026-27842 (CRITICAL, CVSS 9.8): Auth bypass in Micro Research MR-GM5L-S1 & MR-GM5A-L1 (pre-v2.01.04N1_02). Remote attackers can reconfigure devices. Patch ASAP & segment networks! Details: https://radar.offseq.com/threat/cve-2026-27842-authentication-bypass-using-an-alte-4a1f7ba8 #OffSeq #Vulnerability #IoTSecurity
##updated 2026-03-11T06:17:14.467000
2 posts
🛑 CVE-2026-2631 (CRITICAL): Datalogics Ecommerce Delivery WP plugin (<2.6.60) lets unauthenticated attackers gain admin via REST endpoint. Patch or restrict access now! Details: https://radar.offseq.com/threat/cve-2026-2631-cwe-269-improper-privilege-managemen-beccaec0 #OffSeq #WordPress #Vuln #Infosec
##🛑 CVE-2026-2631 (CRITICAL): Datalogics Ecommerce Delivery WP plugin (<2.6.60) lets unauthenticated attackers gain admin via REST endpoint. Patch or restrict access now! Details: https://radar.offseq.com/threat/cve-2026-2631-cwe-269-improper-privilege-managemen-beccaec0 #OffSeq #WordPress #Vuln #Infosec
##updated 2026-03-11T06:17:13.697000
2 posts
🔴 CVE-2026-24448 (CRITICAL, CVSS 9.8): Micro Research MR-GM5L-S1/MR-GM5A-L1 devices contain hard-coded credentials, allowing admin access w/o authentication. Update firmware to v2.01.04N1_02 ASAP! https://radar.offseq.com/threat/cve-2026-24448-use-of-hard-coded-credentials-in-mi-455b658d #OffSeq #CVE #IoTSecurity #Vuln
##🔴 CVE-2026-24448 (CRITICAL, CVSS 9.8): Micro Research MR-GM5L-S1/MR-GM5A-L1 devices contain hard-coded credentials, allowing admin access w/o authentication. Update firmware to v2.01.04N1_02 ASAP! https://radar.offseq.com/threat/cve-2026-24448-use-of-hard-coded-credentials-in-mi-455b658d #OffSeq #CVE #IoTSecurity #Vuln
##updated 2026-03-11T00:31:32
2 posts
⚠️ CVE-2026-0124 (CRITICAL, CVSS 10) hits Google Pixel devices: local out-of-bounds write means privilege escalation — no user interaction needed. Restrict access, monitor now, patch ASAP when available. https://radar.offseq.com/threat/cve-2026-0124-elevation-of-privilege-in-google-and-bf0f89c1 #OffSeq #Android #Vuln #MobileSecurity
##⚠️ CVE-2026-0124 (CRITICAL, CVSS 10) hits Google Pixel devices: local out-of-bounds write means privilege escalation — no user interaction needed. Restrict access, monitor now, patch ASAP when available. https://radar.offseq.com/threat/cve-2026-0124-elevation-of-privilege-in-google-and-bf0f89c1 #OffSeq #Android #Vuln #MobileSecurity
##updated 2026-03-11T00:21:09
2 posts
🚨 CRITICAL: CVE-2026-30966 in parse-server (<9.5.2-alpha.7, <8.6.20) lets attackers gain any role via REST/GraphQL with just the app key. Upgrade now and restrict API access! Full details: https://radar.offseq.com/threat/cve-2026-30966-cwe-284-improper-access-control-in--321de92a #OffSeq #parseServer #CVE202630966 #infosec
##🚨 CRITICAL: CVE-2026-30966 in parse-server (<9.5.2-alpha.7, <8.6.20) lets attackers gain any role via REST/GraphQL with just the app key. Upgrade now and restrict API access! Full details: https://radar.offseq.com/threat/cve-2026-30966-cwe-284-improper-access-control-in--321de92a #OffSeq #parseServer #CVE202630966 #infosec
##updated 2026-03-10T21:33:20
1 posts
🟠 CVE-2026-26738 - High (7.8)
Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26738/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:24
1 posts
🟠 CVE-2026-26801 - High (7.5)
Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26801/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:24
1 posts
🟠 CVE-2026-27276 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27276/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:24
2 posts
🟠 CVE-2026-27273 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27273/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27273 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27273/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:24
1 posts
🟠 CVE-2026-27274 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27274/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:24
1 posts
🟠 CVE-2026-27280 - High (7.8)
DNG SDK versions 1.7.1 2471 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim mu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27280/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:17
1 posts
🟠 CVE-2026-27277 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27277/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:17
2 posts
🟠 CVE-2026-27279 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27279/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27279 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27279/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T21:32:14
1 posts
🔴 CVE-2025-11158 - Critical (9.1)
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-11158/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T19:52:11.887000
1 posts
🔴 CVE-2026-24457 - Critical (9.1)
An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24457/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T19:49:55.930000
1 posts
🔴 CVE-2025-13476 - Critical (9.8)
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13476/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T19:34:20
1 posts
📈 CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-10T19:17:20.670000
2 posts
1 repos
🟠 CVE-2026-27826 - High (8.2)
MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound H...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27826/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27826 - High (8.2)
MCP Atlassian is a Model Context Protocol (MCP) server for Atlassian products (Confluence and Jira). Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound H...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27826/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T19:17:19.560000
1 posts
🟠 CVE-2026-27275 - High (7.8)
Substance3D - Stager versions 3.1.7 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a v...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27275/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T19:17:18.980000
1 posts
🟠 CVE-2026-27269 - High (7.8)
Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27269/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:58:35.607000
1 posts
2 repos
🟠 CVE-2025-69219 - High (8.8)
A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airfl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69219/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:48:52.193000
3 posts
🔔 CVE-2026-3630: CRITICAL stack-based buffer overflow in DeltaWW COMMGR2 (CVSS 9.8). Remote, unauthenticated RCE risk — no patch yet. Segment & restrict network access, monitor for exploits. More: https://radar.offseq.com/threat/cve-2026-3630-cwe-121-stack-based-buffer-overflow--c00e7f15 #OffSeq #ICS #Vulnerability #OTsecurity
##🔴 CVE-2026-3630: CRITICAL stack-based buffer overflow in DeltaWW COMMGR2 (ver 0) enables unauthenticated RCE. No patch available. Segment networks, enable IDS/IPS, & monitor for exploitation. Details: https://radar.offseq.com/threat/cve-2026-3630-cwe-121-stack-based-buffer-overflow--c00e7f15 #OffSeq #ICS #Vuln #CyberSecurity
##🔴 CVE-2026-3630 - Critical (9.8)
Delta Electronics COMMGR2 has
Stack-based Buffer Overflow vulnerability.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3630/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:48:42.673000
1 posts
🟠 CVE-2026-3631 - High (7.5)
Delta Electronics COMMGR2 has
Buffer Over-read DoS vulnerability.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3631/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:46:53.270000
3 posts
🚨 CRITICAL: CVE-2026-3823 exposes Atop EHG2408 switches to unauthenticated RCE via stack-based buffer overflow. No patch yet — segment, restrict access, and monitor traffic. Full device compromise risk. https://radar.offseq.com/threat/cve-2026-3823-cwe-121-stack-based-buffer-overflow--68d582bc #OffSeq #ICS #Vuln #OTSecurity
##🟠 CVE-2026-3823 - High (8.8)
EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3823/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CRITICAL: CVE-2026-3823 in Atop EHG2408 switches — stack-based buffer overflow allows unauth'd remote code exec. No patch yet. Segment, monitor & restrict access ASAP! 🛡️ https://radar.offseq.com/threat/cve-2026-3823-cwe-121-stack-based-buffer-overflow--68d582bc #OffSeq #CVE20263823 #ICS #Vulnerability
##updated 2026-03-10T18:45:50
2 posts
1 repos
🟠 CVE-2026-30944 - High (8.8)
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user (at least Editor) to generate API tokens for any other user, incl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30944 - High (8.8)
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user (at least Editor) to generate API tokens for any other user, incl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30944/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:45:14
3 posts
🔴 CVE-2026-30957 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30957 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30957 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root c...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:45:04
1 posts
🔴 CVE-2026-30956 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by sending a forged is-multi-tenant-query header togethe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:44:25
2 posts
🔴 CVE-2026-30921 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30921/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30921 - Critical (9.9)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30921/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:43:20
1 posts
🚨 CRITICAL: CVE-2026-30869 affects SiYuan (< 3.5.10) — path traversal via /export lets attackers read sensitive files (API tokens, keys). Patch to 3.5.10+ now! No auth needed. All admins review configs. https://radar.offseq.com/threat/cve-2026-30869-cwe-22-improper-limitation-of-a-pat-98459c9d #OffSeq #CVE202630869 #infosec
##updated 2026-03-10T18:38:58
3 posts
CVE-2026-28292: RCE in simple-git via case-sensitivity bypass (CVSS 9.8) https://www.codeant.ai/security-research/security-research-simple-git-remote-code-execution-cve-2026-28292
##CVE-2026-28292: RCE in simple-git via case-sensitivity bypass (CVSS 9.8) https://www.codeant.ai/security-research/security-research-simple-git-remote-code-execution-cve-2026-28292
##🔴 CVE-2026-28292 - Critical (9.8)
`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:31
1 posts
🟠 CVE-2026-26128 - High (7.8)
Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26128/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:31
3 posts
🟠 CVE-2026-26130 - High (7.5)
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26130/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-26130 - High (7.5)
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26130/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-26130 - A denial of service attack against SignalR. Update your runtime, restart your SignalR apps.
github.com/dotnet/annou...
(2/5)
Microsoft Security Advisory CV...
updated 2026-03-10T18:31:30
5 posts
CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover https://cymulate.com/blog/cve-2026-26117-azure-arc-windows-lpe-cloud-identity-takeover/
##CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover https://cymulate.com/blog/cve-2026-26117-azure-arc-windows-lpe-cloud-identity-takeover/
##CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover https://cymulate.com/blog/cve-2026-26117-azure-arc-windows-lpe-cloud-identity-takeover/
##CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover https://cymulate.com/blog/cve-2026-26117-azure-arc-windows-lpe-cloud-identity-takeover/
##🟠 CVE-2026-26117 - High (7.8)
Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26117/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:30
1 posts
🟠 CVE-2026-26113 - High (8.4)
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26113/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:30
1 posts
🟠 CVE-2026-26127 - High (7.5)
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26127/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:30
1 posts
🟠 CVE-2026-26132 - High (7.8)
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26132/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:30
1 posts
🟠 CVE-2026-26131 - High (7.8)
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26131/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:30
1 posts
🟠 CVE-2026-2339 - High (7.5)
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This issue affects Liderahenk: before v3.4.0.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2339/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:30
2 posts
🔴 CVE-2026-3843 - Critical (9.8)
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3843/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3843 - Critical (9.8)
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability (CWE-89) in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3843/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:31:26
1 posts
updated 2026-03-10T18:31:26
1 posts
🚨 CVE-2026-1261: HIGH-severity stored XSS in all Wpmet MetForm Pro versions (Quiz feature). Unauthenticated attackers can inject persistent scripts, risking user data and site integrity. Disable Quiz & monitor for patches. https://radar.offseq.com/threat/cve-2026-1261-cwe-79-improper-neutralization-of-in-3b7ad624 #OffSeq #WordPress #XSS
##updated 2026-03-10T18:31:25
1 posts
updated 2026-03-10T18:31:25
1 posts
updated 2026-03-10T18:31:24
2 posts
🟠 CVE-2026-3585 - High (7.5)
The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajax_create_import' function. This makes it possible for authenticated attackers, with Author-level access and abov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3585/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-3585 (HIGH): Path traversal in stellarwp The Events Calendar plugin lets Author+ users read any files on WordPress servers up to v6.15.17. Restrict access, monitor logs, and patch ASAP. Details: https://radar.offseq.com/threat/cve-2026-3585-cwe-22-improper-limitation-of-a-path-57fec669 #OffSeq #WordPress #Vuln #Cybersecurity
##updated 2026-03-10T18:31:24
2 posts
🚩 CVE-2026-2364: HIGH severity TOCTOU flaw in CODESYS Installer (all versions) lets local attackers escalate privileges via user-initiated updates. Restrict access & monitor until patch. No active exploits yet. https://radar.offseq.com/threat/cve-2026-2364-cwe-367-time-of-check-time-of-use-to-5eb858d5 #OffSeq #CODESYS #ICS #Vuln
###OT #Advisory VDE-2026-012
CODESYS Installer - Possible Privilege Escalation
Exploitation of this vulnerability can lead to a privilege escalation on the host system.
#CVE CVE-2026-2364
https://certvde.com/en/advisories/vde-2026-012/
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-01_vde-2026-012.json
##updated 2026-03-10T18:31:24
1 posts
🔒 CVE-2026-1508 (HIGH): Court Reservation WordPress plugin <1.10.9 has a CSRF flaw — admins can be tricked into deleting events via crafted requests. No live exploits yet. Update ASAP or add nonce checks! https://radar.offseq.com/threat/cve-2026-1508-cwe-352-cross-site-request-forgery-c-cd03c8c6 #OffSeq #WordPress #CSRF #Infosec
##updated 2026-03-10T18:31:24
2 posts
#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230
An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/
#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json
###OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E
An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json
updated 2026-03-10T18:31:24
2 posts
#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230
An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/
#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json
###OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E
An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json
updated 2026-03-10T18:31:24
1 posts
🚨 CRITICAL: CVE-2026-0953 impacts all versions of themeum Tutor LMS Pro for WordPress. Flawed Social Login lets attackers bypass authentication using valid OAuth tokens + victim’s email. Admin accounts at risk. Patch or restrict access! https://radar.offseq.com/threat/cve-2026-0953-cwe-287-improper-authentication-in-t-965fa126 #OffSeq #WordPress #Infosec
##updated 2026-03-10T18:19:05.837000
2 posts
🟠 CVE-2026-3847 - High (8.8)
Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 14...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3847/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3847 - High (8.8)
Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 14...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3847/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:19:05.507000
2 posts
🟠 CVE-2026-3845 - High (8.8)
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3845/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3845 - High (8.8)
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3845/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:19:01.720000
1 posts
🟠 CVE-2026-3483 - High (7.8)
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3483/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:57.663000
1 posts
🟠 CVE-2026-30985 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash. This vulnerability is fixe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30985/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:56.537000
1 posts
🟠 CVE-2026-30978 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-use-after-free in CIccCmm::AddXform() causing invalid vptr dereference and crash. This vulnerability is fixed in 2.3.1.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30978/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:53.257000
1 posts
🟠 CVE-2026-30934 - High (8.9)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields (e.g., title, description) that are rendered into HTML for /public/share/ without context-aw...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30934/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:51.633000
1 posts
🟠 CVE-2026-30910 - High (7.5)
Crypt::Sodium::XS versions through 0.001000 for Perl has potential integer overflows.
Combined aead encryption, combined signature creation, and bin2hex functions do not check that output size will be less than SIZE_MAX, which could lead to integ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30910/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:43.270000
1 posts
🟠 CVE-2026-26148 - High (8.1)
External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26148/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:43.110000
4 posts
Microsoft Flickentag 2026-03
Nach dem fetten Flickentag im Februar ist der für März wieder auf "normales" Maß geschrumpft. Mit den aktuellen Updates adressiert Microsoft (MS) 83 Sicherheitslücken. Von denen sind 8 als kritisch eingestuft. Von denen wiederum sticht eine (CVE-2026-26144) heraus. Ein führender Sicherheitsfachmann findet sie faszinierend. Es handelt sich um einen Fehler in Excel, nämlich "unzureichende Bereinigung von Eingaben". Der Leckerbissen besteht darin, dass ein Angreifer den Fehler nutzen kann, um mit Hilfe der KI Copilot von Ferne Informationen abzusaugen. Dafür sind keine Anmeldung oder Benutzerrechte
https://www.pc-fluesterer.info/wordpress/2026/03/11/microsoft-flickentag-2026-03/
#Empfehlung #Hintergrund #Warnung #0day #datenschutz #Microsoft #office #privacy #sicherheit #UnplugTrump #vorbeugen #unplugmicrosoft
##Microsoft Flickentag 2026-03
Nach dem fetten Flickentag im Februar ist der für März wieder auf "normales" Maß geschrumpft. Mit den aktuellen Updates adressiert Microsoft (MS) 83 Sicherheitslücken. Von denen sind 8 als kritisch eingestuft. Von denen wiederum sticht eine (CVE-2026-26144) heraus. Ein führender Sicherheitsfachmann findet sie faszinierend. Es handelt sich um einen Fehler in Excel, nämlich "unzureichende Bereinigung von Eingaben". Der Leckerbissen besteht darin, dass ein Angreifer den Fehler nutzen kann, um mit Hilfe der KI Copilot von Ferne Informationen abzusaugen. Dafür sind keine Anmeldung oder Benutzerrechte
https://www.pc-fluesterer.info/wordpress/2026/03/11/microsoft-flickentag-2026-03/
#Empfehlung #Hintergrund #Warnung #0day #datenschutz #Microsoft #office #privacy #sicherheit #UnplugTrump #vorbeugen #unplugmicrosoft
##And don't miss our bug of the month! Each patch Tuesday we'll be selecting our very favorite patch to highlight. This month, it CVE-2026-26144 - a Critical-rated info disclosure in Excel that uses the Copilot Agent to exfiltrate data. Neat! https://youtube.com/shorts/r4EjP3JxYRk?feature=share
##🟠 CVE-2026-26144 - High (7.5)
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26144/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:42.957000
1 posts
🟠 CVE-2026-26141 - High (7.8)
Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26141/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:42.803000
1 posts
🟠 CVE-2026-26134 - High (7.8)
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26134/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:41.347000
1 posts
🟠 CVE-2026-26121 - High (7.5)
Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26121/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:18:41.180000
1 posts
🟠 CVE-2026-26118 - High (8.8)
Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26118/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T18:17:56.543000
2 posts
#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230
An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/
#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json
###OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E
An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json
updated 2026-03-10T18:17:55.980000
2 posts
#OT #Advisory VDE-2025-096
Weidmueller: Multiple vulnerabilities in Energy Meter 750-24 and Energy Meter 750-230
An unauthenticated remote attacker can exploit several vulnerabilities in Weidmueller devices Energy Meter 750-24 and Energy Meter 750-230 to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
#oCSAF
https://certvde.com/en/advisories/vde-2025-096/
#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-096.json
###OT #Advisory VDE-2025-079
Janitza: Multiple vulnerabilities in UMG 96RM-E
An unauthenticated remote attacker can exploit several vulnerabilities in Janitza UMG 96RM-E devices to ultimately gain full system access and remote code execution.
#CVE CVE-2025-41709, CVE-2025-41712, CVE-2025-41710, CVE-2025-41711
https://certvde.com/en/advisories/vde-2025-079/
#oCSAF
#CSAF https://janitza.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-079.json
updated 2026-03-10T18:11:27.450000
4 posts
3 repos
https://github.com/NULL200OK/-nginxui_discover
Critical Nginx UI flaw CVE-2026-27944 exposes server backups https://securityaffairs.com/189123/security/critical-nginx-ui-flaw-cve-2026-27944-exposes-server-backups.html
##Critical Nginx UI Vulnerability Exposes Server Backups and Sensitive Data
https://thecyberexpress.com/cve-2026-27944-nginx-ui-backup-vulnerability/?utm_source=flipboard&utm_medium=activitypub
Posted into Cybersecurity Today @cybersecurity-today-rhudaur
##Critical Nginx UI Vulnerability Exposes Server Backups and Sensitive Data
A newly disclosed vulnerability in Nginx UI, tracked as CVE-2026-27944, has raised major security concerns after researchers confirmed that...
🔗️ [Thecyberexpress] https://link.is.it/HfceZC
##Critical Nginx UI Flaw Allows Unauthenticated Backup Theft and Decryption
Nginx UI version 2.3.3 patches a critical vulnerability (CVE-2026-27944) that allows unauthenticated attackers to download and decrypt full server backups. The flaw exposes sensitive data including SSL private keys, admin credentials, and server configurations via an unprotected API endpoint.
**If you are using Nginx UI, first make sure they are isolated from the internet. Then patch to version 2.3.3 immediately because the exploit is trivial - especially if your Nginix UI is exposed to the internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-nginx-ui-flaw-allows-unauthenticated-backup-theft-and-decryption-l-t-k-6-p/gD2P6Ple2L
updated 2026-03-10T17:40:16
2 posts
🟠 CVE-2026-30920 - High (8.6)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installation_id values and updates Project.gitHubAppInstallationId with isRoot: true withou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30920/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30920 - High (8.6)
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installation_id values and updates Project.gitHubAppInstallationId with isRoot: true withou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30920/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T17:38:10.980000
1 posts
🚨 CRITICAL: CVE-2026-27685 in SAP NetWeaver EP-RUNTIME 7.50 (Admin) enables privileged users to upload malicious serialized data — risking full system compromise. Restrict uploads, monitor privileged actions, patch ASAP! https://radar.offseq.com/threat/cve-2026-27685-cwe-502-deserialization-of-untruste-36704129 #OffSeq #SAP #CVE #InfoSec
##updated 2026-03-10T16:50:58.427000
1 posts
1 repos
🔴 CVE-2026-30863 - Critical (9.8)
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.10 and 9.5.0-alpha.11, the Google, Apple, and Facebook authentication adapters use JWT verification to validate identity ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30863/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T14:28:37.057000
2 posts
🟠 CVE-2026-3814 - High (8.8)
A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3814/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 HIGH severity (CVSS 8.7) buffer overflow in UTT HiPER 810G (≤1.7.7-1711), via strcpy in /goform/getOneApConfTempEntry. Public exploit released — urgent monitoring advised. CVE-2026-3814 https://radar.offseq.com/threat/cve-2026-3814-buffer-overflow-in-utt-hiper-810g-7866271a #OffSeq #Vulnerability #UTT #InfoSec
##updated 2026-03-10T13:11:30.467000
5 posts
CISA Warns of Active Exploitation in Ivanti Endpoint Manager Authentication Bypass
CISA added an Ivanti Endpoint Manager authentication bypass vulnerability (CVE-2026-1603) to its catalog of known exploited flaws after reports of active use by threat actors.
**If you use Ivanti Endpoint Manager, now patching is urgent. Update to 2024 SU5 immediately because attackers are already using this flaw to take over management servers.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-warns-of-active-exploitation-in-ivanti-endpoint-manager-authentication-bypass-u-5-u-l-k/gD2P6Ple2L
CISA Warns of Active Exploitation in Ivanti Endpoint Manager Authentication Bypass
CISA added an Ivanti Endpoint Manager authentication bypass vulnerability (CVE-2026-1603) to its catalog of known exploited flaws after reports of active use by threat actors.
**If you use Ivanti Endpoint Manager, now patching is urgent. Update to 2024 SU5 immediately because attackers are already using this flaw to take over management servers.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-warns-of-active-exploitation-in-ivanti-endpoint-manager-authentication-bypass-u-5-u-l-k/gD2P6Ple2L
🚨 [CISA-2026:0309] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0309)
CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-22054 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22054)
- Name: Omnissa Workspace ONE Server-Side Request Forgery
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Omnissa
- Product: Workspace One UEM
- Notes: https://web.archive.org/web/20211222154335/https://www.vmware.com/security/advisories/VMSA-2021-0029.html ; https://nvd.nist.gov/vuln/detail/CVE-2021-22054
⚠️ CVE-2025-26399 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-26399)
- Name: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 ; https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-26399
⚠️ CVE-2026-1603 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- Name: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ivanti
- Product: Endpoint Manager (EPM)
- Notes: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260309 #cisa20260309 #cve_2021_22054 #cve_2025_26399 #cve_2026_1603 #cve202122054 #cve202526399 #cve20261603
##CVE ID: CVE-2026-1603
Vendor: Ivanti
Product: Endpoint Manager (EPM)
Date Added: 2026-03-09
Notes: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-1603
CISA has updated the KEV catalogue https://www.cisa.gov/news-events/alerts/2026/03/09/cisa-adds-three-known-exploited-vulnerabilities-catalog
- CVE-2021-22054: Omnissa Workspace ONE Server-Side Request Forgery
- CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- CVE-2026-1603 Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability #CISA #infosec #vulnerability
##updated 2026-03-10T13:11:15.553000
6 posts
1 repos
CISA Mandates Emergency Patching for SolarWinds Web Help Desk Vulnerabilities
CISA has shortened the patch deadline for an actively exploited critical SolarWinds Web Help Desk vulnerabilities, including CVE-2025-26399.
**When a federal agency shortens a patch deadline to just a few days, it means the product is actively and successfuly hacked. Treat your SolarWinds as an immediate priority, patch and ideally if possible isolate your help desk software from the public internet.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-mandates-emergency-patching-for-solarwinds-web-help-desk-vulnerabilities-q-x-y-6-r/gD2P6Ple2L
CISA Mandates Emergency Patching for SolarWinds Web Help Desk Vulnerabilities
CISA has shortened the patch deadline for an actively exploited critical SolarWinds Web Help Desk vulnerabilities, including CVE-2025-26399.
**When a federal agency shortens a patch deadline to just a few days, it means the product is actively and successfuly hacked. Treat your SolarWinds as an immediate priority, patch and ideally if possible isolate your help desk software from the public internet.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-mandates-emergency-patching-for-solarwinds-web-help-desk-vulnerabilities-q-x-y-6-r/gD2P6Ple2L
CISA shortens patch deadline for critical Ivanti, SolarWinds bugs
The Cybersecurity and Infrastructure Security Agency (CISA) gave all federal civilian agencies until Thursday to patch CVE-2025-26399 — a critical...
🔗️ [Therecord] https://link.is.it/pp8jNp
##🚨 [CISA-2026:0309] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0309)
CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-22054 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22054)
- Name: Omnissa Workspace ONE Server-Side Request Forgery
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Omnissa
- Product: Workspace One UEM
- Notes: https://web.archive.org/web/20211222154335/https://www.vmware.com/security/advisories/VMSA-2021-0029.html ; https://nvd.nist.gov/vuln/detail/CVE-2021-22054
⚠️ CVE-2025-26399 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-26399)
- Name: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 ; https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-26399
⚠️ CVE-2026-1603 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- Name: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ivanti
- Product: Endpoint Manager (EPM)
- Notes: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260309 #cisa20260309 #cve_2021_22054 #cve_2025_26399 #cve_2026_1603 #cve202122054 #cve202526399 #cve20261603
##CVE ID: CVE-2025-26399
Vendor: SolarWinds
Product: Web Help Desk
Date Added: 2026-03-09
Notes: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 ; https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-26399
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-26399
CISA has updated the KEV catalogue https://www.cisa.gov/news-events/alerts/2026/03/09/cisa-adds-three-known-exploited-vulnerabilities-catalog
- CVE-2021-22054: Omnissa Workspace ONE Server-Side Request Forgery
- CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- CVE-2026-1603 Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability #CISA #infosec #vulnerability
##updated 2026-03-10T09:32:52
2 posts
1 repos
[Security Advisory] CVE-2026-3288: ingress-nginx rewrite-target nginx configuration injection #devopsish https://groups.google.com/a/kubernetes.io/g/dev/c/NoW4Ollgoxc/m/m1to2nAqAAAJ?utm_medium=email&utm_source=footer
##🟠 CVE-2026-3288 - High (8.8)
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/rewrite-target` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-ngin...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3288/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-10T07:44:57.127000
1 posts
🟠 CVE-2026-30929 - High (7.7)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30929/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:32:45
1 posts
🟠 CVE-2025-70238 - High (7.5)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70238/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:32:40
1 posts
🟠 CVE-2025-70363 - High (7.5)
Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70363/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:31:49
1 posts
CVE-2026-3638 (HIGH): Devolutions Server ≤ 2025.3.11.0 has missing authorization in restore APIs — low-priv users can reinstate deleted accounts, risking privilege escalation. Restrict API access & monitor logs! https://radar.offseq.com/threat/cve-2026-3638-cwe-862-missing-authorization-in-dev-87162fbb #OffSeq #Devolutions #AppSec
##updated 2026-03-09T21:31:37
1 posts
🟠 CVE-2025-61612 - High (7.5)
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61612/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:31:37
1 posts
🟠 CVE-2025-61611 - High (7.5)
In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed..
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61611/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:31:37
1 posts
🟠 CVE-2025-69279 - High (7.5)
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69279/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:31:37
1 posts
🟠 CVE-2025-61616 - High (7.5)
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61616/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:31:37
1 posts
🟠 CVE-2025-61615 - High (7.5)
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61615/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:31:37
1 posts
🟠 CVE-2025-61613 - High (7.5)
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61613/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:31:33
3 posts
1 repos
🚨 [CISA-2026:0309] CISA Adds 3 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0309)
CISA has added 3 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2021-22054 (https://secdb.nttzen.cloud/cve/detail/CVE-2021-22054)
- Name: Omnissa Workspace ONE Server-Side Request Forgery
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Omnissa
- Product: Workspace One UEM
- Notes: https://web.archive.org/web/20211222154335/https://www.vmware.com/security/advisories/VMSA-2021-0029.html ; https://nvd.nist.gov/vuln/detail/CVE-2021-22054
⚠️ CVE-2025-26399 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-26399)
- Name: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SolarWinds
- Product: Web Help Desk
- Notes: https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 ; https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-26399
⚠️ CVE-2026-1603 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1603)
- Name: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Ivanti
- Product: Endpoint Manager (EPM)
- Notes: https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260309 #cisa20260309 #cve_2021_22054 #cve_2025_26399 #cve_2026_1603 #cve202122054 #cve202526399 #cve20261603
##CVE ID: CVE-2021-22054
Vendor: Omnissa
Product: Workspace One UEM
Date Added: 2026-03-09
Notes: https://web.archive.org/web/20211222154335/https://www.vmware.com/security/advisories/VMSA-2021-0029.html ; https://nvd.nist.gov/vuln/detail/CVE-2021-22054
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2021-22054
CISA has updated the KEV catalogue https://www.cisa.gov/news-events/alerts/2026/03/09/cisa-adds-three-known-exploited-vulnerabilities-catalog
- CVE-2021-22054: Omnissa Workspace ONE Server-Side Request Forgery
- CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
- CVE-2026-1603 Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability #CISA #infosec #vulnerability
##updated 2026-03-09T21:20:56.980000
1 posts
🔴 CVE-2026-28802 - Critical (9.8)
Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verificat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28802/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T21:16:12.060000
1 posts
🟠 CVE-2025-61614 - High (7.5)
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-61614/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T20:16:05.703000
2 posts
🚨 CVE-2026-0846: HIGH severity absolute path traversal in nltk v3.9.2 (filestring()). Remote attackers can read files if user input isn’t sanitized. Patch when available & validate inputs! https://radar.offseq.com/threat/cve-2026-0846-cwe-36-absolute-path-traversal-in-nl-799595df #OffSeq #nltk #vuln #infosec
##🟠 CVE-2026-0846 - High (8.6)
A vulnerability in the `filestring()` function of the `nltk.util` module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, en...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0846/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T20:16:02.127000
1 posts
🟠 CVE-2025-69278 - High (7.5)
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69278/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T19:48:12
4 posts
🟠 CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T18:32:49
1 posts
🟠 CVE-2026-3038 - High (7.5)
The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length field had already been val...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3038/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T18:31:50
1 posts
🟠 CVE-2026-3588 - High (7.5)
A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3588/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T18:31:49
1 posts
🟠 CVE-2025-70047 - High (7.5)
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70047/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T18:31:49
1 posts
🟠 CVE-2026-25866 - High (7.8)
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25866/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T15:48:28
1 posts
Critical 1-Click Account Takeover Vulnerability Patched in ZITADEL IAM Platform
ZITADEL patched a critical XSS vulnerability (CVE-2026-29191) that allows unauthenticated attackers to take over user accounts via a single-click malicious link. The flaw can lead to unauthorized password resets.
**If you are using ZITADEL, this is important. Plan a very quick update to version 4.12.0 because your users will be hacked, the full exploit instruction is already public. If you cannot patch today, block the /saml-post endpoint at your firewall and ensure MFA is active for all users.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-1-click-account-takeover-vulnerability-patched-in-zitadel-iam-platform-1-1-6-i-0/gD2P6Ple2L
updated 2026-03-09T15:30:48
1 posts
Mozilla Firefox Focus for iOS.. interesting version jump from 143.0 to 148.2 today
current release fixes CVE-2026-2919
Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability affects Focus for iOS < 148.2.
https://www.mozilla.org/en-US/security/advisories/mfsa2026-18/
https://hecate.pw/vulnerability/CVE-2026-2919
updated 2026-03-09T15:30:47
1 posts
🟠 CVE-2025-14769 - High (7.5)
In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference.
...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14769/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T15:30:43
1 posts
🟠 CVE-2026-2219 - High (7.5)
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite lo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2219/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T15:30:24.130000
1 posts
🟠 CVE-2026-3809 - High (8.8)
A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack m...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3809/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T15:17:08.960000
2 posts
🚩 CVE-2026-3768 (HIGH, CVSS 8.7): Stack buffer overflow in Tenda F453 v1.0.0.3 — remote, unauthenticated exploit possible. Public exploit code released. Patch ASAP or restrict remote access! https://radar.offseq.com/threat/cve-2026-3768-stack-based-buffer-overflow-in-tenda-9b634f69 #OffSeq #CVE20263768 #RouterSecurity #Infosec
##🟠 CVE-2026-3768 - High (8.8)
A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO leads to stack-based buffer overflow. Remote expl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3768/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T15:09:33.580000
1 posts
🟠 CVE-2026-3803 - High (8.8)
A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3803/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T13:35:07.393000
2 posts
🟠 CVE-2025-41761 - High (7.8)
A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41761/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-41761 - High (7.8)
A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and i...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41761/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T13:35:07.393000
1 posts
🟠 CVE-2025-41756 - High (8.1)
A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41756/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T12:31:49
2 posts
🟠 CVE-2026-3815 - High (8.8)
A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3815/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3815 - High (8.8)
A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3815/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:37
1 posts
🟠 CVE-2025-41758 - High (8.8)
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41758/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:37
2 posts
🔴 CVE-2025-41764 - Critical (9.1)
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41764/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-41764 - Critical (9.1)
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41764/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:37
1 posts
🔴 CVE-2025-41765 - Critical (9.1)
Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41765/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:37
1 posts
🟠 CVE-2025-41772 - High (7.5)
An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41772/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:37
1 posts
🟠 CVE-2025-41766 - High (8.8)
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41766/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:37
2 posts
🟠 CVE-2026-3811 - High (8.8)
A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remote...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3811/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH severity: Tenda FH1202 (1.2.0.14) vulnerable to stack-based buffer overflow (CVE-2026-3811). Remote exploit is public. No fix yet — monitor, isolate, and watch for updates. https://radar.offseq.com/threat/cve-2026-3811-stack-based-buffer-overflow-in-tenda-076e8a7e #OffSeq #Vulnerability #IoTSecurity #CVE20263811
##updated 2026-03-09T09:30:36
1 posts
🟠 CVE-2025-41757 - High (8.8)
A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create or overwrite arbitrary files anywhere on the sy...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41757/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:36
1 posts
🟠 CVE-2026-3810 - High (8.8)
A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3810/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:30
1 posts
🟠 CVE-2026-3808 - High (8.8)
A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3808/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T09:30:30
1 posts
🟠 CVE-2026-3807 - High (8.8)
A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3807/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T06:31:20
1 posts
🟠 CVE-2026-3802 - High (8.8)
A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can lead to stack-based buffer overflow. The attack m...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3802/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T06:31:19
1 posts
🟠 CVE-2026-30896 - High (7.8)
The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30896/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T06:31:19
2 posts
🟠 CVE-2026-3804 - High (8.8)
A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3804/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH severity: CVE-2026-3804 in Tenda i3 v1.0.0.6(2204) enables remote stack-based buffer overflow via /goform/WifiMacFilterSet. Exploit is public — prioritize mitigation or isolation. https://radar.offseq.com/threat/cve-2026-3804-stack-based-buffer-overflow-in-tenda-c824133f #OffSeq #Vulnerability #Tenda #InfoSec
##updated 2026-03-09T06:31:19
1 posts
🟠 CVE-2026-3799 - High (8.8)
A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the function formSetCfm of the file /goform/setcfm. This manipulation of the argument funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The ex...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3799/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T06:31:19
1 posts
🟠 CVE-2026-3801 - High (8.8)
A vulnerability was found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formSetAutoPing of the file /goform/setAutoPing. Performing a manipulation of the argument ping1/ping2 results in stack-based buffer overflow. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3801/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-09T00:30:19
1 posts
UltraVNC 1.6.4.0 on Windows hit by HIGH-severity vuln (CVE-2026-3787): uncontrolled DLL search path in cryptbase.dll. Local attackers could escalate privileges. No patch yet — restrict access & monitor for DLL hijacking. https://radar.offseq.com/threat/cve-2026-3787-uncontrolled-search-path-in-ultravnc-8f16fda8 #OffSeq #Vuln #UltraVNC
##updated 2026-03-08T21:30:22
2 posts
🚩 CVE-2026-3769: HIGH severity vuln in Tenda F453 (v1.0.0.3) — stack-based buffer overflow in /goform/WrlclientSet. Public exploit released! Limit remote access, monitor traffic, apply mitigations. Details: https://radar.offseq.com/threat/cve-2026-3769-stack-based-buffer-overflow-in-tenda-7dc11ff5 #OffSeq #NetworkSecurity #Vuln
##🟠 CVE-2026-3769 - High (8.8)
A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function WrlclientSet of the file /goform/WrlclientSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack can be executed remote...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3769/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-08T12:30:35
1 posts
🛑 CVE-2026-3732: HIGH severity stack buffer overflow in Tenda F453 (v1.0.0.3). Remote, unauthenticated code execution risk — no patch yet. Block remote mgmt & monitor endpoints. Details: https://radar.offseq.com/threat/cve-2026-3732-stack-based-buffer-overflow-in-tenda-41443da2 #OffSeq #Vuln #RouterSecurity #CVE20263732
##updated 2026-03-08T12:30:34
1 posts
🟠 CVE-2026-3729 - High (8.8)
A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow. The attack can be execute...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3729/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-07T03:30:29
1 posts
📈 CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-06T22:52:51
1 posts
📈 CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-06T22:23:33
1 posts
🟠 CVE-2025-45691 - High (7.5)
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter wh...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-45691/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-06T21:56:51
1 posts
Critical Zero-Click Command Injection in AVideo Platform Allows Stream Hijacking
AVideo version 6.0 contains a critical zero-click command injection vulnerability (CVE-2026-29058) that allows unauthenticated attackers to execute arbitrary OS commands and hijack video streams.
**If you are using AVideo platform this is urgent and important. Patch ASAP to version 7.0, because your server will be attacked. Until you update today, use a web application firewall or reverse proxy to block access to the getImage.php component.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-zero-click-command-injection-in-avideo-platform-allows-stream-hijacking-w-3-3-3-s/gD2P6Ple2L
updated 2026-03-06T21:05:36.243000
1 posts
📈 CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-06T17:38:28.367000
1 posts
🔴 CVE-2025-70229 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70229/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-06T15:31:36
1 posts
📈 CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-06T14:02:02.117000
1 posts
Critical Gogs Vulnerability Enables Silent Supply-Chain Attacks via LFS Overwrites
Gogs patched a critical vulnerability (CVE-2026-25921) that allows unauthenticated attackers to overwrite Git Large File Storage (LFS) objects across repositories, enabling silent supply-chain attacks.
**If you are using Gogs, this is important, and if you have public access or registration to Gogs, it's urgent. Attackers can exploit this flaw to inject their malicious versions of binaries. You should not only update to version 0.14.2 ASAP and verify the integrity of your existing large files to ensure they haven't been replaced with malicious versions.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-gogs-vulnerability-enables-silent-supply-chain-attacks-via-lfs-overwrites-g-z-x-s-r/gD2P6Ple2L
updated 2026-03-06T12:31:36
1 posts
🔴 CVE-2025-70231 - Critical (9.8)
D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70231/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-06T12:31:36
1 posts
🔴 CVE-2025-70230 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70230/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-06T12:31:36
1 posts
🟠 CVE-2025-70616 - High (7.8)
A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options paramet...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70616/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-06T12:30:31
1 posts
🔴 CVE-2025-70233 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70233/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-06T12:30:31
1 posts
🔴 CVE-2025-70232 - Critical (9.8)
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-70232/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-04T18:32:01
1 posts
📈 CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-03T21:52:29.877000
1 posts
1 repos
📈 CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-03T21:31:13
3 posts
1 repos
https://github.com/automate-it0/qualcomm-vulnerability-scanner
🖲️ #Noticia de #CiberSeguridad #CiberGuerra #CiberAtaque #CiberNoticia
⚫ Zero-Day de Qualcomm explotado en ataques dirigidos contra Android
🔗 http://blog.segu-info.com.ar/2026/03/zero-day-de-qualcomm-explotado-en.html
La actividad de explotación contra CVE-2026-21385, un fallo de corrupción de memoria de alta gravedad, podría estar vinculada a spyware comercial o grupos de amenazas estatales.Un nuevo error de Qualcomm ha sido explotado en ataques limitados y dirigidos contra dispositivos
##⚪️ Android patches 0‑day vulnerability linked to Qualcomm components
🗨️ Google experts have released the March security updates for Android, fixing a total of 129 vulnerabilities. Among them is a 0‑day issue in a Qualcomm component that is already being used in real-world attacks. The vulnerability has been assigned the…
##Latest Geopolitical, Technology, and Cybersecurity Update (March 6-7, 2026):
Russia is reportedly sharing intelligence with Iran to target US forces in the Middle East, escalating tensions. Cybersecurity faces critical threats as a Cisco SD-WAN flaw (CVE-2026-20127) has been exploited since 2023, and a Qualcomm zero-day (CVE-2026-21385) affects 234 chipsets. Meanwhile, rapid AI advancements are intensifying regulatory debates globally.
##updated 2026-03-03T19:11:21.227000
1 posts
📈 CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-03T03:33:44
1 posts
📈 CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-03-02T18:31:44
1 posts
📈 CVE Published in last 7 days (2026-03-02 - 2026-03-09)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1428
Severity:
- Critical: 187
- High: 549
- Medium: 456
- Low: 43
- None: 193
Status:
- : 38
- Analyzed: 324
- Awaiting Analysis: 475
- Modified: 83
- Received: 445
- Rejected: 7
- Undergoing Analysis: 56
Top CNAs:
- GitHub, Inc.: 283
- Patchstack: 271
- MITRE: 128
- VulnCheck: 107
- VulDB: 85
- Wordfence: 74
- Android (associated with Google Inc. or Open Handset Alliance): 57
- Cisco Systems, Inc.: 50
- N/A: 38
- Acronis International GmbH: 23
Top Affected Products:
- UNKNOWN: 1003
- Google Android: 74
- Chamilo Lms: 25
- Dlink Dir-513 Firmware: 20
- Huawei Harmonyos: 18
- Qualcomm Qca6595au Firmware: 14
- Qualcomm Wcd9380 Firmware: 14
- Qualcomm Wcd9385 Firmware: 14
- Qualcomm Wsa8830 Firmware: 14
- Qualcomm Wsa8815 Firmware: 14
Top EPSS Score:
- CVE-2026-2256 - 1.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2256)
- CVE-2026-24105 - 1.29 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24105)
- CVE-2026-25070 - 1.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25070)
- CVE-2026-26478 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26478)
- CVE-2026-24101 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24101)
- CVE-2026-24107 - 0.86 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-24107)
- CVE-2026-30227 - 0.80 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-30227)
- CVE-2024-47886 - 0.75 % (https://secdb.nttzen.cloud/cve/detail/CVE-2024-47886)
- CVE-2025-14675 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14675)
- CVE-2018-25181 - 0.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2018-25181)
updated 2026-02-27T21:42:55
4 posts
🟠 CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30933 - High (7.5)
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30933/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-02-27T14:06:59.787000
1 posts
1 repos
Critical SSRF Vulnerability Patched in Angular Server-Side Rendering
Angular patched a critical SSRF vulnerability (CVE-2026-27739) in its SSR framework that allows attackers to redirect server-side requests to malicious or internal destinations by manipulating HTTP headers.
**If you are using Angular, this is important and urgent. Check your package.json for the possibly risky versions of the libraries, and either patch or sanitize the headers. Always validate incoming headers against a strict allowlist and avoid using client-provided data to build internal request URLs.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-ssrf-vulnerability-patched-in-angular-server-side-rendering-n-2-c-r-e/gD2P6Ple2L
updated 2026-02-25T18:31:45
3 posts
5 repos
https://github.com/BugFor-Pings/CVE-2026-20127_EXP
https://github.com/zerozenxlabs/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE
https://github.com/yonathanpy/CVE-2026-20127-Cisco-SD-WAN-Preauth-RCE
WatchTowr reports seeing exploitation attempts for CVE-2026-20127 from numerous unique IP addresses. https://www.securityweek.com/recent-cisco-catalyst-sd-wan-vulnerability-now-widely-exploited/
##Latest Geopolitical, Technology, and Cybersecurity Update (March 6-7, 2026):
Russia is reportedly sharing intelligence with Iran to target US forces in the Middle East, escalating tensions. Cybersecurity faces critical threats as a Cisco SD-WAN flaw (CVE-2026-20127) has been exploited since 2023, and a Qualcomm zero-day (CVE-2026-21385) affects 234 chipsets. Meanwhile, rapid AI advancements are intensifying regulatory debates globally.
##Critical Cisco Catalyst SD-WAN vulnerability (CVE-2026-20127, CVSS 10.0) is now under widespread exploitation.
Attackers are deploying webshells after the flaw moved from targeted zero-day use to global opportunistic campaigns.
https://www.technadu.com/cisco-catalyst-sd-wan-flaw-is-now-fcing-widespread-exploitation/622887/
Have your systems been patched?
##updated 2026-02-25T14:32:14.467000
1 posts
12 repos
https://github.com/BTtea/CVE-2026-20841-PoC
https://github.com/uky007/CVE-2026-20841_notepad_analysis
https://github.com/tangent65536/CVE-2026-20841
https://github.com/hackfaiz/CVE-2026-20841-PoC
https://github.com/EleniChristopoulou/PoC-CVE-2026-20841
https://github.com/atiilla/CVE-2026-20841
https://github.com/SecureWithUmer/CVE-2026-20841
https://github.com/RajaUzairAbdullah/CVE-2026-20841
https://github.com/404godd/CVE-2026-20841-PoC
https://github.com/patchpoint/CVE-2026-20841
Microsoft turned Notepad into a "smart" AI assistant and accidentally handed hackers a "one-click" execution engine. Here is the technical breakdown of CVE-2026-20841 and why feature creep is killing your security. 🛑💻
##updated 2026-02-10T19:28:57.427000
1 posts
⚪️ Android patches 0‑day vulnerability linked to Qualcomm components
🗨️ Google experts have released the March security updates for Android, fixing a total of 129 vulnerabilities. Among them is a 0‑day issue in a Qualcomm component that is already being used in real-world attacks. The vulnerability has been assigned the…
##updated 2026-02-02T23:41:06
1 posts
7 repos
https://github.com/EQSTLab/CVE-2026-25253
https://github.com/ethiack/moltbot-1click-rce
https://github.com/adibirzu/openclaw-security-monitor
https://github.com/al4n4n/CVE-2026-25253-research
https://github.com/Joseph19820124/openclaw-vuln-report
https://github.com/Ckokoski/moatbot-security
https://github.com/FrigateCaptain/openclaw_vulnerabilities_and_solutions
🚨 SECURITY ALERT: 42,089 OpenClaw AI instances exposed with critical RCE vulnerability (CVE-2026-25253, CVSS 8.8).
93% lack authentication. 1.5M API tokens compromised. One-click shell access via malicious websites.
Full analysis + protection strategies:
https://dev.to/tiamatenity/your-ai-assistant-is-leaking-everything-42k-exposed-instances-critical-cves-and-how-to-protect-yourself
updated 2026-01-16T15:55:33.063000
2 posts
Lenovo released all patches for the Vantage vulnerabilities I reported earlier this year. The blog has been updated with write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.
##Lenovo released all patches for the Vantage vulnerabilities I reported earlier this year. The blog has been updated with write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.
##updated 2026-01-14T16:25:12.057000
1 posts
Steam Deck just posted:
SteamOS 3.7.20
SteamOS 3.7.20 has just been released for all users with the following changes previously in Beta:GeneralAdded ntsync driverNon-DeckEnabled polkit for the InputPlumber dbus interface and resolved a potential race condition for the InputPlumber interface, addressing CVE-2025-66005 and CVE-2025-14338
https://store.steampowered.com/news/app/1675200/view/502851820603836934
##updated 2026-01-14T12:31:48
1 posts
Steam Deck just posted:
SteamOS 3.7.20
SteamOS 3.7.20 has just been released for all users with the following changes previously in Beta:GeneralAdded ntsync driverNon-DeckEnabled polkit for the InputPlumber dbus interface and resolved a potential race condition for the InputPlumber interface, addressing CVE-2025-66005 and CVE-2025-14338
https://store.steampowered.com/news/app/1675200/view/502851820603836934
##updated 2025-06-10T00:30:36
1 posts
Medium-severity advisory from AMD:
CVE-2025-0037: Versal Adaptive SoC – Overwriting Protected Memory Regions through PLM Firmware https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8010.html
A long list of advisories from Adobe: https://helpx.adobe.com/security/security-bulletin.html
Dell patches for multiple vulnerabilities:
Security Update for Dell Connectrix B-Series SANnav Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000437875/dsa-2026-088-security-update-for-dell-connectrix-b-series-sannav-vulnerabilities
Security Update for Dell Connectrix B-Series FOS and SANnav Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000437867/dsa-2026-087-security-update-for-dell-connectrix-b-series-fos-and-sannav-vulnerabilities
Security Update for Dell Avamar Data Store Gen5A Multiple Third-Party Component Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000437829/dsa-2026-086-security-update-for-dell-avamar-data-store-gen5a-multiple-third-party-component-vulnerabilities #Dell
#infosec #vulnerability #AMD #Adobe
updated 2025-04-22T21:15:42.690000
1 posts
🔴 CVE-2026-28292 - Critical (9.8)
`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2025-04-01T23:03:12
1 posts
🔴 CVE-2026-28292 - Critical (9.8)
`simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code e...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Lenovo released all patches for the Vantage vulnerabilities I reported earlier this year. The blog has been updated with write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.
##Lenovo released all patches for the Vantage vulnerabilities I reported earlier this year. The blog has been updated with write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.
##Lenovo released all patches for the Vantage vulnerabilities I reported earlier this year. The blog has been updated with write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.
##Lenovo released all patches for the Vantage vulnerabilities I reported earlier this year. The blog has been updated with write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.
##Lenovo released all patches for the Vantage vulnerabilities I reported earlier this year. The blog has been updated with write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.
##Lenovo released all patches for the Vantage vulnerabilities I reported earlier this year. The blog has been updated with write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.
##Analyzing "Zombie Zip" (CVE-2026-0866) https://isc.sans.edu/diary/32786
##ZIP 壓縮機制大漏洞 全部防毒軟件中招 黑客可藏惡意程式碼
網絡安全公司 Bombadil Systems 研究員 Chris Aziz 發現 ZIP 壓縮檔存在嚴重漏洞 […]
#資訊保安 #7-Zip #Bombadil Systems #CVE-2026-0866
https://unwire.hk/2026/03/11/zombie-zip-cve-2026-0866-winrar/tech-secure/?utm_source=rss&utm_medium=rss&utm_campaign=zombie-zip-cve-2026-0866-winrar
[ #VULN ] "Zombie ZIP : cette technique d'évasion rend aveugles les antivirus"
CVE-2026-0866
⬇️
"Découverte par Chris Aziz, chercheur en sécurité chez Bombadil Systems, la technique Zombie ZIP abuse de la confiance accordée aux moteurs d'analyse à l'en-tête des fichiers ZIP. En effet, cette attaque consiste à manipuler l'en-tête du fichier ZIP de façon à altérer le champ déterminant la méthode de compression au sein de l'archive.
La technique Zombie ZIP consiste à indiquer que les données sont stockées sans aucune compression (méthode STORED ou Method=0), alors que c'est faux ! Le fichier malveillant est bel et bien compressé via l'algorithme standard DEFLATE."
👇
https://www.it-connect.fr/zombie-zip-cette-technique-devasion-rend-aveugles-les-antivirus/
(NDR yet another) " #ZIP format confusion technique that evades 98% of #antivirus engines."
⬇️
CVE-2026-0866 | VU#976247 | Published March 10, 2026
👇
https://github.com/bombadil-systems/zombie-zip?tab=readme-ov-file
Analyzing "Zombie Zip" (CVE-2026-0866) https://isc.sans.edu/diary/32786
##[ #VULN ] "Zombie ZIP : cette technique d'évasion rend aveugles les antivirus"
CVE-2026-0866
⬇️
"Découverte par Chris Aziz, chercheur en sécurité chez Bombadil Systems, la technique Zombie ZIP abuse de la confiance accordée aux moteurs d'analyse à l'en-tête des fichiers ZIP. En effet, cette attaque consiste à manipuler l'en-tête du fichier ZIP de façon à altérer le champ déterminant la méthode de compression au sein de l'archive.
La technique Zombie ZIP consiste à indiquer que les données sont stockées sans aucune compression (méthode STORED ou Method=0), alors que c'est faux ! Le fichier malveillant est bel et bien compressé via l'algorithme standard DEFLATE."
👇
https://www.it-connect.fr/zombie-zip-cette-technique-devasion-rend-aveugles-les-antivirus/
(NDR yet another) " #ZIP format confusion technique that evades 98% of #antivirus engines."
⬇️
CVE-2026-0866 | VU#976247 | Published March 10, 2026
👇
https://github.com/bombadil-systems/zombie-zip?tab=readme-ov-file
Found this bug on the weekend :)
https://curl.se/docs/CVE-2026-3805.html
Curl is cool. For the love of the game..
##CVE-2026-3805: use after free in SMB connection reuse
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.
##CVE-2026-3805: use after free in SMB connection reuse
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.
##CVE-2026-3784: wrong proxy connection reuse with credentials
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.
##CVE-2026-3784: wrong proxy connection reuse with credentials
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.
##CVE-2026-3783: token leak with redirect and netrc
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances.
##CVE-2026-3783: token leak with redirect and netrc
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances.
##CVE-2026-1965: bad reuse of HTTP Negotiate connection
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.
##CVE-2026-1965: bad reuse of HTTP Negotiate connection
libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.
##🚨 CRITICAL: CVE-2026-28806 in nerves_hub_web ≤2.3.x allows authenticated users to take over devices/orgs via improper authorization. Upgrade to 2.4.0+ ASAP! Remote console: high risk of full compromise. https://radar.offseq.com/threat/cve-2026-28806-cwe-285-improper-authorization-in-n-d2ddfb8c #OffSeq #nerveshub #infosec #CVE202628806
##🚨 CRITICAL: CVE-2026-28806 in nerves_hub_web ≤2.3.x allows authenticated users to take over devices/orgs via improper authorization. Upgrade to 2.4.0+ ASAP! Remote console: high risk of full compromise. https://radar.offseq.com/threat/cve-2026-28806-cwe-285-improper-authorization-in-n-d2ddfb8c #OffSeq #nerveshub #infosec #CVE202628806
###RocketChat has a critical authentication bypass vulnerability due to forgetting await keyword ("Users can login with any password via the EE ddp-streamer-servic" CVE-2026-28514):
https://github.com/RocketChat/Rocket.Chat/security/advisories/GHSA-w6vw-mrgv-69vf
The vulnerability has been patched in RocketChat 8.0.0, 7.13.3, 7.12.4, 7.11.4, 7.10.7, 7.9.8 and 7.8.6.
These issues were discovered by an AI agent developed by the GitHub Security Lab and reviewed by GHSL team members Peter Stöckli and Man Yue Mo.
I often voice my dislike of misguided AI use. This right here is actually good use of AI.
##Sign in with ANY password into Rocket.Chat EE (CVE-2026-28514) and other vulnerabilities we’ve found with our open source AI framework https://github.blog/security/how-to-scan-for-vulnerabilities-with-github-security-labs-open-source-ai-powered-framework/
##🟠 CVE-2026-30983 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml() (strcpy) causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30983/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30983 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml() (strcpy) causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30983/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30979 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() triggered with local user interaction causing memory corrupt...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30979/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30987 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum::GetValues() causing stack memory corruption or crash. This vulnerability is fixed in 2.3...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30987/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31795 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply() corrupting stack memory or crash. This vulnerability is fixed in 2.3.1.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31795/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31792 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a null pointer dereference in CIccTagXmlStruct::ParseTag() causing a segmentation fault or denial of service. This vulnerabilit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31792/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31796 - High (7.8)
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in icCurvesFromXml() causing heap memory corruption or crash. This vulnerability is fixed in 2.3.1.5.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31796/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30918 - High (7.6)
facileManager is a modular suite of web apps built with the sysadmin in mind. Prior to 6.0.4 , a reflected XSS occurs when an application receives data from an untrusted source and uses it in its HTTP responses in a way that could lead to vulnerab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30918/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-27603 - High (7.5)
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the chart filter endpoint POST /project/:project_id/chart/:chart_id/filter is missing both verif...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27603/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-27005 - Critical (9.8)
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against databases con...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27005/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28693 - High (8.1)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28693/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28691 - High (7.5)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. This vul...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28691/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: CVE-2026-30862 in Appsmith <1.96 enables stored XSS via TableWidgetV2. Attackers can leverage 'Invite Users' for admin takeover. Patch to 1.96+ ASAP! No active exploits yet. https://radar.offseq.com/threat/cve-2026-30862-cwe-79-improper-neutralization-of-i-d918c60a #OffSeq #XSS #Appsmith #CVE2026_30862
##🚨 CVE-2026-28431 (CRITICAL, CVSS 9.2) in Misskey (8.45.0 – <2026.3.1): Improper authorization allows unauthenticated data access. Patch to 2026.3.1 now! Review access controls and monitor logs. https://radar.offseq.com/threat/cve-2026-28431-cwe-285-improper-authorization-in-m-e4688f7e #OffSeq #Misskey #Vuln #InfoSec
##🔴 CVE-2026-30240 - Critical (9.6)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA (Progressive Web App) ZIP processing endpoint (POST /api/pwa/process-zip) allows an authenti...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30240 - Critical (9.6)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA (Progressive Web App) ZIP processing endpoint (POST /api/pwa/process-zip) allows an authenti...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30240/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31816 - Critical (9.1)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized() middleware that protects every server-side API endpoint can be completely bypassed by appending a w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31816/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-31816 - Critical (9.1)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Budibase server's authorized() middleware that protects every server-side API endpoint can be completely bypassed by appending a w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31816/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-25737 - High (8.9)
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25737/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-62166 - High (7.5)
FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed should be viewable if anonymous viewing is enabled,...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-62166/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##