FediSecfeeds

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41248/

##

offseq at 2026-04-25T00:00:40.068Z ##

🚨 CRITICAL: CVE-2026-41248 affects clerk astro, nextjs, nuxt — lets attackers bypass middleware in affected JS libs. Update to fixed versions ASAP to prevent unauthorized access. Patches available now. https://radar.offseq.com/threat/cve-2026-41248-cwe-436-interpretation-conflict-in--1e1431c1 #OffSeq #Vulnerability #ClerkJS

##

thehackerwire@mastodon.social at 2026-04-24T22:00:01.000Z ##

🔴 CVE-2026-41248 - Critical (9.1)

Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach down...

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-25T00:00:40.000Z ##

🚨 CRITICAL: CVE-2026-41248 affects clerk astro, nextjs, nuxt — lets attackers bypass middleware in affected JS libs. Update to fixed versions ASAP to prevent unauthorized access. Patches available now. https://radar.offseq.com/threat/cve-2026-41248-cwe-436-interpretation-conflict-in--1e1431c1 #OffSeq #Vulnerability #ClerkJS

##

thehackerwire@mastodon.social at 2026-04-24T22:00:01.000Z ##

🔴 CVE-2026-41248 - Critical (9.1)

Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach down...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41248/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41324
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-24T21:02:13

1 posts

### Summary `basic-ftp@5.2.2` is vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to `Client.list()`, causing the client process to consume memory until it becomes unstable or crashes. ### Details The issue is in the package's

thehackerwire@mastodon.social at 2026-04-24T05:45:43.000Z ##

🟠 CVE-2026-41324 - High (7.5)

basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extreme...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41324/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41278
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-24T21:00:59

2 posts

### Summary The `GET /api/v1/public-chatflows/:id` endpoint returns the full chatflow object **without sanitization** for public chatflows. Docker validation revealed this is worse than initially assessed: the `sanitizeFlowDataForPublicEndpoint` function does NOT exist in the released v3.0.13 Docker image. Both `public-chatflows` AND `public-chatbotConfig` return completely raw flowData including

thehackerwire@mastodon.social at 2026-04-25T01:10:26.000Z ##

🟠 CVE-2026-41278 - High (7.5)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation re...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41278/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:10:26.000Z ##

🟠 CVE-2026-41278 - High (7.5)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation re...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41278/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41279
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-24T21:00:53

2 posts

### Summary The text-to-speech generation endpoint (`POST /api/v1/text-to-speech/generate`) is whitelisted (no auth) and accepts a `credentialId` directly in the request body. When called without a `chatflowId`, the endpoint uses the provided `credentialId` to decrypt the stored credential (e.g., OpenAI or ElevenLabs API key) and generate speech. ### Root Cause ```typescript // packages/server/

thehackerwire@mastodon.social at 2026-04-25T01:10:36.000Z ##

🟠 CVE-2026-41279 - High (7.5)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId directly in ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41279/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:10:36.000Z ##

🟠 CVE-2026-41279 - High (7.5)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId directly in ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41279/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41271
(7.1 HIGH)

EPSS: 0.06%

updated 2026-04-24T20:59:23

2 posts

### Summary A Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems. By injecting malicious prompt templates, attackers can bypass the intended API documentation constraints and redirect requests to sensitive internal services, po

thehackerwire@mastodon.social at 2026-04-25T01:11:19.000Z ##

🟠 CVE-2026-41271 - High (8.3)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers t...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41271/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:11:19.000Z ##

🟠 CVE-2026-41271 - High (8.3)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers t...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41271/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41265
(9.8 CRITICAL)

EPSS: 0.13%

updated 2026-04-24T20:58:07

2 posts

ZDI-CAN-29412: FlowiseAI Flowise Airtable_Agent Code Injection Remote Code Execution Vulnerability Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products: Flowise - Flowise -- VULNERABILITY DETAILS ------------------------ * Version tested: 3.0.13 * Installer file: hxxps://github.com/FlowiseAI/Flowise * Platform tested: Ubuntu 25.10 --- ### Analy

thehackerwire@mastodon.social at 2026-04-25T02:00:02.000Z ##

🔴 CVE-2026-41265 - Critical (9.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the Airtable_Agents class. The issue results from the lack of proper sandboxing when evaluat...

updated 2026-04-24T20:44:06

2 posts

### Summary The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide the following payload: `DataFrame({'foo': ['bar!']});import os;os.system('whoami')` that will get interpolated and executed by the server. ### Details The code in question that introduces the issue is in [CSVAgent.ts](https://github.com/FlowiseAI/Flowise/blob/78674897270d5

thehackerwire@mastodon.social at 2026-04-25T01:11:39.000Z ##

🟠 CVE-2026-41137 - High (8.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide a command injection payload ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41137/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:11:39.000Z ##

🟠 CVE-2026-41137 - High (8.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide a command injection payload ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41137/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2024-7399
(8.8 HIGH)

EPSS: 82.26%

updated 2026-04-24T20:23:57.990000

3 posts

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.

https://github.com/davidxbors/CVE-2024-7399-POC

1 repos

secdb@infosec.exchange at 2026-04-24T20:00:16.000Z ##

🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0424)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-57726 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57726)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57726

⚠️ CVE-2024-57728 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57728)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57728

⚠️ CVE-2024-7399 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-7399)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: https://security.samsungtv.com/securityUpdates ; https://nvd.nist.gov/vuln/detail/CVE-2024-7399

⚠️ CVE-2025-29635 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-29635)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10469 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29635

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260424 #cisa20260424 #cve_2024_57726 #cve_2024_57728 #cve_2024_7399 #cve_2025_29635 #cve202457726 #cve202457728 #cve20247399 #cve202529635

##

cisakevtracker@mastodon.social at 2026-04-24T18:01:08.000Z ##

CVE ID: CVE-2024-7399
Vendor: Samsung
Product: MagicINFO 9 Server
Date Added: 2026-04-24
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-7399

##

AAKL@infosec.exchange at 2026-04-24T17:29:17.000Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #Apache

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57726

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57728

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7399

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-29635 #CISA #Samsung #DLink

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-CISAED25-03 @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2026-41477
(7.8 HIGH)

EPSS: 0.01%

updated 2026-04-24T20:16:28.340000

2 posts

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary commands as SYSTEM. Affects both stable v1.20.0 + and Continuous v1.26.0.134 prerelease.

thehackerwire@mastodon.social at 2026-04-24T20:41:18.000Z ##

🟠 CVE-2026-41477 - High (7.8)

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41477/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T20:41:18.000Z ##

🟠 CVE-2026-41477 - High (7.8)

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowi...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41477/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41429
(8.8 HIGH)

EPSS: 0.02%

updated 2026-04-24T20:16:27.663000

2 posts

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin(...), the device listens on UDP port 137 and processes untrusted NBNS requests from the local network. The request parser trusts the

thehackerwire@mastodon.social at 2026-04-24T20:41:39.000Z ##

🟠 CVE-2026-41429 - High (8.8)

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled b...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41429/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T20:41:39.000Z ##

🟠 CVE-2026-41429 - High (8.8)

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled b...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41429/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40372
(9.1 CRITICAL)

EPSS: 0.03%

updated 2026-04-24T19:59:44

1 posts

## Executive Summary: A bug in `Microsoft.AspNetCore.DataProtection` 10.0.0-10.0.6 NuGet packages can give an attacker the opportunity to execute an Elevation of Privilege attack by forging authentication cookies, and also allows some protected payloads to be decrypted. If an attacker used forged payloads to authenticate as a privileged user during the vulnerable window, they may have induced t

benzogaga33@mamot.fr at 2026-04-23T15:40:05.000Z ##

Microsoft a publié un patch pour une faille critique dans ASP.NET : CVE-2026-40372 https://www.it-connect.fr/microsoft-a-publie-un-patch-pour-une-faille-critique-dans-asp-net-cve-2026-40372/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Microsoft

##

CVE-2024-57728
(7.2 HIGH)

EPSS: 50.59%

updated 2026-04-24T19:27:00.700000

3 posts

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

secdb@infosec.exchange at 2026-04-24T20:00:16.000Z ##

🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0424)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-57726 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57726)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57726

⚠️ CVE-2024-57728 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57728)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57728

⚠️ CVE-2024-7399 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-7399)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: https://security.samsungtv.com/securityUpdates ; https://nvd.nist.gov/vuln/detail/CVE-2024-7399

⚠️ CVE-2025-29635 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-29635)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10469 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29635

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260424 #cisa20260424 #cve_2024_57726 #cve_2024_57728 #cve_2024_7399 #cve_2025_29635 #cve202457726 #cve202457728 #cve20247399 #cve202529635

##

cisakevtracker@mastodon.social at 2026-04-24T18:01:23.000Z ##

CVE ID: CVE-2024-57728
Vendor: SimpleHelp
Product: SimpleHelp
Date Added: 2026-04-24
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-57728

##

AAKL@infosec.exchange at 2026-04-24T17:29:17.000Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #Apache

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57726

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57728

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7399

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-29635 #CISA #Samsung #DLink

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-CISAED25-03 @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2026-41276
(9.8 CRITICAL)

EPSS: 0.18%

updated 2026-04-24T19:17:11.770000

2 posts

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the resetPassword method of the AccountService class. There is no check performed to

thehackerwire@mastodon.social at 2026-04-25T01:00:36.000Z ##

🔴 CVE-2026-41276 - Critical (9.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not requ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41276/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:00:36.000Z ##

🔴 CVE-2026-41276 - Critical (9.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not requ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41276/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41273
(8.2 HIGH)

EPSS: 0.06%

updated 2026-04-24T19:17:11.530000

2 posts

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated with a public chatflow. By accessing a public chatflow configuration endpoint, an attacker can retrieve internal workflow data, including OAuth credential

thehackerwire@mastodon.social at 2026-04-25T01:11:29.000Z ##

🟠 CVE-2026-41273 - High (8.2)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated w...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41273/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:11:29.000Z ##

🟠 CVE-2026-41273 - High (8.2)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated w...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41273/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41138
(8.8 HIGH)

EPSS: 0.29%

updated 2026-04-24T19:17:11.260000

1 posts

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within the prompt template and it is reflected to the Python code without any sanitization. This vulnerabilit

thehackerwire@mastodon.social at 2026-04-23T20:30:29.000Z ##

🟠 CVE-2026-41138 - High (8.3)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41138/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40466
(8.8 HIGH)

EPSS: 0.11%

updated 2026-04-24T19:17:10.567000

2 posts

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport via BrokerView.addNetworkConnector or BrokerView.addConnector through Jolokia if the activemq-http module is on th

thehackerwire@mastodon.social at 2026-04-24T20:10:11.000Z ##

🟠 CVE-2026-40466 - High (8.8)

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.

An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a conne...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40466/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T20:10:11.000Z ##

🟠 CVE-2026-40466 - High (8.8)

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.

An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a conne...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40466/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33662
(7.5 HIGH)

EPSS: 0.07%

updated 2026-04-24T19:17:09.997000

2 posts

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/crypto_api/acipher/rsassa.c, the amount of padding needed, "PS size", is calculated by subtracting the size of the digest and other fields required for th

thehackerwire@mastodon.social at 2026-04-24T19:44:30.000Z ##

🟠 CVE-2026-33662 - High (7.5)

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/c...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33662/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:43:08.000Z ##

🟠 CVE-2026-33662 - High (7.5)

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsa_pkcs1_v1_5_encode() in core/drivers/crypto/c...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33662/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2025-50229
(9.8 CRITICAL)

EPSS: 0.03%

updated 2026-04-24T19:16:31.937000

2 posts

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module.

thehackerwire@mastodon.social at 2026-04-25T21:59:51.000Z ##

🔴 CVE-2025-50229 - Critical (9.8)

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50229/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T21:59:51.000Z ##

🔴 CVE-2025-50229 - Critical (9.8)

Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-50229/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2024-57726
(8.8 HIGH)

EPSS: 52.25%

updated 2026-04-24T18:30:36

3 posts

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

secdb@infosec.exchange at 2026-04-24T20:00:16.000Z ##

🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0424)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-57726 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57726)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57726

⚠️ CVE-2024-57728 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57728)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57728

⚠️ CVE-2024-7399 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-7399)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: https://security.samsungtv.com/securityUpdates ; https://nvd.nist.gov/vuln/detail/CVE-2024-7399

⚠️ CVE-2025-29635 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-29635)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10469 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29635

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260424 #cisa20260424 #cve_2024_57726 #cve_2024_57728 #cve_2024_7399 #cve_2025_29635 #cve202457726 #cve202457728 #cve20247399 #cve202529635

##

cisakevtracker@mastodon.social at 2026-04-24T18:01:38.000Z ##

CVE ID: CVE-2024-57726
Vendor: SimpleHelp
Product: SimpleHelp
Date Added: 2026-04-24
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-57726

##

AAKL@infosec.exchange at 2026-04-24T17:29:17.000Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #Apache

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57726

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57728

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7399

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-29635 #CISA #Samsung #DLink

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-CISAED25-03 @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2025-29635
(8.8 HIGH)

EPSS: 58.94%

updated 2026-04-24T18:30:36

3 posts

A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote command execution.

secdb@infosec.exchange at 2026-04-24T20:00:16.000Z ##

🚨 [CISA-2026:0424] CISA Adds 4 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0424)

CISA has added 4 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2024-57726 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57726)
- Name: SimpleHelp Missing Authorization Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57726

⚠️ CVE-2024-57728 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-57728)
- Name: SimpleHelp Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57728

⚠️ CVE-2024-7399 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-7399)
- Name: Samsung MagicINFO 9 Server Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Samsung
- Product: MagicINFO 9 Server
- Notes: https://security.samsungtv.com/securityUpdates ; https://nvd.nist.gov/vuln/detail/CVE-2024-7399

⚠️ CVE-2025-29635 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-29635)
- Name: D-Link DIR-823X Command Injection Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: D-Link
- Product: DIR-823X
- Notes: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10469 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29635

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260424 #cisa20260424 #cve_2024_57726 #cve_2024_57728 #cve_2024_7399 #cve_2025_29635 #cve202457726 #cve202457728 #cve20247399 #cve202529635

##

cisakevtracker@mastodon.social at 2026-04-24T18:00:52.000Z ##

CVE ID: CVE-2025-29635
Vendor: D-Link
Product: DIR-823X
Date Added: 2026-04-24
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-29635

##

AAKL@infosec.exchange at 2026-04-24T17:29:17.000Z ##

Broadcom has a new advisory for a critical vulnerability:

Common Components and Services for z/OS 15.0 Vulnerability in CCS Apache Tomcat https://support.broadcom.com/web/ecx/security-advisory #Broadcom #Apache

CISA has updated the KEV catalogue:

- CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57726

- CVE-2024-57728: SimpleHelp Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-57728

- CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability https://www.cve.org/CVERecord?id=CVE-2024-7399

- CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-29635 #CISA #Samsung #DLink

Cisco has two advisories for high-severity vulnerabilities:

- CVE-2023-20185: Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX

- Informational, updated today: Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-CISAED25-03 @TalosSecurity #Cisco #infosec #vulnerability

##

CVE-2026-6911
(9.8 CRITICAL)

EPSS: 0.05%

updated 2026-04-24T17:56:41.280000

5 posts

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the deployment's User Pool, via a crafted JWT sent to the API Gateway endpoint. To remediate this issue, u

Matchbook3469@mastodon.social at 2026-04-25T14:05:14.000Z ##

🚨 New security advisory:

CVE-2026-6911 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-6911-ops-wheel-unauthenticated-admin-access

#InfoSec #SecurityPatching #HackerNews

##

offseq at 2026-04-25T07:30:25.791Z ##

🚨 CRITICAL: CVE-2026-6911 in AWS Ops Wheel — missing JWT signature checks allow unauth access & admin control over all tenants. Patch by redeploying from the updated repo! Details: https://radar.offseq.com/threat/cve-2026-6911-cwe-347-improper-verification-of-cry-0f0da004 #OffSeq #AWS #Vuln #JWT

##

offseq@infosec.exchange at 2026-04-25T07:30:25.000Z ##

🚨 CRITICAL: CVE-2026-6911 in AWS Ops Wheel — missing JWT signature checks allow unauth access & admin control over all tenants. Patch by redeploying from the updated repo! Details: https://radar.offseq.com/threat/cve-2026-6911-cwe-347-improper-verification-of-cry-0f0da004 #OffSeq #AWS #Vuln #JWT

##

thehackerwire@mastodon.social at 2026-04-24T19:41:56.000Z ##

🔴 CVE-2026-6911 - Critical (9.8)

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across te...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6911/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

awssecurityfeed@infosec.exchange at 2026-04-24T17:00:01.000Z ##

Issue with AWS Ops Wheel (CVE-2026-6911 and CVE-2026-6912

Bulletin ID: 2026-018-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/24 09:15 AM PDT
Description:
AWS Ops Wheel is an open-source tool that helps teams make random selections using a virtua...

https://aws.amazon.com/security/security-bulletins/rss/2026-018-aws/

#aws #security

##

CVE-2026-40897
(8.8 HIGH)

EPSS: 0.05%

updated 2026-04-24T17:56:41.280000

1 posts

Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser. This vulnerability is fixed in 15.2.0.

thehackerwire@mastodon.social at 2026-04-24T19:42:32.000Z ##

🟠 CVE-2026-40897 - High (8.8)

Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40897/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39920
(9.8 CRITICAL)

EPSS: 0.20%

updated 2026-04-24T17:55:55.317000

5 posts

BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS commands. Attackers can authenticate to the admin console using default credentials, upload a malicious Java archive as a web service, and execute arbitrary com

Matchbook3469@mastodon.social at 2026-04-25T15:09:16.000Z ##

🔴 New security advisory:

CVE-2026-39920 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-39920-bridgehead-filestore-unauth-rce

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39920/

##

offseq at 2026-04-25T09:00:27.686Z ##

🔥 CVE-2026-39920: BridgeHead FileStore <24A has a CRITICAL flaw — Apache Axis2 admin exposed with default creds, allowing unauthenticated remote OS command execution. Restrict access, change creds & monitor! Patch status pending. https://radar.offseq.com/threat/cve-2026-39920-cwe-1188-initialization-of-a-resour-596011eb #OffSeq #Vuln #Cybersecurity

##

thehackerwire@mastodon.social at 2026-04-24T20:07:25.000Z ##

🔴 CVE-2026-39920 - Critical (9.8)

BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated remote attackers to execute arbitrary OS command...

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

updated 2026-04-24T16:39:50.947000

4 posts

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

nyanbinary at 2026-04-25T11:42:26.953Z ##

@andrewnez hm, is that search correct? The 343 on linked NVD page seems to include e.g. CVE-2026-6919 which isnt really related?

It's not an in any way relevant difference (4 false associations) but now I am really curious why those are associated....

##

thehackerwire@mastodon.social at 2026-04-25T02:00:12.000Z ##

🔴 CVE-2026-6919 - Critical (9.6)

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6919/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

nyanbinary@infosec.exchange at 2026-04-25T11:42:26.000Z ##

@andrewnez hm, is that search correct? The 343 on linked NVD page seems to include e.g. CVE-2026-6919 which isnt really related?

It's not an in any way relevant difference (4 false associations) but now I am really curious why those are associated....

##

thehackerwire@mastodon.social at 2026-04-25T02:00:12.000Z ##

🔴 CVE-2026-6919 - Critical (9.6)

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6919/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33524
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-24T16:25:17

1 posts

## Summary ### Unbounded Memory Allocation (all platforms) A crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error (Denial of Service). **Affected code (C++):** - `cpp/runtime/src/zserio/Array.h` (line 1029) — `m_rawArray.reserve(readLength)` with unchecked `readLength` - `cpp/runtime/src/zserio/BitStreamReader.h` (lines 249, 2

thehackerwire@mastodon.social at 2026-04-24T19:41:46.000Z ##

🟠 CVE-2026-33524 - High (7.5)

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33524/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41492
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-04-24T16:15:29

3 posts

### Summary Dgraph `v25.3.2` still exposes the process command line through the unauthenticated `/debug/vars` endpoint on Alpha. Because the admin token is commonly supplied via the `--security "token=..."` startup flag, an unauthenticated attacker can retrieve that token and replay it in the `X-Dgraph-AuthToken` header to access admin-only endpoints. This is a variant of the previously fixed `/d

offseq at 2026-04-25T01:30:29.932Z ##

⚠️ CRITICAL: dgraph-io Dgraph (< 25.3.3) leaks admin tokens via unauthenticated /debug/vars endpoint. Attackers can gain admin access! Patch to 25.3.3+ ASAP. CVE-2026-41492 | More: https://radar.offseq.com/threat/cve-2026-41492-cwe-200-exposure-of-sensitive-infor-932f1edf #OffSeq #CVE202641492 #Dgraph #Vulnerability

##

offseq@infosec.exchange at 2026-04-25T01:30:29.000Z ##

⚠️ CRITICAL: dgraph-io Dgraph (< 25.3.3) leaks admin tokens via unauthenticated /debug/vars endpoint. Attackers can gain admin access! Patch to 25.3.3+ ASAP. CVE-2026-41492 | More: https://radar.offseq.com/threat/cve-2026-41492-cwe-200-exposure-of-sensitive-infor-932f1edf #OffSeq #CVE202641492 #Dgraph #Vulnerability

##

thehackerwire@mastodon.social at 2026-04-24T19:41:02.000Z ##

🔴 CVE-2026-41492 - Critical (9.8)

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..."...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41492/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41328
(9.1 CRITICAL)

EPSS: 0.08%

updated 2026-04-24T15:41:45

3 posts

## 1. Executive Summary A vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack requires two HTTP POSTs to port 8080. The first sets up a schema predicate with `@unique @index(exact) @lang` via `/alter` (also unauthenticated in default

offseq at 2026-04-25T04:30:28.825Z ##

🚨 CVE-2026-41328: CRITICAL DQL injection in dgraph-io Dgraph (<25.3.3) allows unauthenticated full DB read! Exploit via crafted POSTs to port 8080. Patch to 25.3.3+ or enable ACL to mitigate. Details: https://radar.offseq.com/threat/cve-2026-41328-cwe-943-improper-neutralization-of--c8d19cb1 #OffSeq #CVE202641328 #GraphQL #infosec

##

offseq@infosec.exchange at 2026-04-25T04:30:28.000Z ##

🚨 CVE-2026-41328: CRITICAL DQL injection in dgraph-io Dgraph (<25.3.3) allows unauthenticated full DB read! Exploit via crafted POSTs to port 8080. Patch to 25.3.3+ or enable ACL to mitigate. Details: https://radar.offseq.com/threat/cve-2026-41328-cwe-943-improper-neutralization-of--c8d19cb1 #OffSeq #CVE202641328 #GraphQL #infosec

##

thehackerwire@mastodon.social at 2026-04-24T19:41:36.000Z ##

🔴 CVE-2026-41328 - Critical (9.1)

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configur...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41328/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41327
(9.1 CRITICAL)

EPSS: 0.03%

updated 2026-04-24T15:41:25

4 posts

## 1. Executive Summary A vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack is a single HTTP POST to `/mutate?commitNow=true` containing a crafted `cond` field in an upsert mutation. The `cond` value is concatenated directly into a

offseq at 2026-04-25T03:00:27.929Z ##

🚨 CRITICAL vuln: CVE-2026-41327 in dgraph-io dgraph (<25.3.3). Unauthenticated attacker can exfiltrate all DB data with a crafted POST via upsert mutation. Upgrade to 25.3.3+ or enable ACL ASAP! https://radar.offseq.com/threat/cve-2026-41327-cwe-943-improper-neutralization-of--8885efbe #OffSeq #Vuln #GraphQL #DataLeak

##

offseq@infosec.exchange at 2026-04-25T03:00:27.000Z ##

🚨 CRITICAL vuln: CVE-2026-41327 in dgraph-io dgraph (<25.3.3). Unauthenticated attacker can exfiltrate all DB data with a crafted POST via upsert mutation. Upgrade to 25.3.3+ or enable ACL ASAP! https://radar.offseq.com/threat/cve-2026-41327-cwe-943-improper-neutralization-of--8885efbe #OffSeq #Vuln #GraphQL #DataLeak

##

thehackerwire@mastodon.social at 2026-04-24T19:44:11.000Z ##

🔴 CVE-2026-41327 - Critical (9.1)

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configur...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41327/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T19:41:35.000Z ##

🔴 CVE-2026-41327 - Critical (9.1)

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configur...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41327/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41316
(8.1 HIGH)

EPSS: 0.08%

updated 2026-04-24T15:36:10

1 posts

## Summary Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). However, three other public methods that also evaluate `@src` via `eval()` were not given the same guard: - `ERB#def_method` - `ERB#def_module` - `ERB

thehackerwire@mastodon.social at 2026-04-24T03:57:15.000Z ##

🟠 CVE-2026-41316 - High (8.1)

ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marsha...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41316/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-21515
(10.0 CRITICAL)

EPSS: 0.08%

updated 2026-04-24T15:32:39

3 posts

Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.

Matchbook3469@mastodon.social at 2026-04-25T10:52:31.000Z ##

🔴 New security advisory:

CVE-2026-21515 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-21515-azure-iot-central-elevates-privileges

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21515/

##

thehackerwire@mastodon.social at 2026-04-24T20:07:44.000Z ##

🔴 CVE-2026-21515 - Critical (9.9)

Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T20:07:44.000Z ##

🔴 CVE-2026-21515 - Critical (9.9)

Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21515/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5367
(8.6 HIGH)

EPSS: 0.03%

updated 2026-04-24T15:32:39

2 posts

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's

thehackerwire@mastodon.social at 2026-04-24T20:07:35.000Z ##

🟠 CVE-2026-5367 - High (8.6)

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds...

updated 2026-04-24T14:50:56.203000

2 posts

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under `/files/:uploadId` validates the mounted request path using the still-encoded `req.path`, but the downstream tus handler later writes using the decoded `req.params.uploadId`. In deployments that use a supported custom `PSITRANSFER_UPLOAD_DIR` whose basename prefixes a startup-loade

thehackerwire@mastodon.social at 2026-04-25T22:00:10.000Z ##

🟠 CVE-2026-41180 - High (7.5)

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under `/files/:uploadId` validates the mounted request path using the still-encoded `req.path`, but the downstream tus handler later wr...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41180/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T22:00:10.000Z ##

🟠 CVE-2026-41180 - High (7.5)

PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload PATCH flow under `/files/:uploadId` validates the mounted request path using the still-encoded `req.path`, but the downstream tus handler later wr...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41180/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41208
(8.8 HIGH)

EPSS: 0.23%

updated 2026-04-24T14:50:56.203000

2 posts

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip server host. An attacker with an agent credential can escalate privileges from the agent runtime to the Pap

thehackerwire@mastodon.social at 2026-04-25T22:00:01.000Z ##

🟠 CVE-2026-41208 - High (8.8)

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to e...

updated 2026-04-24T14:50:56.203000

2 posts

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.

thehackerwire@mastodon.social at 2026-04-23T19:43:41.000Z ##

🟠 CVE-2026-41040 - High (7.5)

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.

Matchbook3469@mastodon.social at 2026-04-25T16:54:11.000Z ##

🚨 New security advisory:

CVE-2026-32210 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32210-dynamics-365-ssrf-lets-attackers-spoof

#InfoSec #SecurityPatching #HackerNews

##

thehackerwire@mastodon.social at 2026-04-23T23:06:15.000Z ##

🔴 CVE-2026-32210 - Critical (9.3)

Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32210/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-24303
(9.6 CRITICAL)

EPSS: 0.04%

updated 2026-04-24T14:41:16.553000

3 posts

Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

Matchbook3469@mastodon.social at 2026-04-25T07:53:01.000Z ##

🔴 New security advisory:

CVE-2026-24303 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-24303-partner-center-privilege-escalation

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40623/

##

thehackerwire@mastodon.social at 2026-04-25T00:00:10.000Z ##

🔴 CVE-2026-24303 - Critical (9.6)

Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

updated 2026-04-24T14:40:12.517000

2 posts

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive functions, parameters such as IP addressing, watchdog timers, reconnect intervals, and service ports can be set to unsupported or unsafe values. These con

thehackerwire@mastodon.social at 2026-04-24T23:00:32.000Z ##

🟠 CVE-2026-40623 - High (8.1)

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive...

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T23:00:32.000Z ##

🟠 CVE-2026-40623 - High (8.1)

A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inadequate enforcement of constraints on sensitive...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40623/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40620
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-04-24T14:40:12.517000

3 posts

A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management connections from any reachable host, enabling unrestricted modification of critical configuration parameters, operational modes, and device state through a vendor

thehackerwire@mastodon.social at 2026-04-24T23:00:22.000Z ##

🔴 CVE-2026-40620 - Critical (9.8)

A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management conne...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40620/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T23:00:22.000Z ##

🔴 CVE-2026-40620 - Critical (9.8)

A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config application. The service accepts management conne...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40620/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T03:00:25.000Z ##

SenseLive X3050 V1.523 is at CRITICAL risk (CVE-2026-40620, CVSS 9.3): missing auth lets remote attackers gain admin access. No patch yet — restrict management access, monitor logs, and follow vendor updates. https://radar.offseq.com/threat/cve-2026-40620-cwe-306-missing-authentication-for--0af2786c #OffSeq #CVE202640620 #IoTSecurity

##

CVE-2026-35503
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-04-24T14:40:12.517000

2 posts

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these exposed parameters and gain unauthorized access to administrative functionality.

thehackerwire@mastodon.social at 2026-04-24T22:05:47.000Z ##

🔴 CVE-2026-35503 - Critical (9.8)

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35503/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T22:05:47.000Z ##

🔴 CVE-2026-35503 - Critical (9.8)

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35503/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-40630
(9.8 CRITICAL)

EPSS: 0.09%

updated 2026-04-24T14:40:12.517000

3 posts

A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the intended authentication mechanism and directly interact with sensitive configuration functions.

thehackerwire@mastodon.social at 2026-04-24T22:05:38.000Z ##

🔴 CVE-2026-40630 - Critical (9.8)

A vulnerability in
SenseLive

X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the i...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40630/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T22:05:38.000Z ##

🔴 CVE-2026-40630 - Critical (9.8)

A vulnerability in
SenseLive

X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network access to the device may be able to bypass the i...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40630/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T00:00:38.000Z ##

🚨 CRITICAL: SenseLive X3050 v1.523 is vulnerable to authentication bypass (CVE-2026-40630) via alternate paths. No fix yet — restrict device network access and monitor closely. https://radar.offseq.com/threat/cve-2026-40630-cwe-288-authentication-bypass-using-b2eedf7d #OffSeq #CVE202640630 #IoTSecurity #VulnAlert

##

CVE-2026-25660
(0 None)

EPSS: 0.05%

updated 2026-04-24T14:39:28.770000

2 posts

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in CodeChecker. This issue affects CodeChecker: through 6.27.3.

offseq at 2026-04-25T10:30:26.962Z ##

Ericsson CodeChecker (≤6.27.3) is vulnerable to CRITICAL auth bypass (CVE-2026-25660). Attackers can assign permissions via crafted URLs. Restrict access & monitor for changes. Patch not yet available. https://radar.offseq.com/threat/cve-2026-25660-cwe-290-authentication-bypass-by-sp-881e021f #OffSeq #vulnerability #CodeChecker #infosec

##

offseq@infosec.exchange at 2026-04-25T10:30:26.000Z ##

Ericsson CodeChecker (≤6.27.3) is vulnerable to CRITICAL auth bypass (CVE-2026-25660). Attackers can assign permissions via crafted URLs. Restrict access & monitor for changes. Patch not yet available. https://radar.offseq.com/threat/cve-2026-25660-cwe-290-authentication-bypass-by-sp-881e021f #OffSeq #vulnerability #CodeChecker #infosec

##

CVE-2026-1950
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-04-24T14:39:28.770000

2 posts

Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability.

thehackerwire@mastodon.social at 2026-04-24T22:00:53.000Z ##

🔴 CVE-2026-1950 - Critical (9.8)

Delta Electronics AS320T has
No checking of the length of the buffer with the file name vulnerability.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1950/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T22:00:53.000Z ##

🔴 CVE-2026-1950 - Critical (9.8)

Delta Electronics AS320T has
No checking of the length of the buffer with the file name vulnerability.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1950/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-1952
(9.8 CRITICAL)

EPSS: 0.04%

updated 2026-04-24T14:39:28.770000

3 posts

Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.

thehackerwire@mastodon.social at 2026-04-24T22:00:44.000Z ##

🔴 CVE-2026-1952 - Critical (9.8)

Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1952/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T22:00:44.000Z ##

🔴 CVE-2026-1952 - Critical (9.8)

Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1952/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T09:00:27.000Z ##

⚠️ CRITICAL: CVE-2026-1952 in DeltaWW AS320T (CVSS 9.8) enables denial of service via hidden subfunction (CWE-912). Vendor patch is available for this cloud-hosted service — confirm your instance is protected. https://radar.offseq.com/threat/cve-2026-1952-cwe-912-hidden-functionality-in-delt-72d86c2b #OffSeq #DeltaWW #Vuln #CloudSecurity

##

CVE-2026-21728
(7.5 HIGH)

EPSS: 0.01%

updated 2026-04-24T14:39:28.770000

2 posts

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18).

thehackerwire@mastodon.social at 2026-04-24T22:00:34.000Z ##

🟠 CVE-2026-21728 - High (7.5)

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy.

Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21728/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T22:00:34.000Z ##

🟠 CVE-2026-21728 - High (7.5)

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy.

Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21728/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-5364
(8.1 HIGH)

EPSS: 0.11%

updated 2026-04-24T14:38:26.740000

1 posts

The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing the file type parameter to be controlled by the attacker rather than being restricted to administrator-configured values, which when combined with the fac

thehackerwire@mastodon.social at 2026-04-24T06:42:06.000Z ##

🟠 CVE-2026-5364 - High (8.1)

The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing t...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-5364/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34305
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-24T14:27:13.867000

2 posts

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthoriz

thehackerwire@mastodon.social at 2026-04-22T23:46:34.000Z ##

🟠 CVE-2026-34305 - High (7.5)

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauth...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34305/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-22T23:30:44.000Z ##

🟠 CVE-2026-34305 - High (7.5)

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauth...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34305/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41651
(8.8 HIGH)

EPSS: 0.22%

updated 2026-04-24T13:43:37.347000

8 posts

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. T

5 repos

https://github.com/Vozec/CVE-2026-41651

https://github.com/0xBlackash/CVE-2026-41651

https://github.com/baph00met/CVE-2026-41651

https://github.com/CipherCloak/CVE-2026-41651

https://github.com/dinosn/pack2theroot-lab

benzogaga33@mamot.fr at 2026-04-25T16:20:01.000Z ##

Pack2TheRoot : une faille vieille de 12 ans offre les clés de votre Linux à n’importe qui https://goodtech.info/pack2theroot-faille-linux-packagekit-root-cve-2026-41651/ #Sécurité #Àlaune

##

secdb at 2026-04-24T20:58:39.780Z ##

🚨 CVE-2026-41651 (Pack2TheRoot)

PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.

ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-41651

#nttdata #zen #secdb #infosec
#pack2theroot #cve2026411651 #packagekit #toctou

##

benzogaga33@mamot.fr at 2026-04-25T16:20:01.000Z ##

Pack2TheRoot : une faille vieille de 12 ans offre les clés de votre Linux à n’importe qui https://goodtech.info/pack2theroot-faille-linux-packagekit-root-cve-2026-41651/ #Sécurité #Àlaune

##

secdb@infosec.exchange at 2026-04-24T20:58:39.000Z ##

🚨 CVE-2026-41651 (Pack2TheRoot)

PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.

ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-41651

#nttdata #zen #secdb #infosec
#pack2theroot #cve2026411651 #packagekit #toctou

##

linux@activitypub.awakari.com at 2026-04-24T19:46:15.000Z ## 12-year-old Pack2TheRoot bug lets Linux users gain root privileges ‘Pack2TheRoot’ flaw lets local Linux users gain root via PackageKit. CVE-2026-41651 (8.8) has existed for nearly 12 years. The...

#Hacking #Security #CVE-2026-41651 #hacking #news #information #security #news #IT #Information #Security

Origin | Interest | Match ##

hackerworkspace@infosec.exchange at 2026-04-24T18:17:27.000Z ##

Pack2TheRoot (CVE-2026-41651): Cross-Distro Local Privilege Escalation Vulnerability

https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html

Read on HackerWorkspace: https://hackerworkspace.com/article/pack2theroot-cve-2026-41651-cross-distro-local-privilege-escalation-vulnerability

#cybersecurity #vulnerability #exploit

##

hillu@infosec.exchange at 2026-04-23T17:04:36.000Z ##

Here's a harmless little #PoC for the #PackageKit LPE vulnerability (CVE-2026-41651), by @br3zel and myself: https://codeberg.org/hillu/cve-2026-41651-poc
It was a lot of fun to piece together.

##

cyberveille@mastobot.ping.moi at 2026-04-23T15:30:25.000Z ##

📢 CVE-2026-41651 : Élévation de privilèges locale cross-distro via PackageKit (Pack2TheRoot)
📝 ## 🔍 Contexte

Publié le 22 avril 2026 par l'équipe Red Team de Deutsche Telekom sur leur blog séc...
📖 cyberveille : https://cyberveille.ch/posts/2026-04-23-cve-2026-41651-elevation-de-privileges-locale-cross-distro-via-packagekit-pack2theroot/
🌐 source : https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html
#CVE_2026_41651 #IOC #Cyberveille

##

CVE-2026-1951
(9.8 CRITICAL)

EPSS: 0.01%

updated 2026-04-24T09:30:36

2 posts

Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability.

thehackerwire@mastodon.social at 2026-04-24T08:14:12.000Z ##

🔴 CVE-2026-1951 - Critical (9.8)

Delta Electronics AS320T has no checking of the length of the buffer with the directory name

vulnerability.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1951/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T07:30:26.000Z ##

🔴 CRITICAL: CVE-2026-1951 stack-based buffer overflow in DeltaWW AS320T cloud service (CVSS 9.8). Remote attackers can gain full system control. Patch available — no exploits in the wild yet. Update now! https://radar.offseq.com/threat/cve-2026-1951-cwe-121-stack-based-buffer-overflow--c6177746 #OffSeq #Cybersecurity #Vuln

##

CVE-2026-1949
(9.8 CRITICAL)

EPSS: 0.02%

updated 2026-04-24T06:31:23

1 posts

Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.

thehackerwire@mastodon.social at 2026-04-24T06:42:15.000Z ##

🔴 CVE-2026-1949 - Critical (9.8)

Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1949/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-27841
(8.1 HIGH)

EPSS: 0.01%

updated 2026-04-24T00:32:04

2 posts

A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of request origin or implement CSRF tokens, a malicious external webpage could cause a user's browser to submit unauthorized configuration requests to the device.

thehackerwire@mastodon.social at 2026-04-24T23:59:51.000Z ##

🟠 CVE-2026-27841 - High (8.1)

A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of reque...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27841/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T23:59:51.000Z ##

🟠 CVE-2026-27841 - High (8.1)

A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of reque...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27841/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-35064
(7.5 HIGH)

EPSS: 0.05%

updated 2026-04-24T00:32:04

2 posts

A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are exposed by the underlying service rather than gated by authentication, an attacker on the same network

thehackerwire@mastodon.social at 2026-04-24T23:02:01.000Z ##

🟠 CVE-2026-35064 - High (7.5)

A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35064/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T23:02:01.000Z ##

🟠 CVE-2026-35064 - High (7.5)

A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35064/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-39462
(8.1 HIGH)

EPSS: 0.04%

updated 2026-04-24T00:32:04

3 posts

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that the password update was successful; however, the system may continue to accept the previous or default

thehackerwire@mastodon.social at 2026-04-24T22:05:56.000Z ##

🟠 CVE-2026-39462 - High (8.1)

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseL...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39462/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T22:05:56.000Z ##

🟠 CVE-2026-39462 - High (8.1)

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseL...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39462/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T06:00:26.000Z ##

CVE-2026-39462 (CRITICAL): SenseLive X3050 V1.523 lets attackers bypass password changes after factory reset — device may accept old or default creds. No fix yet. Limit reliance on resets and monitor for updates. https://radar.offseq.com/threat/cve-2026-39462-cwe-522-insufficiently-protected-cr-cedf02e1 #OffSeq #IoTSecurity #CVE202639462

##

CVE-2026-25775
(9.8 CRITICAL)

EPSS: 0.07%

updated 2026-04-24T00:32:03

3 posts

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.

thehackerwire@mastodon.social at 2026-04-24T23:02:10.000Z ##

🔴 CVE-2026-25775 - Critical (9.8)

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and d...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25775/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T23:02:10.000Z ##

🔴 CVE-2026-25775 - Critical (9.8)

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and d...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25775/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T01:30:28.000Z ##

🔍 CVE-2026-25775: SenseLive X3050 (V1.523) critical vuln — remote firmware updates possible without auth! Patch unavailable. Restrict access & monitor for unauthorized firmware actions. https://radar.offseq.com/threat/cve-2026-25775-cwe-306-missing-authentication-for--773ccfcd #OffSeq #IoTSecurity #CVE202625775

##

CVE-2026-27843
(9.1 CRITICAL)

EPSS: 0.07%

updated 2026-04-24T00:32:03

3 posts

A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can induce a persistent lockout state. Because the device lacks a physical reset button, recovery requires

thehackerwire@mastodon.social at 2026-04-24T23:00:42.000Z ##

🔴 CVE-2026-27843 - Critical (9.1)

A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recover...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27843/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T23:00:42.000Z ##

🔴 CVE-2026-27843 - Critical (9.1)

A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recover...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27843/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-24T04:30:26.000Z ##

🚨 CVE-2026-27843: SenseLive X3050 (V1.523) CRITICAL vuln — missing auth lets attackers lock out users, causing full denial-of-service. No reset button; recovery needs console access. Restrict mgmt access & monitor configs. https://radar.offseq.com/threat/cve-2026-27843-cwe-306-missing-authentication-for--e4fcb515 #OffSeq #IoTSecurity #Vuln

##

CVE-2026-26150
(8.6 HIGH)

EPSS: 0.06%

updated 2026-04-24T00:31:58

2 posts

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

thehackerwire@mastodon.social at 2026-04-25T00:00:00.000Z ##

🟠 CVE-2026-26150 - High (8.6)

Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.

updated 2026-04-23T21:32:28

2 posts

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Matchbook3469@mastodon.social at 2026-04-24T23:08:14.000Z ##

🔴 New security advisory:

CVE-2026-6920 affects multiple systems.

• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems

updated 2026-04-23T21:31:29

1 posts

This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files with SYSTEM privileges. As a result, this condition potentially facilitates arbitrary code execution, whereby an attacker may exploit the vulnerability to execute malicious code with elevated SYSTEM privileges.

offseq@infosec.exchange at 2026-04-24T10:30:39.000Z ##

🛡️ CrowdStrike LogScale CRITICAL vuln (CVE-2026-40050): unauth path traversal — remote file read risk for self-hosted users. Tenable Nessus for Windows: HIGH vuln (CVE-2026-33694), file deletion & privilege escalation. Patch ASAP! https://radar.offseq.com/threat/vulnerabilities-patched-in-crowdstrike-tenable-pro-da7dee84 #OffSeq #Vuln #CrowdStrike #Tenable

##

CVE-2026-28950
(6.2 MEDIUM)

EPSS: 0.01%

updated 2026-04-23T21:16:05.527000

2 posts

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2. Notifications marked for deletion could be unexpectedly retained on the device.

updated 2026-04-23T18:33:23

1 posts

An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections.

certvde@infosec.exchange at 2026-04-23T13:35:32.000Z ##

#OT #Advisory VDE-2026-040
CODESYS EtherNetIP - Improper timeout handling

CODESYS EtherNet/IP is an add‑on for the CODESYS Development System that provides a fully integrated EtherNet/IP protocol stack along with diagnostic capabilities. A flaw in the EtherNet/IP adapter protocol stack library results in a vulnerability within the generated application code. When an EtherNet/IP adapter is configured, this vulnerable protocol stack is downloaded to and executed by CODESYS Control runtime systems.
#CVE CVE-2026-35225

https://certvde.com/en/advisories/vde-2026-040/
#oCSAF
#CSAF https://codesys.csaf-tp.certvde.com/.well-known/csaf/white/2026/advisory2026-04_vde-2026-040.json

##

CVE-2026-39440
(10.0 CRITICAL)

EPSS: 0.02%

updated 2026-04-23T15:39:02

1 posts

Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1.

thehackerwire@mastodon.social at 2026-04-23T19:40:07.000Z ##

🔴 CVE-2026-39440 - Critical (9.9)

Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-39440/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3844
(9.8 CRITICAL)

EPSS: 0.06%

updated 2026-04-23T14:28:55.557000

3 posts

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability can only be exploited

4 repos

https://github.com/tausifzaman/CVE-2026-3844

https://github.com/dinosn/CVE-2026-3844

https://github.com/im-hanzou/CVE-2026-3844

https://github.com/0xgh057r3c0n/CVE-2026-3844

beyondmachines1@infosec.exchange at 2026-04-24T11:01:09.000Z ##

Cloudways Patches Actively Exploited File Upload Flaw in Breeze Cache Plugin

Cloudways patched a critical vulnerability in the Breeze Cache WordPress plugin (CVE-2026-3844) that allows unauthenticated attackers to upload malicious files and execute remote code. The flaw is currently under active exploitation, but it requires a non-default setting to be enabled in order to be exploited.

**If you use the Breeze Cache WordPress plugin, update it to version 2.4.5 ASAP. If you can't update right away, disable the "Host Files Locally - Gravatars" setting as a temporary workaround until you can apply the update.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cloudways-patches-actively-exploited-file-upload-flaw-in-breeze-cache-plugin-e-w-c-7-u/gD2P6Ple2L

##

thehackerwire@mastodon.social at 2026-04-23T21:44:57.000Z ##

🔴 CVE-2026-3844 - Critical (9.8)

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetch_gravatar_from_remote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3844/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-23T03:00:30.000Z ##

🚩 CVE-2026-3844 (CRITICAL): Breeze Cache ≤2.4.4 lets unauthenticated attackers upload arbitrary files via 'fetch_gravatar_from_remote' if "Host Files Locally - Gravatars" is enabled. RCE possible. Check settings & update! https://radar.offseq.com/threat/cve-2026-3844-cwe-434-unrestricted-upload-of-file--8e6074b3 #OffSeq #WordPress #infosec

##

CVE-2026-33626
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-23T13:39:54.420000

7 posts

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networ

vitobotta@mastodon.social at 2026-04-25T12:28:05.000Z ##

Thirteen hours from disclosure to exploitation. CVE-2026-33626 in LMDeploy is an SSRF that hits cloud metadata and internal services. If you run LMDeploy, patch it.

##

hackerworkspace at 2026-04-25T06:25:19.265Z ##

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html

Read on HackerWorkspace: https://hackerworkspace.com/article/lmdeploy-cve-2026-33626-flaw-exploited-within-13-hours-of-disclosure

#cybersecurity #aisecurity #vulnerability

##

vitobotta@mastodon.social at 2026-04-25T12:28:05.000Z ##

Thirteen hours from disclosure to exploitation. CVE-2026-33626 in LMDeploy is an SSRF that hits cloud metadata and internal services. If you run LMDeploy, patch it.

##

hackerworkspace@infosec.exchange at 2026-04-25T06:25:19.000Z ##

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html

Read on HackerWorkspace: https://hackerworkspace.com/article/lmdeploy-cve-2026-33626-flaw-exploited-within-13-hours-of-disclosure

#cybersecurity #aisecurity #vulnerability

##

beyondmachines1@infosec.exchange at 2026-04-24T19:01:09.000Z ##

LMDeploy AI Inference Engine Exploited Hours After SSRF Disclosure

LMDeploy's vision-language module contains a high-severity SSRF vulnerability (CVE-2026-33626) that attackers exploited within 13 hours to scan internal networks and target cloud metadata. The flaw allows unauthenticated users to bypass network restrictions by providing malicious image URLs to the inference server.

**If you're running LMDeploy, immediately update to version 0.12.3 or later to patch the SSRF vulnerability (CVE-2026-33626). Also, enforce IMDSv2 with required session tokens on your cloud instances and restrict outbound network traffic from inference servers to block credential theft and internal scanning.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/lmdeploy-ai-inference-engine-exploited-hours-after-ssrf-disclosure-i-a-y-c-t/gD2P6Ple2L

##

_r_netsec@infosec.exchange at 2026-04-24T16:28:05.000Z ##

Exploit su LMDeploy CVE-2026-33626: attacco SSRF immediato dopo disclosure https://deafnews.it/article/exploit-su-lmdeploy-cve-2026-33626-attacco-ssrf-immediato-dopo-disclosure

##

campuscodi@mastodon.social at 2026-04-23T20:29:56.000Z ##

An SSRF bug in an LLM deployment server got exploited 12 hours after it was patched

https://www.sysdig.com/blog/cve-2026-33626-how-attackers-exploited-lmdeploy-llm-inference-engines-in-12-hours

##

CVE-2026-6887
(9.8 CRITICAL)

EPSS: 0.08%

updated 2026-04-23T12:31:45

3 posts

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

thehackerwire@mastodon.social at 2026-04-23T19:43:27.000Z ##

🔴 CVE-2026-6887 - Critical (9.8)

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6887/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-23T19:42:45.000Z ##

🔴 CVE-2026-6887 - Critical (9.8)

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6887/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

offseq@infosec.exchange at 2026-04-23T10:30:28.000Z ##

🚨 CRITICAL SQL Injection (CVE-2026-6887) in BorG SPM 2007: unauthenticated remote attackers can manipulate databases. No patch, product EOL. Isolate or discontinue use ASAP. Details: https://radar.offseq.com/threat/cve-2026-6887-cwe-89-improper-neutralization-of-sp-f0a62364 #OffSeq #SQLInjection #Vuln #InfoSec

##

CVE-2026-6885
(9.8 CRITICAL)

EPSS: 0.19%

updated 2026-04-23T12:31:45

1 posts

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

thehackerwire@mastodon.social at 2026-04-23T19:42:31.000Z ##

🔴 CVE-2026-6885 - Critical (9.8)

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6885/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34286
(9.1 CRITICAL)

EPSS: 0.05%

updated 2026-04-23T12:07:46.893000

2 posts

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion o

thehackerwire@mastodon.social at 2026-04-22T23:46:54.000Z ##

🔴 CVE-2026-34286 - Critical (9.1)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34286/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-22T23:31:03.000Z ##

🔴 CVE-2026-34286 - Critical (9.1)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34286/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34287
(9.1 CRITICAL)

EPSS: 0.05%

updated 2026-04-23T12:07:28.307000

1 posts

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion o

thehackerwire@mastodon.social at 2026-04-22T23:31:06.000Z ##

🔴 CVE-2026-34287 - Critical (9.1)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34287/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-33825
(7.8 HIGH)

EPSS: 3.30%

updated 2026-04-23T00:31:18

2 posts

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

3 repos

https://github.com/Letlaka/redsun-bluehammer-undefend-detection-pack

https://github.com/Bilal3755/Detecting_blue_hammer_vuln

https://github.com/kaleth4/CVE-2026-33825

Chris@mast.social at 2026-04-23T15:09:06.000Z ##

🛡️ Microsoft Defender Elevation of Privilege Vulnerability
Description

🛡️ Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

https://www.cve.org/CVERecord?id=CVE-2026-33825

#Cybersecurity #CISA #Security #Microsoft

##

christopherkunz@chaos.social at 2026-04-23T12:19:48.000Z ##

Just in: CVE-2026-33825 "BlueHammer" just hit the CISA KEV. Meanwhile, I'm not near my Windows PC, so I'm not sure if the Red Sun still prevails.

##

CVE-2026-41468
(8.7 HIGH)

EPSS: 0.07%

updated 2026-04-22T21:32:18

1 posts

Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution in operator browser sessions, enabling session hijacking, DOM manipulation, and persistent browser c

offseq@infosec.exchange at 2026-04-23T09:00:27.000Z ##

🛑 CVE-2026-41468: Beghelli SicuroWeb (Sicuro24) uses unmaintained AngularJS 1.5.2, allowing network-adjacent attackers to hijack sessions via MITM and template injection. Enforce HTTPS, monitor activity. No patch yet. More: https://radar.offseq.com/threat/cve-2026-41468-cwe-1104-use-of-unmaintained-third--1563ff90 #OffSeq #CVE202641468 #infosec

##

CVE-2026-40050
(9.8 CRITICAL)

EPSS: 0.27%

updated 2026-04-22T21:24:26.997000

2 posts

CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability (CVE-2026-40050) in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrar

beyondmachines1@infosec.exchange at 2026-04-24T20:01:09.000Z ##

CrowdStrike Patches Critical Path Traversal Vulnerability in LogScale

updated 2026-04-22T15:32:43

1 posts

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. While the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products (

thehackerwire@mastodon.social at 2026-04-23T00:00:05.000Z ##

🟠 CVE-2026-34291 - High (8.7)

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network ac...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34291/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34290
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-22T15:32:42

1 posts

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang

thehackerwire@mastodon.social at 2026-04-22T23:31:16.000Z ##

🟠 CVE-2026-34290 - High (7.5)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34290/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34297
(7.5 HIGH)

EPSS: 0.04%

updated 2026-04-22T15:31:40

2 posts

Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HCM Common Architecture. Successful attacks of this vulnerability can result in unauthorized access to

thehackerwire@mastodon.social at 2026-04-22T23:46:44.000Z ##

🟠 CVE-2026-34297 - High (7.5)

Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker w...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34297/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-22T23:30:54.000Z ##

🟠 CVE-2026-34297 - High (7.5)

Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker w...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34297/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-34285
(9.1 CRITICAL)

EPSS: 0.05%

updated 2026-04-22T15:31:39

1 posts

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion o

thehackerwire@mastodon.social at 2026-04-22T23:30:56.000Z ##

🔴 CVE-2026-34285 - Critical (9.1)

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network acc...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34285/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-3298(CVSS UNKNOWN)

EPSS: 0.05%

updated 2026-04-21T21:31:23

2 posts

The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer write if data was larger than the buffer size. Non-Windows platforms are not affected.

beyondmachines1 at 2026-04-25T08:01:09.669Z ##

Python asyncio Vulnerability Exposes Windows Systems to Remote Code Execution

A high-severity out-of-bounds write vulnerability (CVE-2026-3298) in Python's asyncio module on Windows allows remote attackers to cause memory corruption or execute arbitrary code. The flaw affects Python versions 3.11 through 3.14 and requires immediate patching or code-level mitigations.

**If you're running Python applications on Windows (versions 3.11 through 3.14) that use asyncio for network communication, upgrade to the latest patched Python version as soon as it's available. Until then, avoid using the sock_recvfrom_into() method with untrusted network traffic, and watch for unexpected crashes on your Windows Python servers.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-python-asyncio-vulnerability-exposes-windows-systems-to-remote-code-execution-e-o-n-y-1/gD2P6Ple2L

##

beyondmachines1@infosec.exchange at 2026-04-25T08:01:09.000Z ##

Python asyncio Vulnerability Exposes Windows Systems to Remote Code Execution

A high-severity out-of-bounds write vulnerability (CVE-2026-3298) in Python's asyncio module on Windows allows remote attackers to cause memory corruption or execute arbitrary code. The flaw affects Python versions 3.11 through 3.14 and requires immediate patching or code-level mitigations.

**If you're running Python applications on Windows (versions 3.11 through 3.14) that use asyncio for network communication, upgrade to the latest patched Python version as soon as it's available. Until then, avoid using the sock_recvfrom_into() method with untrusted network traffic, and watch for unexpected crashes on your Windows Python servers.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-python-asyncio-vulnerability-exposes-windows-systems-to-remote-code-execution-e-o-n-y-1/gD2P6Ple2L

##

CVE-2026-41066
(7.5 HIGH)

EPSS: 0.03%

updated 2026-04-21T20:38:47

1 posts

### Impact Using either of the two parsers in the default configuration (with `resolve_entities=True`) allows untrusted XML input to read local files. ### Patches lxml 6.1.0 changes the default to `resolve_entities='internal'`, thus disallowing local file access by default. ### Workarounds Setting the `resolve_entities` option explicitly to `resolve_entities='internal'` or `resolve_entities=Fals

thehackerwire@mastodon.social at 2026-04-24T19:44:51.000Z ##

🟠 CVE-2026-41066 - High (7.5)

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML input to read local files. Setting the resolve_ent...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41066/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41264(CVSS UNKNOWN)

EPSS: 0.22%

updated 2026-04-21T20:19:54

2 posts

## Abstract Trend Micro's Zero Day Initiative has identified a vulnerability affecting FlowiseAI Flowise. ## Vulnerability Details - **Version tested:** 3.0.13 - **Installer file:** https://github.com/FlowiseAI/Flowise - **Platform tested:** Ubuntu 25.10 ## Analysis This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise. Authenticat

thehackerwire@mastodon.social at 2026-04-25T01:59:53.000Z ##

🔴 CVE-2026-41264 - Critical (9.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSV_Agents class. The issue results from the lack of proper sandboxing when evaluating a...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41264/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-25T01:59:53.000Z ##

🔴 CVE-2026-41264 - Critical (9.8)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSV_Agents class. The issue results from the lack of proper sandboxing when evaluating a...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-41264/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

CVE-2026-41197(CVSS UNKNOWN)

EPSS: 0.04%

updated 2026-04-21T20:16:10

1 posts

## Description Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in `BrilligBlock::compile_block()`. When the compiler encounters an `Instruction::Call` with a `Value::ForeignFunction` target, it invokes `codegen_call()` in `brillig_call/code_gen_call.rs`, which dispatches to `convert_ssa_foreig

offseq@infosec.exchange at 2026-04-23T04:30:27.000Z ##

🚩 CRITICAL: CVE-2026-41197 in noir-lang noir (<1.0.0-beta.19). Incorrect buffer allocation for nested arrays can corrupt Brillig VM heap. Memory safety risk! Upgrade to 1.0.0-beta.19+ ASAP. https://radar.offseq.com/threat/cve-2026-41197-cwe-131-incorrect-calculation-of-bu-282b810c #OffSeq #NoirLang #CVE202641197 #AppSec

##

CVE-2026-5752
(9.3 CRITICAL)

EPSS: 0.02%

updated 2026-04-21T15:16:37.563000

2 posts

Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.

_r_netsec@infosec.exchange at 2026-04-24T14:28:05.000Z ##

Cohere Terrarium (CVE-2026-5752) and OpenAI Codex CLI (CVE-2025-59532): a cross-CVE analysis of AI code sandbox escapes https://blog.barrack.ai/pyodide-sandbox-escape-cohere-terrarium-openai-codex/

##

aisight@mastodon.social at 2026-04-23T18:35:36.000Z ##

Projekt Terrarium, który miał uruchamiać kod generowany przez modele AI w bezpiecznej piaskownicy, okazał się śmiertelną pułapką. Luka CVE-2026-5752 pozwala napastnikom na przejęcie pełnej kontroli nad systemem, a najgorsze jest to, że projekt nie jest już rozwijany.

#si #ai #sztucznainteligencja #wiadomości #informacje #technologia

https://aisight.pl/cyberbezpieczenstwo/krytyczna-dziura-w-terrarium-od-cohere-ai-sandbox-to-ser-szwajcarski/

##

CVE-2026-33824
(9.8 CRITICAL)

EPSS: 0.10%

updated 2026-04-17T19:21:23.993000

1 posts

Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.

2 repos

https://github.com/z3r0h3ro/CVE-2026-33824

https://github.com/kaleth4/CVE-2026-33824

thezdi@infosec.exchange at 2026-04-23T15:44:41.000Z ##

CVE-2026-33824: Remote Code Execution in Windows IKEv2 - the folks from TrendAI Research break down this wormable bug that was patched last week. The show root cause & offer detection guidance. Read the details as https://www.zerodayinitiative.com/blog/2026/4/22/cve-2026-33824-remote-code-execution-in-windows-ikev2

##

CVE-2026-34197
(8.8 HIGH)

EPSS: 65.27%

updated 2026-04-16T19:59:38.107000

2 posts

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) a

https://github.com/AtoposX-J/CVE-2026-34197-Apache-ActiveMQ-RCE

9 repos

https://github.com/KONDORDEVSECURITYCORP/CVE-2026-34197

https://github.com/hg0434hongzh0/CVE-2026-34197

https://github.com/xshysjhq/CVE-2026-34197-payload-Apache-ActiveMQ-

https://github.com/DEVSECURITYSPRO/CVE-2026-34197

https://github.com/keraattin/CVE-2026-34197

https://github.com/0xBlackash/CVE-2026-34197

https://github.com/dinosn/CVE-2026-34197

https://github.com/Catherines77/ActiveMQ-EXPtools

thehackerwire@mastodon.social at 2026-04-24T20:10:11.000Z ##

🟠 CVE-2026-40466 - High (8.8)

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.

An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a conne...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40466/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

thehackerwire@mastodon.social at 2026-04-24T20:10:11.000Z ##

🟠 CVE-2026-40466 - High (8.8)

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.

An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a conne...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40466/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

##

_r_netsec@infosec.exchange at 2026-04-23T18:28:05.000Z ##

CVE-2026-34621: Adobe Acrobat Reader zero-day was on VirusTotal for 136 days before Adobe named it a CVE https://nefariousplan.com/posts/adobe-acrobat-cve-2026-34621-detection-lie

##

CVE-2026-39987(CVSS UNKNOWN)

EPSS: 45.53%

updated 2026-04-09T19:06:18

2 posts

## Summary Marimo (19.6k stars) has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint `/terminal/ws` lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., `/ws`) that correctly call `validate_auth()` for authentication, the `/terminal/ws` endpoint only checks the

https://github.com/Nxploited/CVE-2026-39987

7 repos

https://github.com/mki9/CVE-2026-39987_exploit

https://github.com/keraattin/CVE-2026-39987

https://github.com/h3raklez/CVE-2026-39987

https://github.com/Dhiaelhak-Rached/CVE-2026-39987-lab-or-marimo-cve-lab

https://github.com/fevar54/marimo_CVE-2026-39987_RCE_PoC

https://github.com/0xBlackash/CVE-2026-39987

secdb@infosec.exchange at 2026-04-23T20:00:16.000Z ##

🚨 [CISA-2026:0423] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0423)

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2026-39987 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-39987)
- Name: Marimo Remote Code Execution Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Marimo
- Product: Marimo
- Notes: https://github.com/marimo-team/marimo/security/advisories/GHSA-2679-6mx9-h9xc ; https://nvd.nist.gov/vuln/detail/CVE-2026-39987

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260423 #cisa20260423 #cve_2026_39987 #cve202639987

##

cisakevtracker@mastodon.social at 2026-04-23T18:00:51.000Z ##

CVE ID: CVE-2026-39987
Vendor: Marimo
Product: Marimo
Date Added: 2026-04-23
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-39987

##

CVE-2025-15467
(8.8 HIGH)

EPSS: 0.70%

updated 2026-03-19T19:16:19.230000

1 posts

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encode

6 repos

https://github.com/WostGit/cve-2025-15467-crash

updated 2025-10-28T13:58:58.610000

2 posts

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials cou

threatnoir at 2026-04-25T15:09:49.914Z ##

⚠️ CRITICAL: FIRESTARTER Backdoor

APT actors deployed FIRESTARTER, a persistent Linux backdoor on Cisco Firepower and Secure Firewall devices via CVE-2025-20333 and CVE-2025-20362. The malware survives firmware patches and works with LINE VIPER to maintain remote access. Any organization running these devices is at risk of undetect…

##

threatnoir@infosec.exchange at 2026-04-25T15:09:49.000Z ##

⚠️ CRITICAL: FIRESTARTER Backdoor

APT actors deployed FIRESTARTER, a persistent Linux backdoor on Cisco Firepower and Secure Firewall devices via CVE-2025-20333 and CVE-2025-20362. The malware survives firmware patches and works with LINE VIPER to maintain remote access. Any organization running these devices is at risk of undetect…

##

CVE-2025-20362
(6.5 MEDIUM)

EPSS: 50.69%

updated 2025-10-22T00:34:26

2 posts

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints without authentication that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied i

threatnoir at 2026-04-25T15:09:49.914Z ##

⚠️ CRITICAL: FIRESTARTER Backdoor

APT actors deployed FIRESTARTER, a persistent Linux backdoor on Cisco Firepower and Secure Firewall devices via CVE-2025-20333 and CVE-2025-20362. The malware survives firmware patches and works with LINE VIPER to maintain remote access. Any organization running these devices is at risk of undetect…

##

threatnoir@infosec.exchange at 2026-04-25T15:09:49.000Z ##

⚠️ CRITICAL: FIRESTARTER Backdoor

APT actors deployed FIRESTARTER, a persistent Linux backdoor on Cisco Firepower and Secure Firewall devices via CVE-2025-20333 and CVE-2025-20362. The malware survives firmware patches and works with LINE VIPER to maintain remote access. Any organization running these devices is at risk of undetect…

##

CVE-2023-46805
(8.2 HIGH)

EPSS: 94.37%

updated 2025-10-22T00:34:00

1 posts

An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.

https://github.com/Chocapikk/CVE-2023-46805

9 repos

https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887

https://github.com/rxwx/pulse-meter

https://github.com/yoryio/CVE-2023-46805

https://github.com/Hexastrike/Ivanti-Connect-Secure-Logs-Parser

https://github.com/seajaysec/Ivanti-Connect-Around-Scan

https://github.com/cbeek-r7/CVE-2023-46805

https://github.com/raminkarimkhani1996/CVE-2023-46805_CVE-2024-21887

https://github.com/w2xim3/CVE-2023-46805

thecybermind@infosec.exchange at 2026-04-24T01:03:05.000Z ##

CVE-2023-46805 is actively exploited in Ivanti Connect Secure and Policy Secure gateways. When chained with CVE-2024-21887, attackers gain unauthenticated RCE and full VPN appliance compromise, posing critical enterprise perimeter risk.

Read the full threat brief:
https://thecybermind.co/i1n8

https://thecybermind.co/2026/04/23/ivanti-connect-secure-cve-2023-46805/?utm_source=mastodon&utm_medium=jetpack_social

##

CVE-2024-21887
(9.1 CRITICAL)

EPSS: 94.41%

updated 2025-10-22T00:32:59

1 posts

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.