| CVE | CVSS | EPSS | Posts | Repos | Nuclei | Updated | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-45163 | 9.1 | 0.11% | 2 | 0 | 2026-03-18T17:16:01.650000 | The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to t | |
| CVE-2026-30911 | 8.1 | 0.04% | 4 | 0 | 2026-03-18T16:33:18 | Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability | |
| CVE-2026-4208 | None | 0.05% | 1 | 0 | 2026-03-18T16:17:26 | The extension fails to properly reset the generated MFA code after successful au | |
| CVE-2026-22730 | 8.8 | 0.03% | 4 | 0 | 2026-03-18T16:16:26.157000 | A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionCon | |
| CVE-2026-22729 | 8.6 | 0.05% | 4 | 0 | 2026-03-18T16:16:25.990000 | A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConver | |
| CVE-2026-4258 | 7.5 | 0.02% | 3 | 0 | 2026-03-18T16:10:10 | All versions of the package sjcl are vulnerable to Improper Verification of Cryp | |
| CVE-2026-21994 | 9.8 | 0.04% | 3 | 1 | 2026-03-18T15:30:46 | Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation | |
| CVE-2026-28500 | 8.6 | 0.01% | 2 | 0 | 2026-03-18T15:16:29.450000 | Open Neural Network Exchange (ONNX) is an open standard for machine learning int | |
| CVE-2026-33058 | 0 | 0.03% | 2 | 0 | 2026-03-18T14:52:44.227000 | Kanboard is project management software focused on Kanban methodology. Versions | |
| CVE-2026-20643 | 5.4 | 0.02% | 9 | 1 | 2026-03-18T14:52:44.227000 | A cross-origin issue in the Navigation API was addressed with improved input val | |
| CVE-2026-25534 | 9.1 | 0.04% | 4 | 0 | 2026-03-18T14:52:44.227000 | ### Impact Spinnaker updated URL Validation logic on user input to provide sanit | |
| CVE-2026-30884 | 9.6 | 0.02% | 6 | 0 | 2026-03-18T14:52:44.227000 | mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically gene | |
| CVE-2026-32693 | 8.8 | 0.00% | 2 | 0 | 2026-03-18T14:52:44.227000 | In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" | |
| CVE-2026-32692 | 7.6 | 0.00% | 2 | 0 | 2026-03-18T14:52:44.227000 | An authorization bypass vulnerability in the Vault secrets back-end implementati | |
| CVE-2026-30922 | 7.5 | 0.04% | 2 | 0 | 2026-03-18T14:52:44.227000 | pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` libra | |
| CVE-2026-31938 | 9.6 | 0.04% | 4 | 0 | 2026-03-18T14:52:44.227000 | jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user | |
| CVE-2026-22319 | 4.9 | 0.04% | 2 | 0 | 2026-03-18T14:52:44.227000 | A stack-based buffer overflow in the device's file installation workflow allows | |
| CVE-2026-22321 | 5.3 | 0.04% | 2 | 0 | 2026-03-18T14:52:44.227000 | A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occur | |
| CVE-2026-22322 | 7.1 | 0.08% | 2 | 0 | 2026-03-18T14:52:44.227000 | A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation config | |
| CVE-2026-22318 | 4.9 | 0.04% | 2 | 0 | 2026-03-18T14:52:44.227000 | A stack-based buffer overflow vulnerability in the device's file transfer parame | |
| CVE-2026-32606 | 7.6 | 0.01% | 2 | 0 | 2026-03-18T14:52:44.227000 | IncusOS is an immutable OS image dedicated to running Incus. Prior to 2026031420 | |
| CVE-2026-32297 | 7.5 | 0.03% | 5 | 0 | 2026-03-18T14:52:44.227000 | The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary | |
| CVE-2026-1376 | 7.5 | 0.17% | 2 | 0 | 2026-03-18T14:52:44.227000 | IBM i 7.6 could allow a remote attacker to cause a denial of service using faile | |
| CVE-2026-32296 | 8.2 | 0.05% | 8 | 0 | 2026-03-18T14:52:44.227000 | Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without prope | |
| CVE-2026-4318 | 8.8 | 0.04% | 2 | 0 | 2026-03-18T14:52:44.227000 | A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is | |
| CVE-2025-64301 | 7.8 | 0.01% | 2 | 0 | 2026-03-18T14:52:44.227000 | An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Af | |
| CVE-2026-32298 | 9.1 | 0.04% | 4 | 0 | 2026-03-18T14:52:44.227000 | The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by | |
| CVE-2026-32295 | 7.5 | 0.03% | 1 | 0 | 2026-03-18T14:52:44.227000 | JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force att | |
| CVE-2026-32746 | 9.8 | 0.04% | 9 | 1 | 2026-03-18T14:16:40.673000 | telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMO | |
| CVE-2025-41258 | 8.0 | 0.03% | 2 | 0 | 2026-03-18T12:32:03 | LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechan | |
| CVE-2026-22320 | 6.5 | 0.04% | 2 | 0 | 2026-03-18T09:30:34 | A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling a | |
| CVE-2026-22316 | 6.5 | 0.09% | 2 | 0 | 2026-03-18T09:30:34 | A remote attacker with user privileges for the webUI can use the setting of the | |
| CVE-2026-22323 | 7.1 | 0.04% | 2 | 0 | 2026-03-18T09:30:34 | A CSRF vulnerability in the Link Aggregation configuration interface allows an u | |
| CVE-2026-22317 | 7.2 | 0.06% | 2 | 0 | 2026-03-18T09:30:28 | A command injection vulnerability in the device’s Root CA certificate transfer w | |
| CVE-2026-3888 | 7.8 | 0.01% | 16 | 1 | 2026-03-18T04:17:30.720000 | Local privilege escalation in snapd on Linux allows local attackers to get root | |
| CVE-2026-2603 | 8.1 | 0.17% | 2 | 2 | 2026-03-18T03:32:16 | A flaw was found in Keycloak. A remote attacker could bypass security controls b | |
| CVE-2026-2092 | 7.7 | 0.07% | 2 | 0 | 2026-03-18T03:32:16 | A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAM | |
| CVE-2026-22171 | None | 0.03% | 2 | 0 | 2026-03-18T01:25:44 | ## Summary OpenClaw’s Feishu media download flow used untrusted Feishu media ke | |
| CVE-2026-32841 | 8.1 | 0.09% | 4 | 0 | 2026-03-18T00:30:59 | Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication by | |
| CVE-2025-14031 | 7.5 | 0.07% | 2 | 0 | 2026-03-18T00:30:59 | IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6. | |
| CVE-2026-22727 | 7.5 | 0.02% | 2 | 0 | 2026-03-18T00:30:59 | Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, | |
| CVE-2026-32838 | 7.5 | 0.01% | 2 | 0 | 2026-03-18T00:30:59 | Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the w | |
| CVE-2026-4064 | 8.3 | 0.04% | 2 | 0 | 2026-03-17T21:31:53 | Missing authorization checks on multiple gRPC service endpoints in PowerShell Un | |
| CVE-2026-4295 | 7.8 | 0.01% | 2 | 0 | 2026-03-17T21:31:53 | Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supp | |
| CVE-2026-32981 | 7.5 | 0.07% | 2 | 0 | 2026-03-17T21:31:53 | A path traversal vulnerability was identified in Ray Dashboard (default port 826 | |
| CVE-2025-66342 | 7.8 | 0.01% | 2 | 0 | 2026-03-17T21:31:53 | A type confusion vulnerability exists in the EMF functionality of Canva Affinity | |
| CVE-2026-22182 | 7.5 | 0.08% | 1 | 0 | 2026-03-17T21:31:44 | wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerabili | |
| CVE-2026-4269 | 7.5 | 0.05% | 1 | 0 | 2026-03-17T20:34:22 | ## Summary An issue has been identified in the Bedrock AgentCore Starter Toolkit | |
| CVE-2026-22202 | 8.1 | 0.02% | 1 | 0 | 2026-03-17T20:24:54.670000 | wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that | |
| CVE-2026-28521 | 7.7 | 0.01% | 1 | 0 | 2026-03-17T20:24:33.687000 | arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vuln | |
| CVE-2026-32256 | 7.5 | 0.01% | 2 | 0 | 2026-03-17T20:04:49 | # Summary music-metadata's ASF parser (`parseExtensionObject()` in `lib/asf/Asf | |
| CVE-2026-32729 | 8.1 | 0.06% | 1 | 0 | 2026-03-17T19:01:54.250000 | Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/ | |
| CVE-2026-2923 | 7.8 | 0.06% | 1 | 0 | 2026-03-17T18:59:35.180000 | GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. | |
| CVE-2026-2922 | 7.8 | 0.06% | 1 | 0 | 2026-03-17T18:59:21.860000 | GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerabil | |
| CVE-2026-3081 | 7.8 | 0.06% | 1 | 0 | 2026-03-17T18:58:06.030000 | GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution V | |
| CVE-2026-3084 | 7.8 | 0.06% | 1 | 0 | 2026-03-17T18:57:37.060000 | GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerabili | |
| CVE-2026-30881 | 8.8 | 0.03% | 1 | 0 | 2026-03-17T18:52:41.947000 | Chamilo LMS is a learning management system. Version 1.11.34 and prior contains | |
| CVE-2026-4148 | 8.8 | 0.04% | 4 | 0 | 2026-03-17T18:30:38 | A use-after-free vulnerability can be triggered in sharded clusters by an authen | |
| CVE-2026-32292 | 7.5 | 0.03% | 3 | 0 | 2026-03-17T18:30:37 | The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enab | |
| CVE-2026-2673 | 7.5 | 0.03% | 1 | 0 | 2026-03-17T18:16:15.600000 | Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected pref | |
| CVE-2026-32267 | 9.8 | 0.03% | 1 | 0 | 2026-03-17T17:44:31.020000 | Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before | |
| CVE-2026-28779 | 7.5 | 0.07% | 2 | 0 | 2026-03-17T17:42:17.580000 | Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is | |
| CVE-2026-31898 | 8.1 | 0.03% | 2 | 1 | 2026-03-17T17:07:52 | ### Impact User control of arguments of the `createAnnotation` method allows us | |
| CVE-2026-31891 | 7.7 | 0.03% | 2 | 0 | 2026-03-17T17:07:43 | ### Impact This is a SQL Injection vulnerability in the MongoLite Aggregation O | |
| CVE-2026-3564 | 9.1 | 0.05% | 2 | 0 | 2026-03-17T15:36:34 | A condition in ScreenConnect may allow an actor with access to server-level cryp | |
| CVE-2026-0708 | 8.3 | 0.16% | 2 | 0 | 2026-03-17T14:20:01.670000 | A flaw was found in libucl. A remote attacker could exploit this by providing a | |
| CVE-2026-4254 | 9.8 | 0.05% | 2 | 0 | 2026-03-17T14:20:01.670000 | A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerabilit | |
| CVE-2025-69768 | 7.5 | 0.04% | 2 | 0 | 2026-03-17T14:20:01.670000 | SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker | |
| CVE-2026-23862 | 7.8 | 0.06% | 1 | 0 | 2026-03-17T14:20:01.670000 | Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutra | |
| CVE-2026-3838 | 8.8 | 1.17% | 2 | 0 | 2026-03-17T14:18:58.587000 | Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This v | |
| CVE-2026-4312 | 9.8 | 0.13% | 3 | 0 | 2026-03-17T09:31:33 | GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulne | |
| CVE-2026-2579 | 7.5 | 0.07% | 2 | 0 | 2026-03-17T03:30:22 | The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPre | |
| CVE-2026-32600 | 8.2 | 0.02% | 1 | 0 | 2026-03-16T22:01:36 | ### Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-25 | |
| CVE-2026-32313 | 8.2 | 0.02% | 1 | 0 | 2026-03-16T22:01:06 | ### Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256 | |
| CVE-2026-27962 | 9.1 | 0.06% | 2 | 0 | 2026-03-16T21:54:00 | ## Description ### Summary A JWK Header Injection vulnerability in `authlib`'s | |
| CVE-2025-69784 | 8.8 | 0.01% | 1 | 0 | 2026-03-16T21:35:35 | A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed | |
| CVE-2025-69809 | 9.8 | 0.04% | 2 | 0 | 2026-03-16T21:34:38 | A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticat | |
| CVE-2025-69808 | 9.1 | 0.07% | 1 | 0 | 2026-03-16T21:34:38 | An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unaut | |
| CVE-2026-32628 | 8.8 | 0.03% | 2 | 0 | 2026-03-16T20:33:27.493000 | AnythingLLM is an application that turns pieces of content into context that any | |
| CVE-2026-4252 | 9.8 | 0.14% | 2 | 0 | 2026-03-16T18:32:15 | A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue | |
| CVE-2025-62319 | 9.8 | 0.03% | 1 | 0 | 2026-03-16T18:32:14 | Boolean-Based SQL Injection is a type of blind SQL injection where an attacker m | |
| CVE-2025-47813 | 4.3 | 20.96% | 4 | 0 | template | 2026-03-16T18:32:03 | loginok.html in Wing FTP Server before 7.4.4 discloses the full local installati |
| CVE-2026-4092 | None | 1.01% | 1 | 1 | 2026-03-16T17:08:24 | ### Impact Allows an attacker to perform a "Path Traversal" attack to modify fil | |
| CVE-2026-29112 | 7.5 | 0.04% | 2 | 0 | 2026-03-16T16:15:34 | ### Impact The `ensureSize()` function in `@dicebear/converter` (versions < 9.4 | |
| CVE-2026-4182 | 9.8 | 0.06% | 2 | 0 | 2026-03-16T15:30:59 | A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unkn | |
| CVE-2026-4227 | 8.8 | 0.04% | 2 | 0 | 2026-03-16T15:30:58 | A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impac | |
| CVE-2026-4226 | 8.8 | 0.04% | 2 | 0 | 2026-03-16T15:30:58 | A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element | |
| CVE-2026-4213 | 8.8 | 0.08% | 1 | 0 | 2026-03-16T15:30:58 | A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS | |
| CVE-2026-4211 | 8.8 | 0.04% | 1 | 0 | 2026-03-16T15:30:58 | A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, D | |
| CVE-2026-4206 | 6.3 | 0.43% | 1 | 0 | 2026-03-16T15:30:58 | A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-32 | |
| CVE-2026-3083 | 8.8 | 0.36% | 1 | 0 | 2026-03-16T15:30:57 | GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. | |
| CVE-2026-3558 | 8.1 | 0.03% | 1 | 0 | 2026-03-16T15:30:57 | Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authenticat | |
| CVE-2026-3556 | 8.8 | 0.07% | 1 | 0 | 2026-03-16T15:30:57 | Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Exe | |
| CVE-2026-3555 | 8.0 | 0.05% | 1 | 0 | 2026-03-16T15:30:57 | Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflo | |
| CVE-2026-3476 | 7.8 | 0.02% | 1 | 0 | 2026-03-16T15:30:57 | A Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 202 | |
| CVE-2026-4163 | 9.8 | 0.16% | 4 | 0 | 2026-03-16T15:30:57 | A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects th | |
| CVE-2026-4201 | 7.3 | 0.04% | 1 | 0 | 2026-03-16T15:30:57 | A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040f | |
| CVE-2026-3085 | 8.8 | 0.25% | 1 | 0 | 2026-03-16T15:30:56 | GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerab | |
| CVE-2026-3082 | 7.8 | 0.06% | 1 | 0 | 2026-03-16T15:30:56 | GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerabi | |
| CVE-2026-4164 | 9.8 | 0.17% | 4 | 0 | 2026-03-16T15:30:56 | A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Del | |
| CVE-2026-3560 | 8.8 | 0.07% | 1 | 0 | 2026-03-16T15:30:56 | Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Re | |
| CVE-2026-4170 | 9.8 | 0.15% | 2 | 0 | 2026-03-16T15:30:56 | A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerabil | |
| CVE-2026-4183 | 9.8 | 0.06% | 3 | 0 | 2026-03-16T15:30:56 | A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected | |
| CVE-2026-4167 | 8.8 | 0.04% | 3 | 0 | 2026-03-16T15:30:56 | A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the funct | |
| CVE-2026-4172 | 7.2 | 0.04% | 1 | 0 | 2026-03-16T15:30:56 | A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an un | |
| CVE-2026-4169 | 2.4 | 0.03% | 1 | 0 | 2026-03-16T15:30:56 | A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is | |
| CVE-2026-28520 | 8.4 | 0.01% | 1 | 0 | 2026-03-16T15:30:55 | arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vul | |
| CVE-2026-28519 | 8.8 | 0.01% | 1 | 0 | 2026-03-16T15:30:55 | arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vuln | |
| CVE-2026-2476 | 7.6 | 0.03% | 1 | 0 | 2026-03-16T15:30:55 | Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configurat | |
| CVE-2026-2920 | 7.8 | 0.06% | 1 | 0 | 2026-03-16T15:30:55 | GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerabi | |
| CVE-2026-2921 | 7.8 | 0.06% | 1 | 0 | 2026-03-16T15:30:55 | GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. Thi | |
| CVE-2026-3086 | 7.8 | 0.06% | 1 | 2 | 2026-03-16T15:30:55 | GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerabi | |
| CVE-2026-3557 | 8.0 | 0.14% | 1 | 0 | 2026-03-16T15:30:55 | Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Ove | |
| CVE-2026-31386 | 7.2 | 0.16% | 1 | 0 | 2026-03-16T15:30:55 | OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an | |
| CVE-2026-1947 | 7.5 | 0.03% | 2 | 0 | 2026-03-16T15:30:54 | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vuln | |
| CVE-2025-13777 | 8.3 | 0.03% | 1 | 0 | 2026-03-16T14:54:11.293000 | Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, A | |
| CVE-2026-0957 | 7.8 | 0.01% | 1 | 0 | 2026-03-16T14:54:11.293000 | There is a memory corruption vulnerability due to an out-of-bounds write when lo | |
| CVE-2026-0954 | 7.8 | 0.01% | 1 | 0 | 2026-03-16T14:54:11.293000 | There is a memory corruption vulnerability due to an out-of-bounds write when lo | |
| CVE-2026-2493 | 7.5 | 10.28% | 1 | 0 | 2026-03-16T14:53:07.390000 | IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. | |
| CVE-2026-32616 | 8.2 | 0.03% | 1 | 0 | 2026-03-16T14:53:07.390000 | Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the appl | |
| CVE-2026-32614 | 7.5 | 0.02% | 1 | 0 | 2026-03-16T14:53:07.390000 | Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library t | |
| CVE-2026-3559 | 8.1 | 0.03% | 1 | 0 | 2026-03-16T14:53:07.390000 | Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass | |
| CVE-2026-3561 | 8.0 | 0.11% | 1 | 0 | 2026-03-16T14:53:07.390000 | Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code | |
| CVE-2026-4181 | 9.8 | 0.06% | 2 | 0 | 2026-03-16T14:53:07.390000 | A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an | |
| CVE-2026-4188 | 8.8 | 0.04% | 3 | 0 | 2026-03-16T14:53:07.390000 | A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected ele | |
| CVE-2026-4184 | 9.8 | 0.06% | 2 | 0 | 2026-03-16T14:53:07.390000 | A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulne | |
| CVE-2026-4214 | 8.8 | 0.04% | 2 | 0 | 2026-03-16T14:53:07.390000 | A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, | |
| CVE-2026-4212 | 8.8 | 0.04% | 2 | 0 | 2026-03-16T14:53:07.390000 | A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L | |
| CVE-2026-4255 | 0 | 0.02% | 1 | 0 | 2026-03-16T14:53:07.390000 | A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Win | |
| CVE-2026-4187 | 5.3 | 0.06% | 1 | 0 | 2026-03-16T14:53:07.390000 | A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7. | |
| CVE-2026-26792 | 9.8 | 0.96% | 1 | 0 | 2026-03-16T14:18:27.230000 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection | |
| CVE-2026-3909 | 8.8 | 33.06% | 7 | 0 | 2026-03-13T22:00:01.403000 | Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a re | |
| CVE-2026-26795 | 9.8 | 0.96% | 1 | 0 | 2026-03-13T21:32:49 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulner | |
| CVE-2026-26791 | 9.8 | 0.96% | 1 | 0 | 2026-03-13T21:32:49 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulner | |
| CVE-2026-3910 | 8.8 | 23.21% | 5 | 0 | 2026-03-13T21:32:01 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allow | |
| CVE-2026-22193 | 8.1 | 0.03% | 1 | 0 | 2026-03-13T21:31:58 | wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubs | |
| CVE-2026-0956 | 7.8 | 0.01% | 1 | 0 | 2026-03-13T21:31:57 | There is a memory corruption vulnerability due to an out-of-bounds read when loa | |
| CVE-2026-0955 | 7.8 | 0.01% | 1 | 0 | 2026-03-13T21:31:57 | There is a memory corruption vulnerability due to an out-of-bounds read when loa | |
| CVE-2026-25817 | 8.8 | 0.29% | 1 | 0 | 2026-03-13T21:31:57 | HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx b | |
| CVE-2025-13779 | 8.3 | 0.03% | 1 | 0 | 2026-03-13T21:31:49 | Missing authentication for critical function vulnerability in ABB AWIN GW100 rev | |
| CVE-2026-32621 | 9.9 | 0.03% | 1 | 0 | 2026-03-13T20:51:15 | ### Impact A vulnerability exists in query plan execution within the gateway th | |
| CVE-2026-25185 | 5.3 | 0.10% | 1 | 0 | 2026-03-13T16:47:45.940000 | Exposure of sensitive information to an unauthorized actor in Windows Shell Link | |
| CVE-2026-26793 | 9.8 | 0.96% | 1 | 0 | 2026-03-12T21:35:01 | GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command injection vulner | |
| CVE-2026-32136 | 9.8 | 0.79% | 2 | 0 | 2026-03-12T14:47:49 | VULNERABILITY: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass ============ | |
| CVE-2026-1965 | 6.5 | 0.05% | 1 | 0 | 2026-03-11T15:32:59 | libcurl can in some circumstances reuse the wrong connection when asked to do an | |
| CVE-2026-26130 | 7.5 | 1.59% | 1 | 0 | 2026-03-11T13:53:20.707000 | Allocation of resources without limits or throttling in ASP.NET Core allows an u | |
| CVE-2026-2413 | 7.5 | 14.93% | 2 | 3 | template | 2026-03-11T06:31:47 | The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to S |
| CVE-2025-15576 | 7.5 | 0.01% | 2 | 0 | 2026-03-10T21:33:20 | If two sibling jails are restricted to separate filesystem trees, which is to sa | |
| CVE-2025-14558 | 7.2 | 50.69% | 1 | 2 | 2026-03-09T15:30:47 | The rtsol(8) and rtsold(8) programs do not validate the domain search list optio | |
| CVE-2026-20122 | 5.4 | 0.04% | 2 | 0 | 2026-03-04T21:25:22.193000 | A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authe | |
| CVE-2026-20126 | 8.8 | 0.04% | 2 | 0 | 2026-03-04T21:21:49.053000 | A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, l | |
| CVE-2026-20128 | 7.5 | 0.02% | 2 | 0 | 2026-03-04T21:13:56.113000 | A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD- | |
| CVE-2026-27205 | 4.3 | 0.03% | 1 | 0 | 2026-02-24T21:59:52.183000 | Flask is a web server gateway interface (WSGI) web application framework. In ver | |
| CVE-2025-43520 | 7.1 | 0.02% | 4 | 0 | 2025-12-16T20:58:26.750000 | A memory corruption issue was addressed with improved memory handling. This issu | |
| CVE-2025-30201 | 7.7 | 0.28% | 1 | 0 | 2025-12-02T16:45:54.357000 | Wazuh is a free and open source platform used for threat prevention, detection, | |
| CVE-2025-32463 | 9.4 | 26.52% | 1 | 82 | 2025-10-22T00:34:26 | Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswi | |
| CVE-2025-59284 | 3.3 | 0.04% | 2 | 1 | 2025-10-14T18:30:47 | Exposure of sensitive information to an unauthorized actor in Windows NTLM allow | |
| CVE-2026-0667 | 0 | 0.00% | 2 | 0 | N/A | ||
| CVE-2026-24901 | 0 | 0.03% | 6 | 0 | N/A | ||
| CVE-2026-25749 | 0 | 0.01% | 1 | 0 | N/A | ||
| CVE-2026-25770 | 0 | 0.09% | 1 | 0 | N/A | ||
| CVE-2026-25769 | 0 | 0.42% | 1 | 1 | N/A | ||
| CVE-2026-23489 | 0 | 0.06% | 2 | 0 | N/A | ||
| CVE-2026-28430 | 0 | 0.08% | 1 | 0 | N/A | ||
| CVE-2026-30875 | 0 | 0.15% | 1 | 0 | N/A | ||
| CVE-2026-32627 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-32626 | 0 | 0.14% | 1 | 0 | N/A | ||
| CVE-2026-32708 | 0 | 0.02% | 1 | 0 | N/A | ||
| CVE-2026-31852 | 0 | 0.10% | 1 | 0 | N/A | ||
| CVE-2026-25646 | 0 | 0.07% | 1 | 0 | N/A | ||
| CVE-2026-26969 | 0 | 0.00% | 1 | 0 | N/A | ||
| CVE-2026-32133 | 0 | 0.04% | 1 | 0 | N/A |
updated 2026-03-18T17:16:01.650000
2 posts
CVE-2024-45163: Remote DoS in Mirai C2 – research writeup + what it led me to build https://flowtriq.com/blog/cve-2024-45163
##updated 2026-03-18T16:33:18
4 posts
🟠 CVE-2026-30911 - High (8.1)
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30911/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30911 - High (8.1)
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30911/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30911 - High (8.1)
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30911/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30911 - High (8.1)
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30911/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T16:17:26
1 posts
⚠️ HIGH severity: CVE-2026-4208 in TYPO3 "E-Mail MFA Provider" lets attackers bypass MFA by reusing/omitting codes due to faulty state reset. Patch or disable the extension and monitor logs for abuse. https://radar.offseq.com/threat/cve-2026-4208-cwe-639-in-typo3-extension-e-mail-mf-74236ea3 #OffSeq #TYPO3 #MFA #Vuln
##updated 2026-03-18T16:16:26.157000
4 posts
🚨 CVE-2026-22730: HIGH-severity SQL injection in VMware Spring AI (1.0.x, 1.1.x) lets users with limited privileges run arbitrary SQL via MariaDBFilterExpressionConverter. Patch ASAP & harden input validation! https://radar.offseq.com/threat/cve-2026-22730-vulnerability-in-vmware-spring-ai-ddcf48d5 #OffSeq #VMware #SQLi #Infosec
##🟠 CVE-2026-22730 - High (8.8)
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands.
The vulnerability exists due to missing input sanitization.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22730/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-22730: HIGH-severity SQL injection in VMware Spring AI (1.0.x, 1.1.x) lets users with limited privileges run arbitrary SQL via MariaDBFilterExpressionConverter. Patch ASAP & harden input validation! https://radar.offseq.com/threat/cve-2026-22730-vulnerability-in-vmware-spring-ai-ddcf48d5 #OffSeq #VMware #SQLi #Infosec
##🟠 CVE-2026-22730 - High (8.8)
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands.
The vulnerability exists due to missing input sanitization.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22730/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T16:16:25.990000
4 posts
🟠 CVE-2026-22729 - High (8.6)
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22729/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔒 HIGH: CVE-2026-22729 in VMware Spring AI (1.0.x, 1.1.x) enables JSONPath injection, letting authenticated users bypass access controls and access sensitive docs. Patch or sanitize input! https://radar.offseq.com/threat/cve-2026-22729-vulnerability-in-vmware-spring-ai-96356f4f #OffSeq #SpringAI #CVE202622729 #AppSec
##🟠 CVE-2026-22729 - High (8.6)
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22729/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔒 HIGH: CVE-2026-22729 in VMware Spring AI (1.0.x, 1.1.x) enables JSONPath injection, letting authenticated users bypass access controls and access sensitive docs. Patch or sanitize input! https://radar.offseq.com/threat/cve-2026-22729-vulnerability-in-vmware-spring-ai-96356f4f #OffSeq #SpringAI #CVE202622729 #AppSec
##updated 2026-03-18T16:10:10
3 posts
🟠 CVE-2026-4258 - High (7.5)
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4258/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4258 - High (7.5)
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending crafted o...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4258/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-4258 (HIGH): All sjcl versions affected by lack of public key validation could let remote attackers recover ECDH private keys. No patch yet — audit sjcl use, validate keys, avoid dhJavaEc()! https://radar.offseq.com/threat/cve-2026-4258-improper-verification-of-cryptograph-603f7543 #OffSeq #Vuln #sjcl #Cryptography #Infosec
##updated 2026-03-18T15:30:46
3 posts
1 repos
🔴 New security advisory:
CVE-2026-21994 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-21994-oracle-edge-cloud-infrastructure-designer-toolkit-critical
🔴 CVE-2026-21994 - Critical (9.8)
Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21994/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-21994 - Critical (9.8)
Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21994/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T15:16:29.450000
2 posts
🟠 CVE-2026-28500 - High (8.6)
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification m...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28500/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28500 - High (8.6)
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification m...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28500/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
2 posts
Published the writeup for the authenticated SQL injection vulnerability in Kanboard - CVE-2026-33058.
https://0dave.ch/posts/cve-2026-33058/
https://www.cve.org/CVERecord?id=CVE-2026-33058
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh
Published the writeup for the authenticated SQL injection vulnerability in Kanboard - CVE-2026-33058.
https://0dave.ch/posts/cve-2026-33058/
https://www.cve.org/CVERecord?id=CVE-2026-33058
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh
updated 2026-03-18T14:52:44.227000
9 posts
1 repos
Apparently just affects the 26’s ?support.apple.com/en-us/126604 / CVE-2026-20643
##Apple has introduced a new update system called Background Security Improvements for delivering faster, lightweight security patches across its platforms.
The first update using this mechanism addressed CVE-2026-20643, a WebKit cross-origin vulnerability that could be exploited through malicious web content.
##The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit's Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted web content. https://thehackernews.com/2026/03/apple-fixes-webkit-vulnerability.html
##“Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade.”
##Apple pushes first Background Security Improvements update to fix WebKit flaw
Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs...
🔗️ [Bleepingcomputer] https://link.is.it/9V9yPV
##iPhone/iPad/Macに脆弱性、Appleが「バックグラウンドセキュリティ改善」を実施/クロスオリジン問題「CVE-2026-20643」を解決
https://forest.watch.impress.co.jp/docs/news/2094087.html
#forest_watch_impress #Apple #iOS #iPadOS #セキュリティ #脆弱性 #システム_ファイル #システム
##The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit's Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted web content. https://thehackernews.com/2026/03/apple-fixes-webkit-vulnerability.html
##“Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade.”
##Apple pushes first Background Security Improvements update to fix WebKit flaw
Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs...
🔗️ [Bleepingcomputer] https://link.is.it/9V9yPV
##updated 2026-03-18T14:52:44.227000
4 posts
⛔ New security advisory:
CVE-2026-25534 affects multiple systems.
• Impact: Remote code execution or complete system compromise possible
• Risk: Attackers can gain full control of affected systems
• Mitigation: Patch immediately or isolate affected systems
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-25534-spinnaker-url-validation-bypass
🚨 CRITICAL: CVE-2026-25534 SSRF in Spinnaker clouddriver-artifacts. Versions <2025.2.4 & select 2025.x allow SSRF via URL validation bypass. Patch to 2025.2.4+, 2025.3.1, 2025.4.1, or 2026.0.0 ASAP! Details: https://radar.offseq.com/threat/cve-2026-25534-cwe-918-server-side-request-forgery-618622b4 #OffSeq #SSRF #Spinnaker
##🚨 CRITICAL: CVE-2026-25534 SSRF in Spinnaker clouddriver-artifacts. Versions <2025.2.4 & select 2025.x allow SSRF via URL validation bypass. Patch to 2025.2.4+, 2025.3.1, 2025.4.1, or 2026.0.0 ASAP! Details: https://radar.offseq.com/threat/cve-2026-25534-cwe-918-server-side-request-forgery-618622b4 #OffSeq #SSRF #Spinnaker
##🔴 CVE-2026-25534 - Critical (9.1)
### Impact
Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25534/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
6 posts
🔴 CVE-2026-30884 - Critical (9.6)
mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30884/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30884 - Critical (9.6)
mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30884/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CRITICAL: CVE-2026-30884 in mdjnelson moodle-mod_customcert (<4.4.9, 5.0.0 – 5.0.3) enables cross-course certificate tampering by teachers. Update to 4.4.9/5.0.3+ and review permissions. https://radar.offseq.com/threat/cve-2026-30884-cwe-639-authorization-bypass-throug-1e3f429f #OffSeq #Moodle #Infosec #Vulnerability
##🔴 CVE-2026-30884 - Critical (9.6)
mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30884/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-30884 - Critical (9.6)
mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30884/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CRITICAL: CVE-2026-30884 in mdjnelson moodle-mod_customcert (<4.4.9, 5.0.0 – 5.0.3) enables cross-course certificate tampering by teachers. Update to 4.4.9/5.0.3+ and review permissions. https://radar.offseq.com/threat/cve-2026-30884-cwe-639-authorization-bypass-throug-1e3f429f #OffSeq #Moodle #Infosec #Vulnerability
##updated 2026-03-18T14:52:44.227000
2 posts
🟠 CVE-2026-32693 - High (8.8)
In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool lo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32693/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32693 - High (8.8)
In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool lo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32693/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
2 posts
🟠 CVE-2026-32692 - High (7.6)
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attack...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32692/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32692 - High (7.6)
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attack...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32692/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
2 posts
🟠 CVE-2026-30922 - High (7.5)
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-30922 - High (7.5)
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
4 posts
🔴 CVE-2026-31938 - Critical (9.6)
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the `output` function allows attackers to inject arbitrary HTML (such as scripts) into the browser context the created PDF is open...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31938/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL XSS (CVE-2026-31938) in parallax jsPDF <4.2.1 allows attackers to inject scripts via PDF options — exploited when victims open crafted PDFs. Upgrade to 4.2.1+ ASAP! https://radar.offseq.com/threat/cve-2026-31938-cwe-79-improper-neutralization-of-i-32085433 #OffSeq #XSS #jsPDF #Infosec
##🔴 CVE-2026-31938 - Critical (9.6)
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the `output` function allows attackers to inject arbitrary HTML (such as scripts) into the browser context the created PDF is open...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31938/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL XSS (CVE-2026-31938) in parallax jsPDF <4.2.1 allows attackers to inject scripts via PDF options — exploited when victims open crafted PDFs. Upgrade to 4.2.1+ ASAP! https://radar.offseq.com/threat/cve-2026-31938-cwe-79-improper-neutralization-of-i-32085433 #OffSeq #XSS #jsPDF #Infosec
##updated 2026-03-18T14:52:44.227000
2 posts
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
###OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
##updated 2026-03-18T14:52:44.227000
2 posts
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
###OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
##updated 2026-03-18T14:52:44.227000
2 posts
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
###OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
##updated 2026-03-18T14:52:44.227000
2 posts
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
###OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
##updated 2026-03-18T14:52:44.227000
2 posts
🟠 CVE-2026-32606 - High (7.6)
IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32606/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32606 - High (7.6)
IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypte...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32606/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
5 posts
🚨 CVE-2026-32297 (CRITICAL, CVSS 9.3): ANGEET ES3 KVM allows unauthenticated remote file writes — attackers can take full control. Isolate & restrict access immediately. No patch yet. Details: https://radar.offseq.com/threat/cve-2026-32297-cwe-306-missing-authentication-for--72cb42a6 #OffSeq #CVE202632297 #KVM #Vuln #Infosec
##🚨 CVE-2026-32297 (CRITICAL, CVSS 9.3): ANGEET ES3 KVM allows unauthenticated remote file writes — attackers can take full control. Isolate & restrict access immediately. No patch yet. Details: https://radar.offseq.com/threat/cve-2026-32297-cwe-306-missing-authentication-for--72cb42a6 #OffSeq #CVE202632297 #KVM #Vuln #Infosec
##🟠 CVE-2026-32297 - High (7.5)
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32297/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32297 - High (7.5)
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32297/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32297 - High (7.5)
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32297/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
2 posts
🟠 CVE-2026-1376 - High (7.5)
IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1376/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-1376 - High (7.5)
IBM i 7.6 could allow a remote attacker to cause a denial of service using failed authentication connections due to improper allocation of resources.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1376/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
8 posts
🟠 CVE-2026-32296 - High (8.2)
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32296/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32296 - High (8.2)
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32296/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32296 - High (8.2)
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32296/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32296 - High (8.2)
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32296/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32296 - High (8.2)
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32296/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32296 - High (8.2)
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32296/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32296 - High (8.2)
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32296/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32296 - High (8.2)
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32296/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
2 posts
🟠 CVE-2026-4318 - High (8.8)
A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buffer overflow. The attack can be initiated remot...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4318 - High (8.8)
A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buffer overflow. The attack can be initiated remot...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4318/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
2 posts
🟠 CVE-2025-64301 - High (7.8)
An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code exec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64301/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-64301 - High (7.8)
An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code exec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-64301/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
4 posts
🔴 CVE-2026-32298 - Critical (9.1)
The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32298/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32298 - Critical (9.1)
The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32298/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32298 - Critical (9.1)
The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32298/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32298 - Critical (9.1)
The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32298/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:52:44.227000
1 posts
🟠 CVE-2026-32295 - High (7.5)
JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32295/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T14:16:40.673000
9 posts
1 repos
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html
##CVE-2026-32746 : les serveurs Linux menacés par une nouvelle faille Telnet https://www.it-connect.fr/cve-2026-32746-les-serveurs-linux-menaces-par-une-nouvelle-faille-telnet/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Linux
##Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23 https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html
##Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html
Short summary: https://hackerworkspace.com/article/critical-unpatched-telnetd-flaw-cve-2026-32746-enables-unauthenticated-root-rce-via-port-23
##Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html
##CVE-2026-32746 : les serveurs Linux menacés par une nouvelle faille Telnet https://www.it-connect.fr/cve-2026-32746-les-serveurs-linux-menaces-par-une-nouvelle-faille-telnet/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Linux
##Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23 https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html
##Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.html
Short summary: https://hackerworkspace.com/article/critical-unpatched-telnetd-flaw-cve-2026-32746-enables-unauthenticated-root-rce-via-port-23
##updated 2026-03-18T12:32:03
2 posts
🟠 CVE-2025-41258 - High (8)
LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41258/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-41258 - High (8)
LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-41258/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T09:30:34
2 posts
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
###OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
##updated 2026-03-18T09:30:34
2 posts
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
###OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
##updated 2026-03-18T09:30:34
2 posts
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
###OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
##updated 2026-03-18T09:30:28
2 posts
#OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
###OT #Advisory VDE-2025-104
Phoenix Contact: Multiple Vulnerabilities in FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx Firmware
Multiple vulnerabilities have been identified in the FL SWITCH 2xxx, FL SWITCH TSN 23xx and FL SWITCH 59xx firmware prior to version 3.53. One of these (CVE-2026-22317) enables an attacker to execute system commands as root user on the device. Five other vulnerabilities (CVE-2026-22316, CVE-2026-22318, CVE-2026-22319, CVE-2026-22320 and CVE-2026-22321) are related to Denial of Service (DoS) attacks, which partly limit the device's functionality. Another vulnerability (CVE-2026-22322) relates to reflected cross-site scripting in the web-based management of the device. And one vulnerability (CVE-2026-22323) relates to Cross‑Site Request Forgery in the web-based management of the device. All vulnerabilities have been resolved in firmware version 3.53.
#CVE CVE-2026-22317, CVE-2026-22323, CVE-2026-22322, CVE-2026-22320, CVE-2026-22316, CVE-2026-22321, CVE-2026-22319, CVE-2026-22318
https://certvde.com/en/advisories/vde-2025-104/
#CSAF https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2025-104.json
##updated 2026-03-18T04:17:30.720000
16 posts
1 repos
https://github.com/fevar54/CVE-2026-3888-POC-all-from-the-Qualys-platform.
CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
#CVE_2026_3888
https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
Global tensions heighten as the US-Iran conflict escalates, impacting oil markets via the Strait of Hormuz (March 18). Technology sees continued rapid AI advancement, with OpenAI's GPT-5.4 and Anthropic's Claude Sonnet 4.6 released (March 17). In cybersecurity, the EU sanctioned private cyber offensive groups (March 17), and a critical Ubuntu privilege escalation flaw (CVE-2026-3888) was discovered (March 18). AI-driven threats also increasingly impact M&A security.
##Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html
##Critical Ubuntu flaw (CVE-2026-3888) enables local root escalation via Snap.
Delayed exploit (10–30 days) makes detection harder.
Patch snapd immediately.
https://www.technadu.com/critical-cve-2026-3888-vulnerability-exposes-ubuntu-to-root-escalation/623670/
CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit https://securityaffairs.com/189614/security/cve-2026-3888-ubuntu-desktop-24-04-vulnerable-to-root-exploit.html
##[lien] CVE-2026-3888 : quand le nettoyage système d'Ubuntu offre un accès root #security #gik #deb #wtf
##CVE-2026-3888 : quand le nettoyage système d’Ubuntu offre un accès root https://www.it-connect.fr/cve-2026-3888-quand-le-nettoyage-systeme-dubuntu-offre-un-acces-root/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Linux
##Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html
🟠 CVE-2026-3888 - High (7.8)
Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LT...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3888/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
#CVE_2026_3888
https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root
Global tensions heighten as the US-Iran conflict escalates, impacting oil markets via the Strait of Hormuz (March 18). Technology sees continued rapid AI advancement, with OpenAI's GPT-5.4 and Anthropic's Claude Sonnet 4.6 released (March 17). In cybersecurity, the EU sanctioned private cyber offensive groups (March 17), and a critical Ubuntu privilege escalation flaw (CVE-2026-3888) was discovered (March 18). AI-driven threats also increasingly impact M&A security.
##Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit https://thehackernews.com/2026/03/ubuntu-cve-2026-3888-bug-lets-attackers.html
##Critical Ubuntu flaw (CVE-2026-3888) enables local root escalation via Snap.
Delayed exploit (10–30 days) makes detection harder.
Patch snapd immediately.
https://www.technadu.com/critical-cve-2026-3888-vulnerability-exposes-ubuntu-to-root-escalation/623670/
CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit https://securityaffairs.com/189614/security/cve-2026-3888-ubuntu-desktop-24-04-vulnerable-to-root-exploit.html
##CVE-2026-3888 : quand le nettoyage système d’Ubuntu offre un accès root https://www.it-connect.fr/cve-2026-3888-quand-le-nettoyage-systeme-dubuntu-offre-un-acces-root/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Linux
##🟠 CVE-2026-3888 - High (7.8)
Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LT...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3888/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T03:32:16
2 posts
2 repos
https://github.com/piiiico/mcp-check
https://github.com/mbanyamer/CVE-2026-26030-Microsoft-Semantic-Kernel-1.39.4-RCE
🟠 CVE-2026-2603 - High (8.1)
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to com...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2603/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2603 - High (8.1)
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to com...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2603/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T03:32:16
2 posts
🟠 CVE-2026-2092 - High (7.7)
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2092/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2092 - High (7.7)
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exp...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2092/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T01:25:44
2 posts
🟠 CVE-2026-22171 - High (8.2)
OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can con...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22171/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22171 - High (8.2)
OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can con...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22171/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T00:30:59
4 posts
⚠️ CRITICAL: Edimax GS-5008PL (≤1.00.54) has an auth bypass flaw (CVE-2026-32841). Attackers can gain admin access with no creds after any login. Isolate devices, restrict access, monitor logs — patch ASAP when available. https://radar.offseq.com/threat/cve-2026-32841-cwe-1108-excessive-reliance-on-glob-a4b3dee3 #OffSeq #CVE202632841 #IoTSecurity
##🟠 CVE-2026-32841 - High (8.1)
Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain adm...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32841/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: Edimax GS-5008PL (≤1.00.54) has an auth bypass flaw (CVE-2026-32841). Attackers can gain admin access with no creds after any login. Isolate devices, restrict access, monitor logs — patch ASAP when available. https://radar.offseq.com/threat/cve-2026-32841-cwe-1108-excessive-reliance-on-glob-a4b3dee3 #OffSeq #CVE202632841 #IoTSecurity
##🟠 CVE-2026-32841 - High (8.1)
Edimax GS-5008PL firmware version 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain adm...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32841/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T00:30:59
2 posts
🟠 CVE-2025-14031 - High (7.5)
IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14031/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-14031 - High (7.5)
IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes th...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14031/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T00:30:59
2 posts
🟠 CVE-2026-22727 - High (7.5)
Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22727/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-22727 - High (7.5)
Unprotected internal endpoints in Cloud Foundry Capi Release 1.226.0 and below, and CF Deployment v54.9.0 and below on all platforms allows any user who has bypassed the firewall to potentially replace droplets and therefore applications allowing ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22727/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-18T00:30:59
2 posts
🟠 CVE-2026-32838 - High (7.5)
Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32838/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32838 - High (7.5)
Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32838/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T21:31:53
2 posts
🟠 CVE-2026-4064 - High (8.3)
Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4064/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4064 - High (8.3)
Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4064/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T21:31:53
2 posts
🟠 CVE-2026-4295 - High (7.8)
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4295/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4295 - High (7.8)
Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4295/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T21:31:53
2 posts
🟠 CVE-2026-32981 - High (7.5)
A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traver...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32981/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32981 - High (7.5)
A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traver...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32981/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T21:31:53
2 posts
🟠 CVE-2025-66342 - High (7.8)
A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66342/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-66342 - High (7.8)
A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66342/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T21:31:44
1 posts
🟠 CVE-2026-22182 - High (7.5)
wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. Attackers can repeatedly call the wpdiscuz-ajax....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22182/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T20:34:22
1 posts
🟠 CVE-2026-4269 - High (7.5)
A missing S3 ownership verification in the Bedrock AgentCore Starter Toolkit before version v0.1.13 may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. This issue only affects users...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4269/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T20:24:54.670000
1 posts
🟠 CVE-2026-22202 - High (8.1)
wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomme...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22202/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T20:24:33.687000
1 posts
🟠 CVE-2026-28521 - High (7.7)
arduino-TuyaOpen before version 1.2.1 contains an out-of-bounds memory read vulnerability in the TuyaIoT component. An attacker who hijacks or controls the Tuya cloud service can issue malicious DP event data to victim devices, causing out-of-boun...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28521/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T20:04:49
2 posts
🟠 CVE-2026-32256 - High (7.5)
music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser (`parseExtensionObject()` in `lib/asf/AsfParser.ts:112-158`) enters an infinite loop when a sub-object inside the ASF Header...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32256/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32256 - High (7.5)
music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser (`parseExtensionObject()` in `lib/asf/AsfParser.ts:112-158`) enters an infinite loop when a sub-object inside the ASF Header...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32256/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T19:01:54.250000
1 posts
🟠 CVE-2026-32729 - High (8.1)
Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials (...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32729/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T18:59:35.180000
1 posts
🟠 CVE-2026-2923 - High (7.8)
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2923/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T18:59:21.860000
1 posts
🟠 CVE-2026-2922 - High (7.8)
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T18:58:06.030000
1 posts
🟠 CVE-2026-3081 - High (7.8)
GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3081/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T18:57:37.060000
1 posts
🟠 CVE-2026-3084 - High (7.8)
GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3084/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T18:52:41.947000
1 posts
🟠 CVE-2026-30881 - High (8.8)
Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters date_start and date_end from $_REQUEST are embedded directly into a raw SQL string withou...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30881/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T18:30:38
4 posts
🟠 CVE-2026-4148 - High (8.8)
A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4148/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4148 - High (8.8)
A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4148/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4148 - High (8.8)
A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4148/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4148 - High (8.8)
A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4148/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T18:30:37
3 posts
⚠️ CVE-2026-32292: CRITICAL vuln in GL-iNet Comet KVM (CVSS 9.3) — web UI lacks brute-force protections. No patch yet. Restrict access, use strong creds, monitor logs! Details: https://radar.offseq.com/threat/cve-2026-32292-cwe-307-improper-restriction-of-exc-7d4b6f55 #OffSeq #Vulnerability #Cybersecurity #BruteForce
##⚠️ CVE-2026-32292: CRITICAL vuln in GL-iNet Comet KVM (CVSS 9.3) — web UI lacks brute-force protections. No patch yet. Restrict access, use strong creds, monitor logs! Details: https://radar.offseq.com/threat/cve-2026-32292-cwe-307-improper-restriction-of-exc-7d4b6f55 #OffSeq #Vulnerability #Cybersecurity #BruteForce
##🟠 CVE-2026-32292 - High (7.5)
The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32292/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T18:16:15.600000
1 posts
Security-only OpenSSL tarball releases for CVE-2026-2673 https://lobste.rs/s/g7mczo #practices #security
https://blog.surgut.co.uk/2026/03/security-only-openssl-tarball-releases.html
updated 2026-03-17T17:44:31.020000
1 posts
🚨 CRITICAL: CVE-2026-32267 in Craft CMS (4.x <4.17.6, 5.x <5.9.12) — incorrect auth allows privilege escalation to admin via shared URLs. Upgrade ASAP! Details: https://radar.offseq.com/threat/cve-2026-32267-cwe-863-incorrect-authorization-in--65bf3522 #OffSeq #CraftCMS #CVE202632267 #Vulnerability
##updated 2026-03-17T17:42:17.580000
2 posts
🟠 CVE-2026-28779 - High (7.5)
Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url.
This allows any application co-hosted under the same domain to capture valid Airfl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28779/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-28779 - High (7.5)
Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url.
This allows any application co-hosted under the same domain to capture valid Airfl...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28779/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T17:07:52
2 posts
1 repos
🟠 CVE-2026-31898 - High (8.1)
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsani...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31898/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31898 - High (8.1)
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsani...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31898/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T17:07:43
2 posts
🟠 CVE-2026-31891 - High (7.7)
Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-31891 - High (7.7)
Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment w...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-31891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T15:36:34
2 posts
🔴 CVE-2026-3564 - Critical (9)
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3564/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-3564 - Critical (9)
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3564/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T14:20:01.670000
2 posts
🟠 CVE-2026-0708 - High (8.3)
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0708/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-0708 - High (8.3)
A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language (UCL) input that contains a key with an embedded null byte. This can cause a segmentation fault (SEGV fault) in the ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0708/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T14:20:01.670000
2 posts
🚨 CRITICAL: CVE-2026-4254 in Tenda AC8 (fw ≤16.03.50.11) enables remote stack buffer overflow via /goform/SysToolChangePwd. Public exploit out — isolate & monitor! No patch yet. https://radar.offseq.com/threat/cve-2026-4254-stack-based-buffer-overflow-in-tenda-501e8b3e #OffSeq #CVE20264254 #RouterSecurity #Vuln
##🔴 CVE-2026-4254 - Critical (9.8)
A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local_2c causes stack-based b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4254/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T14:20:01.670000
2 posts
🟠 CVE-2025-69768 - High (7.5)
SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69768/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2025-69768 - High (7.5)
SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69768/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T14:20:01.670000
1 posts
🟠 CVE-2026-23862 - High (7.8)
Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerab...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23862/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T14:18:58.587000
2 posts
🟠 CVE-2026-3838 - High (8.8)
Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability.
The spec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3838/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-3838 - High (8.8)
Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability.
The spec...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3838/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-17T09:31:33
3 posts
🔴 CVE-2026-4312 - Critical (9.8)
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4312 - Critical (9.8)
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4312/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-4312 (CRITICAL, CVSS 9.3) in DrangSoft GCB/FCB Audit Software: missing auth allows remote admin account creation & full compromise. No patch yet — restrict API access, monitor closely. https://radar.offseq.com/threat/cve-2026-4312-cwe-306-missing-authentication-for-c-6cd3271e #OffSeq #Vulnerability #InfoSec
##updated 2026-03-17T03:30:22
2 posts
🟠 CVE-2026-2579 - High (7.5)
The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.4.3 due to insufficient escaping on the user supplied parame...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2579/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-2579 - High (7.5)
The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.4.3 due to insufficient escaping on the user supplied parame...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2579/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T22:01:36
1 posts
🟠 CVE-2026-32600 - High (8.2)
xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32600/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T22:01:06
1 posts
🟠 CVE-2026-32313 - High (8.2)
xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Prior to 3.1.5, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32313/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T21:54:00
2 posts
🔴 CVE-2026-27962 - Critical (9.1)
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass sign...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27962/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-27962 - Critical (9.1)
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass sign...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27962/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T21:35:35
1 posts
🟠 CVE-2025-69784 - High (8.8)
A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69784/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T21:34:38
2 posts
🔴 CVE-2025-69809 - Critical (9.8)
A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69809/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2025-69809 - Critical (9.8)
A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69809/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T21:34:38
1 posts
🔴 CVE-2025-69808 - Critical (9.1)
An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to access sensitive information and cause a Denial of Service (DoS) via supplying a crafted packet.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69808/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T20:33:27.493000
2 posts
🟠 New security advisory:
CVE-2026-32628 affects Mintplexlabs Anythingllm.
• Impact: Significant security breach potential
• Risk: Unauthorized access or data exposure
• Mitigation: Apply patches within 24-48 hours
Full breakdown:
https://www.yazoul.net/advisory/cve/cve-2026-32628-anythingllm-sql-injection-vulnerability-update-now
🟠 CVE-2026-32628 - High (8.8)
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the ag...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32628/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T18:32:15
2 posts
🚩 CRITICAL: CVE-2026-4252 impacts Tenda AC8 (16.03.50.11). IP-based auth in IPv6 Handler lets remote attackers bypass login. Exploit is public. Disable remote mgmt, restrict access, monitor traffic. Details: https://radar.offseq.com/threat/cve-2026-4252-reliance-on-ip-address-for-authentic-a9de4650 #OffSeq #CVE #RouterSecurity #Infosec
##🔴 CVE-2026-4252 - Critical (9.8)
A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4252/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T18:32:14
1 posts
🔴 CVE-2025-62319 - Critical (9.8)
Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the applica...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-62319/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T18:32:03
4 posts
New KEV addition by CISA:
CVE-2025-47813 (Wing FTP Server)
• Information disclosure flaw
• Actively exploited
• High remediation priority
KEV = real-world threat signal.
Follow @technadu for updates.
##🚨 [CISA-2026:0316] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0316)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2025-47813 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-47813)
- Name: Wing FTP Server Information Disclosure Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Wing FTP Server
- Product: Wing FTP Server
- Notes: https://www.wftpserver.com/serverhistory.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-47813
#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260316 #cisa20260316 #cve_2025_47813 #cve202547813
##CVE ID: CVE-2025-47813
Vendor: Wing FTP Server
Product: Wing FTP Server
Date Added: 2026-03-16
Notes: https://www.wftpserver.com/serverhistory.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-47813
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-47813
CISA has updated the KEV catalogue.
- CVE-2025-47813: Wing FTP Server Information Disclosure Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-47813 #CISA #infosec #vulnerability
##updated 2026-03-16T17:08:24
1 posts
1 repos
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
updated 2026-03-16T16:15:34
2 posts
🟠 CVE-2026-29112 - High (7.5)
DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the `ensureSize()` function in `@dicebear/converter` read the `width` and `height` attributes from the input SVG to determine the output canvas size for rasterizat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-29112 - High (7.5)
DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the `ensureSize()` function in `@dicebear/converter` read the `width` and `height` attributes from the input SVG to determine the output canvas size for rasterizat...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:59
2 posts
🔴 CVE-2026-4182 - Critical (9.8)
A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument key1/key2/key3/key4/pskValue causes stack-based ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4182/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CRITICAL: CVE-2026-4182 in D-Link DIR-816 (v1.10CNB05) — stack buffer overflow in /goform/form2Wl5RepeaterStep2.cgi enables remote code execution. No patch, public exploit exists. Replace or isolate devices now! https://radar.offseq.com/threat/cve-2026-4182-stack-based-buffer-overflow-in-d-lin-4b5e9537 #OffSeq #DLink #IoTSecurity
##updated 2026-03-16T15:30:58
2 posts
🟠 CVE-2026-4227 - High (8.8)
A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4227/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4227 - High (8.8)
A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. The impacted element is the function sub_44D844 of the file /goform/get_hidessid_cfg. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely....
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4227/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:58
2 posts
🟠 CVE-2026-4226 - High (8.8)
A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4226/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4226 - High (8.8)
A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affected element is the function sub_44E8D0 of the file /goform/get_virtual_cfg. Executing a manipulation can lead to stack-based buffer overflow. The attack may be performed from remo...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4226/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:58
1 posts
🟠 CVE-2026-4213 - High (8.8)
A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4213/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:58
1 posts
🟠 CVE-2026-4211 - High (8.8)
A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4211/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:58
1 posts
CVE-2026-4206: MEDIUM severity command injection in D-Link DNS-120 NAS (20260205). Remote, unauthenticated exploit possible — PoC public, patch ASAP or restrict access. Monitor for suspicious /cgi-bin/dsk_mgr.cgi activity. https://radar.offseq.com/threat/cve-2026-4206-command-injection-in-d-link-dns-120-65477eea #OffSeq #DLink #Vuln
##updated 2026-03-16T15:30:57
1 posts
🟠 CVE-2026-3083 - High (8.8)
GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3083/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:57
1 posts
🟠 CVE-2026-3558 - High (8.1)
Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3558/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:57
1 posts
🟠 CVE-2026-3556 - High (8.8)
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3556/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:57
1 posts
🟠 CVE-2026-3555 - High (8)
Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3555/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:57
1 posts
🟠 CVE-2026-3476 - High (7.8)
A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3476/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:57
4 posts
🔴 CVE-2026-4163 - Critical (9.8)
A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is pos...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4163/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: CVE-2026-4163 in Wavlink WL-WN579A3 (220323) enables remote unauthenticated command injection via /cgi-bin/wireless.cgi. Exploit is public — restrict remote admin, monitor logs, and patch ASAP. https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #Vuln #IoTSecurity
##🚨 CVE-2026-4163 (CRITICAL): Wavlink WL-WN579A3 routers (v220323) have a command injection bug in /cgi-bin/wireless.cgi. Public exploit code available — restrict remote mgmt, monitor logs, and patch ASAP. https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #CVE20264163 #infosec #routersecurity
##🚨 CRITICAL: CVE-2026-4163 in Wavlink WL-WN579A3 (220323) enables unauthenticated remote command injection via /cgi-bin/wireless.cgi. Exploit code is public — restrict remote admin & monitor traffic until patched! https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #CVE20264163 #Infosec
##updated 2026-03-16T15:30:57
1 posts
CVE-2026-4201 (MEDIUM, CVSS 6.9) in glowxq-oj allows remote, unauthenticated file uploads — risk of code execution. No patch, public exploit exists. Restrict upload access, validate files, monitor closely. https://radar.offseq.com/threat/cve-2026-4201-unrestricted-upload-in-glowxq-glowxq-224c8b75 #OffSeq #Vulnerability #CyberSecurity
##updated 2026-03-16T15:30:56
1 posts
🟠 CVE-2026-3085 - High (8.8)
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3085/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:56
1 posts
🟠 CVE-2026-3082 - High (7.8)
GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3082/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:56
4 posts
🔴 CVE-2026-4164 - Critical (9.8)
A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4164/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4164 - Critical (9.8)
A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is p...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4164/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚩 CVE-2026-4164 (CRITICAL): Wavlink WL-WN578W2 (221110) is vulnerable to remote command injection via POST to /cgi-bin/wireless.cgi. Public exploit is out. Restrict access, monitor logs, and upgrade ASAP. https://radar.offseq.com/threat/cve-2026-4164-command-injection-in-wavlink-wl-wn57-c028dcbd #OffSeq #CVE #RouterSecurity #IoTSecurity
##🚨 CVE-2026-4164 (CRITICAL, CVSS 9.3) in Wavlink WL-WN578W2 (v221110): Unauth'd command injection via /cgi-bin/wireless.cgi. Public exploit released. Patch ASAP or restrict access! https://radar.offseq.com/threat/cve-2026-4164-command-injection-in-wavlink-wl-wn57-c028dcbd #OffSeq #CVE #RouterSecurity #Infosec
##updated 2026-03-16T15:30:56
1 posts
🟠 CVE-2026-3560 - High (8.8)
Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Auth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3560/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:56
2 posts
🔴 CVE-2026-4170 - Critical (9.8)
A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmc_sync.php of the component HTTP Request Handler. Executing a manipulation of the argument ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4170/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CRITICAL: CVE-2026-4170 in Topsec TopACM 3.0 enables unauthenticated OS command injection via 'template_path' in /nmc_sync.php. No patch, public exploit out. Restrict access, deploy WAF/IDS, monitor logs urgently! https://radar.offseq.com/threat/cve-2026-4170-os-command-injection-in-topsec-topac-9e1efe11 #OffSeq #vuln #cybersecurity
##updated 2026-03-16T15:30:56
3 posts
🔴 CVE-2026-4183 - Critical (9.8)
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer ov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4183/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4183 - Critical (9.8)
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer ov...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4183/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔎 CVE-2026-4183 (CRITICAL, CVSS 9.3): D-Link DIR-816 (v1.10CNB05) stack buffer overflow via /goform/form2WlanBasicSetup.cgi. Exploit code public, no patch. Replace or isolate devices ASAP! https://radar.offseq.com/threat/cve-2026-4183-stack-based-buffer-overflow-in-d-lin-2982ced2 #OffSeq #CVE20264183 #IoTSecurity
##updated 2026-03-16T15:30:56
3 posts
🟠 CVE-2026-4167 - High (8.8)
A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4167/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ HIGH-severity: CVE-2026-4167 stack overflow in Belkin F9K1122 v1.00.33. Remote attackers can exploit /goform/formReboot — no patch, public exploit out. Restrict access, monitor for attack attempts. https://radar.offseq.com/threat/cve-2026-4167-stack-based-buffer-overflow-in-belki-ac4818a6 #OffSeq #CVE20264167 #IoTSecurity
##🚨 HIGH severity: CVE-2026-4167 in Belkin F9K1122 (1.00.33) enables remote code execution via stack buffer overflow — no auth needed, no patch. Isolate, restrict, and monitor now! https://radar.offseq.com/threat/cve-2026-4167-stack-based-buffer-overflow-in-belki-ac4818a6 #OffSeq #infosec #routersecurity #CVE20264167
##updated 2026-03-16T15:30:56
1 posts
🚩 HIGH severity: CVE-2026-4172 in TRENDnet TEW-632BRP (v1.010B32) — stack-based buffer overflow in /ping_response.cgi (ping_ipaddr). Public exploit, no patch. Isolate, restrict access, and monitor now! https://radar.offseq.com/threat/cve-2026-4172-stack-based-buffer-overflow-in-trend-df028a4c #OffSeq #Infosec #RouterVuln
##updated 2026-03-16T15:30:56
1 posts
🚨 CVE-2026-4169: MEDIUM XSS in Tecnick TCExam (v16.0 – 16.6.0). Admins can inject JavaScript via XML export. Patch by upgrading to 16.6.1, restrict admin access, and monitor logs. Details: https://radar.offseq.com/threat/cve-2026-4169-cross-site-scripting-in-tecnick-tcex-fd1ffac8 #OffSeq #XSS #Vulnerability #AppSec
##updated 2026-03-16T15:30:55
1 posts
🟠 CVE-2026-28520 - High (8.4)
arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28520/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:55
1 posts
🟠 CVE-2026-28519 - High (8.8)
arduino-TuyaOpen before version 1.2.1 contains a heap-based buffer overflow vulnerability in the DnsServer component. An attacker on the same local area network who controls the LAN DNS server can send malicious DNS responses to overflow the heap ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28519/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:55
1 posts
🟠 CVE-2026-2476 - High (7.6)
Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive configuration values which allows an attacker with access to support packets to obtain original plugin settings via exported configuration data. Mattermost Advisory ID: MMSA-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2476/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:55
1 posts
🟠 CVE-2026-2920 - High (7.8)
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2920/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:55
1 posts
🟠 CVE-2026-2921 - High (7.8)
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vul...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2921/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:55
1 posts
2 repos
🟠 CVE-2026-3086 - High (7.8)
GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3086/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:55
1 posts
🟠 CVE-2026-3557 - High (8)
Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Brid...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3557/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T15:30:55
1 posts
🔒 CVE-2026-31386 (HIGH): All LiteSpeed OpenLiteSpeed/LSWS Enterprise versions are vulnerable to OS command injection by admins. No exploits seen yet, but impact = full system compromise. Tighten admin controls & monitor! https://radar.offseq.com/threat/cve-2026-31386-improper-neutralization-of-special--9aa4ef0e #OffSeq #LiteSpeed #Infosec
##updated 2026-03-16T15:30:54
2 posts
🚨 CVE-2026-1947: HIGH severity in NEX-Forms – Ultimate Forms Plugin for WordPress (all versions ≤9.1.9). Unauthenticated attackers can overwrite form entries via IDOR. Disable plugin or restrict access ASAP! https://radar.offseq.com/threat/cve-2026-1947-cwe-639-authorization-bypass-through-412339ff #OffSeq #WordPress #Vuln #InfoSec
##🔥 CVE-2026-1947 (HIGH, CVSS 7.5): NEX-Forms – Ultimate Forms Plugin for WordPress allows unauthenticated IDOR, enabling arbitrary form entry overwrite. No patch released. Disable plugin or restrict access ASAP. Details: https://radar.offseq.com/threat/cve-2026-1947-cwe-639-authorization-bypass-through-412339ff #OffSeq #WordPress #Vuln
##updated 2026-03-16T14:54:11.293000
1 posts
🟠 CVE-2025-13777 - High (8.3)
Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13777/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:54:11.293000
1 posts
🟠 CVE-2026-0957 - High (7.8)
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an ...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0957/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:54:11.293000
1 posts
🟠 CVE-2026-0954 - High (7.8)
There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0954/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
1 posts
🟠 CVE-2026-2493 - High (7.5)
IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulne...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2493/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
1 posts
🟠 CVE-2026-32616 - High (8.2)
Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $_SERVER['HTTP_HOST'] without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host he...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32616/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
1 posts
🟠 CVE-2026-32614 - High (7.5)
Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32614/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
1 posts
🟠 CVE-2026-3559 - High (8.1)
Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not re...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3559/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
1 posts
🟠 CVE-2026-3561 - High (8)
Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although auth...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3561/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
2 posts
🔴 CVE-2026-4181 - Critical (9.8)
A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4181/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-4181 - Critical (9.8)
A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-b...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4181/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
3 posts
🟠 CVE-2026-4188 - High (8.8)
A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4188/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4188 - High (8.8)
A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffe...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4188/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##CVE-2026-4188: HIGH severity stack-based buffer overflow in D-Link DIR-619L (2.06B01). Allows remote, unauthenticated RCE. Device is unsupported — replace or strictly isolate! Exploit is public. More: https://radar.offseq.com/threat/cve-2026-4188-stack-based-buffer-overflow-in-d-lin-4643e6f2 #OffSeq #Vuln #DLink #InfoSec
##updated 2026-03-16T14:53:07.390000
2 posts
🔴 CVE-2026-4184 - Critical (9.8)
A vulnerability was detected in D-Link DIR-816 1.10CNB05. Affected by this vulnerability is an unknown functionality of the file /goform/form2Wl5BasicSetup.cgi of the component goahead. Performing a manipulation of the argument pskValue results in...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4184/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##⚠️ CRITICAL: D-Link DIR-816 (1.10CNB05) stack-based buffer overflow via pskValue in /goform/form2Wl5BasicSetup.cgi. Exploit is public, remote code execution possible. Device is EOL — isolate or replace! CVE-2026-4184 https://radar.offseq.com/threat/cve-2026-4184-stack-based-buffer-overflow-in-d-lin-8b4d54d9 #OffSeq #DLink #Vuln
##updated 2026-03-16T14:53:07.390000
2 posts
🟠 CVE-2026-4214 - High (8.8)
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 202602...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-4214 - High (8.8)
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 202602...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4214/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-16T14:53:07.390000
2 posts
🟠 CVE-2026-4212 - High (8.8)
A security vulnerability has been detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4212/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-4212 (HIGH, CVSS 8.7): D-Link DNS-120 NAS stack buffer overflow in /cgi-bin/download_mgr.cgi enables remote, unauthenticated compromise. Patch or restrict access now. https://radar.offseq.com/threat/cve-2026-4212-stack-based-buffer-overflow-in-d-lin-423aef88 #OffSeq #Vulnerability #DLink #BlueTeam
##updated 2026-03-16T14:53:07.390000
1 posts
🛡️ HIGH severity alert: CVE-2026-4255 in TR-VISION HOME (≤2.0.5) enables DLL hijacking; local attackers can escalate privileges via side-loading. Restrict write access & monitor for rogue DLLs. https://radar.offseq.com/threat/cve-2026-4255-cwe-829-inclusion-of-functionality-f-64ab002d #OffSeq #Infosec #CVE20264255 #Windows
##updated 2026-03-16T14:53:07.390000
1 posts
⚠️ MEDIUM severity: Tiandy Easy7 Integrated Management Platform 7.17.0 has a missing authentication bug (CVE-2026-4187) in Device Identifier Handler. Public exploit exists. No vendor fix yet — review exposure & restrict access. https://radar.offseq.com/threat/cve-2026-4187-missing-authentication-in-tiandy-eas-d0083b25 #OffSeq #Vuln #Tiandy #Cybersecurity
##updated 2026-03-16T14:18:27.230000
1 posts
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
updated 2026-03-13T22:00:01.403000
7 posts
⚪️ Google Fixes Two 0-Day Vulnerabilities in Chrome
🗨️ Google developers have released an emergency update for the Chrome browser that fixes two zero-day vulnerabilities, which were already being exploited in real-world attacks. “Google is aware that exploits exist for vulnerabilities CVE-2026-3909 and CVE-2026-3910,” according to the security bulletin…
##⚪️ Google Fixes Two 0-Day Vulnerabilities in Chrome
🗨️ Google developers have released an emergency update for the Chrome browser that fixes two zero-day vulnerabilities, which were already being exploited in real-world attacks. “Google is aware that exploits exist for vulnerabilities CVE-2026-3909 and CVE-2026-3910,” according to the security bulletin…
##Google posted this yesterday, addressing CVE-2026-3909 and CVE-2026-3910.
Long Term Support Channel Update for ChromeOS https://chromereleases.googleblog.com/ #Google #Chrome #infosec
##Google Reports Chrome Zero-Day Vulnerabilities Exploited in the Wild
Google reports two actively exploited zero-day vulnerabilities (CVE-2026-3909 and CVE-2026-3910). One is patched and for the other patch is coming in a future release.
**Another urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome. DONT DELAY! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/google-reports-chrome-zero-day-vulnerabilities-exploited-in-the-wild-u-9-s-o-5/gD2P6Ple2L
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
CISA still lists CVE-2026-3909 as a zero-day, even if Google removed it from its Chrome patch notes
So I presume it's still a zero-day, but patches are coming next week... instead of not being a zero-day in the first place
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html
##Trivalent 146.0.7680.80 released:
github.com/secureblue/T...
CVE-2026-3909 was originally marked by Google as fixed in the previous upstream release. They have since revised those release notes and released for a third time this week, this time actually containing the fix for CVE-2026-3909.
Release 146.0.7680.80-443379 ·...
updated 2026-03-13T21:32:49
1 posts
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
updated 2026-03-13T21:32:49
1 posts
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
updated 2026-03-13T21:32:01
5 posts
⚪️ Google Fixes Two 0-Day Vulnerabilities in Chrome
🗨️ Google developers have released an emergency update for the Chrome browser that fixes two zero-day vulnerabilities, which were already being exploited in real-world attacks. “Google is aware that exploits exist for vulnerabilities CVE-2026-3909 and CVE-2026-3910,” according to the security bulletin…
##⚪️ Google Fixes Two 0-Day Vulnerabilities in Chrome
🗨️ Google developers have released an emergency update for the Chrome browser that fixes two zero-day vulnerabilities, which were already being exploited in real-world attacks. “Google is aware that exploits exist for vulnerabilities CVE-2026-3909 and CVE-2026-3910,” according to the security bulletin…
##Google posted this yesterday, addressing CVE-2026-3909 and CVE-2026-3910.
Long Term Support Channel Update for ChromeOS https://chromereleases.googleblog.com/ #Google #Chrome #infosec
##Google Reports Chrome Zero-Day Vulnerabilities Exploited in the Wild
Google reports two actively exploited zero-day vulnerabilities (CVE-2026-3909 and CVE-2026-3910). One is patched and for the other patch is coming in a future release.
**Another urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome. DONT DELAY! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/google-reports-chrome-zero-day-vulnerabilities-exploited-in-the-wild-u-9-s-o-5/gD2P6Ple2L
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
updated 2026-03-13T21:31:58
1 posts
🟠 CVE-2026-22193 - High (8.1)
wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscrip...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-22193/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:57
1 posts
🟠 CVE-2026-0956 - High (7.8)
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0956/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:57
1 posts
🟠 CVE-2026-0955 - High (7.8)
There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an a...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0955/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:57
1 posts
🟠 CVE-2026-25817 - High (8.8)
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by atta...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25817/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T21:31:49
1 posts
🟠 CVE-2025-13779 - High (8.3)
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13779/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T20:51:15
1 posts
🔴 CVE-2026-32621 - Critical (9.9)
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.pr...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32621/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##updated 2026-03-13T16:47:45.940000
1 posts
LnkMeMaybe - A Review of CVE-2026-25185
#CVE_2026_25185
https://trustedsec.com/blog/lnkmemaybe-a-review-of-cve-2026-25185
updated 2026-03-12T21:35:01
1 posts
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
updated 2026-03-12T14:47:49
2 posts
Votre AdGuard Home est vulnérable à une compromission totale : CVE-2026-32136 https://www.it-connect.fr/votre-adguard-home-est-vulnerable-a-une-compromission-totale-cve-2026-32136/ #ActuCybersécurité #Cybersécurité #Vulnérabilité
##Votre AdGuard Home est vulnérable à une compromission totale : CVE-2026-32136 https://www.it-connect.fr/votre-adguard-home-est-vulnerable-a-une-compromission-totale-cve-2026-32136/ #ActuCybersécurité #Cybersécurité #Vulnérabilité
##updated 2026-03-11T15:32:59
1 posts
updated 2026-03-11T13:53:20.707000
1 posts
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
updated 2026-03-11T06:31:47
2 posts
3 repos
https://github.com/reschjonas/CVE-2026-24135
SQL Injection Vulnerability in Elementor Ally Plugin Affects Over 250,000 WordPress Websites #wordpress
A critical SQL injection vulnerability in the Elementor Ally plugin could affect over 250,000 WordPress sites. Upgrade to Ally 4.1.0 and update WordPress to 6.9.2 to mitigate CVE-2026-2413 and related risks. Learn more: https://ift.tt/VzNblEM
Source: https://ift.tt/VzNblEM | Image: https://ift.tt/ONFHV64
##📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
updated 2026-03-10T21:33:20
2 posts
Jail chroot escape via fd exchange with a different jail
CVE-2025-15576
"Note that in order to exploit this problem, an attacker requires control over processes in two jails which share a nullfs mount in which a unix socket can be installed."
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:04.jail.asc
##Jail chroot escape via fd exchange with a different jail
CVE-2025-15576
"Note that in order to exploit this problem, an attacker requires control over processes in two jails which share a nullfs mount in which a unix socket can be installed."
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:04.jail.asc
##updated 2026-03-09T15:30:47
1 posts
2 repos
📈 CVE Published in last 7 days (2026-03-09 - 2026-03-16)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs: 1301
Severity:
- Critical: 114
- High: 499
- Medium: 548
- Low: 44
- None: 96
Status:
- : 27
- Analyzed: 466
- Awaiting Analysis: 494
- Modified: 13
- Received: 245
- Rejected: 5
- Undergoing Analysis: 51
Top CNAs:
- GitHub, Inc.: 312
- Patchstack: 140
- VulDB: 88
- VulnCheck: 88
- Adobe Systems Incorporated: 85
- Microsoft Corporation: 78
- MITRE: 76
- Wordfence: 44
- Chrome: 31
- N/A: 27
Top Affected Products:
- UNKNOWN: 755
- Microsoft Windows 10 22h2: 42
- Microsoft Windows 10 21h2: 42
- Microsoft Windows Server 2022: 41
- Microsoft Windows 11 24h2: 40
- Microsoft Windows 11 23h2: 40
- Microsoft Windows 11 25h2: 40
- Microsoft Windows Server 2025: 39
- Microsoft Windows 11 26h1: 39
- Microsoft Windows Server 2019: 39
Top EPSS Score:
- CVE-2025-14558 - 39.97 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558)
- CVE-2026-3909 - 27.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3909)
- CVE-2026-3910 - 21.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-3910)
- CVE-2026-2413 - 11.89 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413)
- CVE-2026-26130 - 1.27 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26130)
- CVE-2026-4092 - 1.01 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4092)
- CVE-2026-26791 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26791)
- CVE-2026-26792 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26792)
- CVE-2026-26793 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26793)
- CVE-2026-26795 - 0.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26795)
updated 2026-03-04T21:25:22.193000
2 posts
New advisory from Cisco addressing critical February 25 vulnerabilities:
"There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory."
CVE-2026-20122; CVE-2026-20126; CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #vulnerability
##New advisory from Cisco addressing critical February 25 vulnerabilities:
"There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory."
CVE-2026-20122; CVE-2026-20126; CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-03-04T21:21:49.053000
2 posts
New advisory from Cisco addressing critical February 25 vulnerabilities:
"There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory."
CVE-2026-20122; CVE-2026-20126; CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #vulnerability
##New advisory from Cisco addressing critical February 25 vulnerabilities:
"There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory."
CVE-2026-20122; CVE-2026-20126; CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-03-04T21:13:56.113000
2 posts
New advisory from Cisco addressing critical February 25 vulnerabilities:
"There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory."
CVE-2026-20122; CVE-2026-20126; CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #vulnerability
##New advisory from Cisco addressing critical February 25 vulnerabilities:
"There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory."
CVE-2026-20122; CVE-2026-20126; CVE-2026-20128: Cisco Catalyst SD-WAN Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v @TalosSecurity #Cisco #infosec #vulnerability
##updated 2026-02-24T21:59:52.183000
1 posts
updated 2025-12-16T20:58:26.750000
4 posts
As usual, Wired is… not great 🙄
Regarding DarkSword, the latest objectively bad exploit affecting iOS and Safari, Google has a more in depth analysis, with a lot more informations on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
##@agreenberg more in depth analysis from Google.
It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
##As usual, Wired is… not great 🙄
Regarding DarkSword, the latest objectively bad exploit affecting iOS and Safari, Google has a more in depth analysis, with a lot more informations on the specific versions of iOS that are affected.
TL;DR It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
##@agreenberg more in depth analysis from Google.
It doesn’t seem to affect 18.7.3 at least (might also not work on 18.7.2 given that CVE-2025-43520, which DarkSword uses, has been patched in .2).
##updated 2025-12-02T16:45:54.357000
1 posts
Found a bypass in Wazuh's UNC path validation for Windows agents.
The existing mitigation (CVE-2025-30201) blocked standard UNC paths like \\server\share, but extended-length UNC paths using the \\?\UNC\ prefix slipped right through. This affects the OSQuery wodle's log_path and config_path fields.
Impact: An attacker who controls the centralized agent config can coerce domain-joined Windows agents into authenticating to an attacker-controlled SMB server, leaking the machine account's NetNTLMv2 hash. From there it's NTLM relay and potentially full Active Directory domain compromise.
Patched in Wazuh 4.14.3. CVSS 7.7 High.
Full writeup with technical details on my blog:
moltenbit.net/posts/wazuh-unc-mitigation-bypass-cve-2025-30201/
#infosec #bugbounty #wazuh #security #cybersecurity #vulnerabilityresearch
##updated 2025-10-22T00:34:26
1 posts
82 repos
https://github.com/y4ney/CVE-2025-32463-lab
https://github.com/behnamvanda/CVE-2025-32463
https://github.com/blackcat4347/CVE-2025-32463_PoC
https://github.com/aexdyhaxor/CVE-2025-32463
https://github.com/yonathanpy/CVE-2025-32462-CVE-2025-32463-PoC-Lab
https://github.com/0xAshwesker/CVE-2025-32463
https://github.com/hacieda/CVE-2025-32463
https://github.com/yeremeu/CVE-2025-32463_chwoot
https://github.com/toohau/CVE-2025-32462-32463-Detection-Script-
https://github.com/san8383/CVE-2025-32463
https://github.com/lowercasenumbers/CVE-2025-32463_sudo_chroot
https://github.com/r3dBust3r/CVE-2025-32463
https://github.com/0x3c4dfa1/CVE-2025-32463
https://github.com/aldoClau98/CVE-2025-32463
https://github.com/mirchr/CVE-2025-32463-sudo-chwoot
https://github.com/morgenm/sudo-chroot-CVE-2025-32463
https://github.com/ChetanKomal/sudo_exploit
https://github.com/Maalfer/Sudo-CVE-2021-3156
https://github.com/ashardev002/CVE-2025-32463_chwoot
https://github.com/ricardomaia/CVE-2025-32463
https://github.com/Ghstxz/CVE-2025-32463
https://github.com/ill-deed/CVE-2025-32463_illdeed
https://github.com/pr0v3rbs/CVE-2025-32463_chwoot
https://github.com/IC3-512/linux-root-kit
https://github.com/0p5cur/CVE-2025-32463-POC
https://github.com/lakshan-sameera/CVE-2025-32462-and-CVE-2025-32463---Critical-Sudo-Vulnerabilities
https://github.com/K3ysTr0K3R/CVE-2025-32463-EXPLOIT
https://github.com/KaiHT-Ladiant/CVE-2025-32463
https://github.com/robbert1978/CVE-2025-32463_POC
https://github.com/Mr-Alperen/CVE-2025-32463
https://github.com/zhaduchanhzz/CVE-2025-32463_POC
https://github.com/abrewer251/CVE-2025-32463_Sudo_PoC
https://github.com/harsh1verma/CVE-Analysis
https://github.com/ankitpandey383/CVE-2025-32463-Sudo-Privilege-Escalation
https://github.com/AdityaBhatt3010/Sudo-Privilege-Escalation-Linux-CVE-2025-32463-and-CVE-2025-32462
https://github.com/gmh5225/Blackash-CVE-2025-32463
https://github.com/justjoeyking/CVE-2025-32463
https://github.com/FreeDurok/CVE-2025-32463-PoC
https://github.com/vpr-labs/CVE-2025-32463
https://github.com/CIA911/sudo_patch_CVE-2025-32463
https://github.com/SysMancer/CVE-2025-32463
https://github.com/7r00t/cve-2025-32463-lab
https://github.com/MohamedKarrab/CVE-2025-32463
https://github.com/wvverez/CVE-2025-32463
https://github.com/MAAYTHM/CVE-2025-32462_32463-Lab
https://github.com/0xAkarii/CVE-2025-32463
https://github.com/pevinkumar10/CVE-2025-32463
https://github.com/AC8999/CVE-2025-32463
https://github.com/krypton-0x00/CVE-2025-32463-Chwoot-POC
https://github.com/khoazero123/CVE-2025-32463
https://github.com/dr4xp/sudo-chroot
https://github.com/12bijaya/CVE-2025-32463
https://github.com/robbin0919/CVE-2025-32463
https://github.com/0x00315732/musical-engine
https://github.com/Nowafen/CVE-2025-32463
https://github.com/Rajneeshkarya/CVE-2025-32463
https://github.com/cybertechajju/CVE-2025-32463
https://github.com/daryllundy/CVE-2025-32463
https://github.com/shazed-x/CVE-2025-32463
https://github.com/SpongeBob-369/cve-2025-32463
https://github.com/hackingyseguridad/root
https://github.com/Yuy0ung/CVE-2025-32463_chwoot
https://github.com/0xb0rn3/CVE-2025-32463-EXPLOIT
https://github.com/onniio/CVE-2025-32463
https://github.com/Mikivirus0/sudoinjection
https://github.com/K1tt3h/CVE-2025-32463-POC
https://github.com/cybershaolin47/CVE-2025-32463_POC
https://github.com/muhammedkayag/CVE-2025-32463
https://github.com/Floodnut/CVE-2025-32463
https://github.com/D3ltaFormation/CVE-2025-32463-Sudo-Chroot-Escape
https://github.com/Chocapikk/CVE-2025-32463-lab
https://github.com/mihnasdsad/CVE-2025-32463
https://github.com/zinzloun/CVE-2025-32463
https://github.com/NewComrade12211/CVE-2025-32463
https://github.com/neko205-mx/CVE-2025-32463_Exploit
https://github.com/danilo1992-sys/CVE-2025-32463
https://github.com/kh4sh3i/CVE-2025-32463
https://github.com/4f-kira/CVE-2025-32463
https://github.com/painoob/CVE-2025-32463
https://github.com/SpycioKon/CVE-2025-32463
Internal redteam, 8h, no tools except one exploit.
Result: VP account, full AD control. SOC: 0 alerts.
https://github.com/toxy4ny/semetsky---VP
Why it matters: PXE-boot Linux, unmonitored, unpatched since 2023.
CVE-2025-32463 → bash_history with plaintext creds → RDP hop →
custom AD delegation. All "legitimate" actions, no SOC triggers.
What's your "Yuri Semetsky" story? (obfuscated, of course)
##updated 2025-10-14T18:30:47
2 posts
1 repos
CVE-2025-59284: How reading a gnu manpage led to a Windows NetNTLM phishing exploit https://sec-fault.com/blog/cve-2025-59284/
##CVE-2025-59284: How reading a gnu manpage led to a Windows NetNTLM phishing exploit https://sec-fault.com/blog/cve-2025-59284/
##Schneider Electric Patches Critical RCE Vulnerability in SCADAPack RTUs
Schneider Electric disclosed a critical vulnerability (CVE-2026-0667) in its SCADAPack RTUs and RemoteConnect software that allows unauthenticated attackers to execute arbitrary code via Modbus TCP. The flaw poses a severe risk to critical infrastructure, potentially leading to full system takeover or denial of service.
**If you have SCADAPack x70 RTUs (47x, 47xi, or 57x series) or use RemoteConnect software, make sure all devices are isolated from the internet and accessible from trusted networks only. Then immediately update RemoteConnect to R3.4.2 and firmware to 9.12.2 on your 47x/47xi devices. If you can't patch right now, block unauthorized Modbus TCP access using the built-in firewall and disable the logic debug service.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/schneider-electric-patches-critical-rce-vulnerability-in-scadapack-rtus-b-7-l-u-g/gD2P6Ple2L
Schneider Electric Patches Critical RCE Vulnerability in SCADAPack RTUs
Schneider Electric disclosed a critical vulnerability (CVE-2026-0667) in its SCADAPack RTUs and RemoteConnect software that allows unauthenticated attackers to execute arbitrary code via Modbus TCP. The flaw poses a severe risk to critical infrastructure, potentially leading to full system takeover or denial of service.
**If you have SCADAPack x70 RTUs (47x, 47xi, or 57x series) or use RemoteConnect software, make sure all devices are isolated from the internet and accessible from trusted networks only. Then immediately update RemoteConnect to R3.4.2 and firmware to 9.12.2 on your 47x/47xi devices. If you can't patch right now, block unauthorized Modbus TCP access using the built-in firewall and disable the logic debug service.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/schneider-electric-patches-critical-rce-vulnerability-in-scadapack-rtus-b-7-l-u-g/gD2P6Ple2L
🟠 CVE-2026-24901 - High (8.1)
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownershi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24901/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24901 - High (8.1)
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownershi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24901/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24901 - High (8.1)
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownershi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24901/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24901 - High (8.1)
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownershi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24901/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24901 - High (8.1)
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownershi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24901/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-24901 - High (8.1)
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownershi...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-24901/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25770 - Critical (9.1)
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protoco...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25770/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-25769 - Critical (9.1)
Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using clu...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-25769/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🚨 CVE-2026-23489 (CRITICAL, CVSS 9.1): GLPI 'fields' plugin (<1.23.3) allows privileged users to execute arbitrary PHP code (RCE risk). Patch to 1.23.3+, review permissions, and monitor activity. https://radar.offseq.com/threat/cve-2026-23489-cwe-20-improper-input-validation-in-9483a14f #OffSeq #GLPI #CVE202623489 #infosec
##🔴 CVE-2026-23489 - Critical (9.1)
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3.
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-23489/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##Chamilo LMS < 1.11.34 has a CRITICAL SQL injection vuln (CVE-2026-28430, CVSS 9.3). Unauth attackers can hijack admin accounts & access PII. Upgrade to 1.11.34 ASAP. No public exploits yet. https://radar.offseq.com/threat/cve-2026-28430-cwe-89-improper-neutralization-of-s-36133b16 #OffSeq #SQLInjection #Chamilo #InfoSec
##🟠 CVE-2026-30875 - High (8.8)
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution (RCE). The H5P package validation...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30875/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32627 - High (8.7)
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and set_follow_location(true), any HTTPS redirect it follows will have TLS certificate and host...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32627/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🔴 CVE-2026-32626 - Critical (9.6)
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32626/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##🟠 CVE-2026-32708 - High (7.8)
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds. A remote Zenoh publisher can send an oversized fragmented message...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32708/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##This was a misconfiguration in Jellyfin's GitHub Actions. It has since been fixed. I'm kinda struggling to call this a "software vulnerability." Like...GitHub worked fine. The user (jellyfin) made insecure choices. This makes less sense than the rPi default credentials.
##An update of #gpg4win has been released: Version 5.0.2. See https://gpg4win.org
An update to this version is recommended due to the following security fixes:
- A security bug in GpgOL has been fixed which could result in no warning shown to the user when a signed mail contained a not signed attachment after a signed one. (T8110)
- The libpng component has been updated to version 1.6.55 to fix a security issue (CVE-2026-25646). This is only exploitable in our software if a mail is opened via Kleopatra.
##customer sent a CVE code claimed to be from tar… it’s CVE-2026-26969 and it does not even exist :cat_burning:
already having a meltdown from an insurance company with three letters because their scanner is caching old images for some reason and today I have to generate SBOM to prove (for the third time) that we fixed them :cat_fall:
#security #thisshitissoass
🔴 CVE-2026-32133 - Critical (9.1)
2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server t...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32133/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
##